Skip to content

CAMEL-23891: camel-mail - filter Camel internal headers in MimeMultipartDataFormat unmarshal#24406

Merged
oscerd merged 1 commit into
apache:mainfrom
oscerd:fix/CAMEL-23891
Jul 3, 2026
Merged

CAMEL-23891: camel-mail - filter Camel internal headers in MimeMultipartDataFormat unmarshal#24406
oscerd merged 1 commit into
apache:mainfrom
oscerd:fix/CAMEL-23891

Conversation

@oscerd

@oscerd oscerd commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

This aligns MimeMultipartDataFormat unmarshalling (headersInline=true) with the camel-mail consumer: internal Camel headers (Camel*, matched case-insensitively) present in the external MIME headers are no longer copied verbatim onto the Camel message.

Background

Previously copyNonStandardHeaders() copied every MIME header (except Message-ID, MIME-Version, Content-Type) straight into the message header map with no HeaderFilterStrategy. This is inconsistent with:

  • the camel-mail consumer, which applies MailHeaderFilterStrategy (extends DefaultHeaderFilterStrategy) and filters the Camel* namespace case-insensitively on the inbound direction;
  • the data format's own marshal path, where inline headers are only copied when they match an explicit includeHeaders pattern.

Change

copyNonStandardHeaders() now delegates to DefaultHeaderFilterStrategy.applyFilterToExternalHeaders(...), so Camel* headers arriving in MIME content are filtered on the inbound path. Ordinary application headers (e.g. X-...) continue to pass through unchanged.

  • Added a unit test covering prefix + case-insensitive filtering and application-header passthrough.
  • Added a 4.22 upgrade-guide entry (potential behavior change).

JIRA: https://issues.apache.org/jira/browse/CAMEL-23891


🤖 Generated with Claude Code on behalf of Andrea Cosentino

…artDataFormat unmarshal

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Signed-off-by: Andrea Cosentino <ancosen@gmail.com>
@oscerd oscerd requested review from Croway and davsclaus July 3, 2026 12:18
@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

🌟 Thank you for your contribution to the Apache Camel project! 🌟
🤖 CI automation will test this PR automatically.

🐫 Apache Camel Committers, please review the following items:

  • First-time contributors require MANUAL approval for the GitHub Actions to run
  • You can use the command /component-test (camel-)component-name1 (camel-)component-name2.. to request a test from the test bot although they are normally detected and executed by CI.
  • You can label PRs using skip-tests and test-dependents to fine-tune the checks executed by this PR.
  • Build and test logs are available in the summary page. Only Apache Camel committers have access to the summary.

⚠️ Be careful when sharing logs. Review their contents before sharing them publicly.

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

🧪 CI tested the following changed modules:

  • components/camel-mail
  • docs

🔬 Scalpel shadow comparison — Scalpel: 11 tested, 28 compile-only — current: 10 all tested

Maveniverse Scalpel detected 39 affected modules (current approach: 10).

⚠️ Modules only in Scalpel (29)
  • apache-camel
  • camel-allcomponents
  • camel-catalog
  • camel-catalog-console
  • camel-catalog-lucene
  • camel-catalog-maven
  • camel-catalog-suggest
  • camel-componentdsl
  • camel-csimple-maven-plugin
  • camel-endpointdsl
  • camel-endpointdsl-support
  • camel-itest
  • camel-jbang-core
  • camel-jbang-it
  • camel-jbang-main
  • camel-jbang-plugin-edit
  • camel-jbang-plugin-generate
  • camel-jbang-plugin-kubernetes
  • camel-jbang-plugin-test
  • camel-kamelet-main
  • camel-launcher
  • camel-report-maven-plugin
  • camel-route-parser
  • camel-yaml-dsl
  • camel-yaml-dsl-deserializers
  • camel-yaml-dsl-maven-plugin
  • coverage
  • docs
  • dummy-component

Skip-tests mode would test 11 modules (2 direct + 9 downstream), skip tests for 28 (generated code, meta-modules)

Modules Scalpel would test (11)
  • camel-jbang-mcp
  • camel-jbang-plugin-mcp
  • camel-jbang-plugin-route-parser
  • camel-jbang-plugin-tui
  • camel-jbang-plugin-validate
  • camel-launcher-container
  • camel-mail
  • camel-mail-microsoft-oauth
  • camel-yaml-dsl-validator
  • camel-yaml-dsl-validator-maven-plugin
  • docs
Modules with tests skipped (28)
  • apache-camel
  • camel-allcomponents
  • camel-catalog
  • camel-catalog-console
  • camel-catalog-lucene
  • camel-catalog-maven
  • camel-catalog-suggest
  • camel-componentdsl
  • camel-csimple-maven-plugin
  • camel-endpointdsl
  • camel-endpointdsl-support
  • camel-itest
  • camel-jbang-core
  • camel-jbang-it
  • camel-jbang-main
  • camel-jbang-plugin-edit
  • camel-jbang-plugin-generate
  • camel-jbang-plugin-kubernetes
  • camel-jbang-plugin-test
  • camel-kamelet-main
  • camel-launcher
  • camel-report-maven-plugin
  • camel-route-parser
  • camel-yaml-dsl
  • camel-yaml-dsl-deserializers
  • camel-yaml-dsl-maven-plugin
  • coverage
  • dummy-component

ℹ️ Shadow mode — Scalpel observes but does not affect test execution. Learn more

All tested modules (39 modules)
  • Camel :: All Components Sync point
  • Camel :: Assembly
  • Camel :: Catalog :: CSimple Maven Plugin (deprecated)
  • Camel :: Catalog :: Camel Catalog
  • Camel :: Catalog :: Camel Report Maven Plugin
  • Camel :: Catalog :: Camel Route Parser
  • Camel :: Catalog :: Console
  • Camel :: Catalog :: Dummy Component
  • Camel :: Catalog :: Lucene (deprecated)
  • Camel :: Catalog :: Maven
  • Camel :: Catalog :: Suggest
  • Camel :: Component DSL
  • Camel :: Coverage
  • Camel :: Docs
  • Camel :: Endpoint DSL
  • Camel :: Endpoint DSL :: Support
  • Camel :: Integration Tests
  • Camel :: JBang :: Core
  • Camel :: JBang :: Integration tests
  • Camel :: JBang :: MCP
  • Camel :: JBang :: Main
  • Camel :: JBang :: Plugin :: Edit
  • Camel :: JBang :: Plugin :: Generate
  • Camel :: JBang :: Plugin :: Kubernetes
  • Camel :: JBang :: Plugin :: MCP
  • Camel :: JBang :: Plugin :: Route Parser
  • Camel :: JBang :: Plugin :: TUI
  • Camel :: JBang :: Plugin :: Testing
  • Camel :: JBang :: Plugin :: Validate
  • Camel :: Kamelet Main
  • Camel :: Launcher
  • Camel :: Launcher :: Container
  • Camel :: Mail
  • Camel :: Mail :: Microsoft OAuth
  • Camel :: YAML DSL
  • Camel :: YAML DSL :: Deserializers
  • Camel :: YAML DSL :: Maven Plugins
  • Camel :: YAML DSL :: Validator
  • Camel :: YAML DSL :: Validator Maven Plugin

⚙️ View full build and test results

@davsclaus davsclaus left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

APPROVE — Clean, well-scoped security-hardening change.

MimeMultipartDataFormat.copyNonStandardHeaders() previously copied every non-standard MIME header onto the Camel message with no filtering, allowing Camel* headers from external MIME content to be injected into the exchange. The fix adds a DefaultHeaderFilterStrategy on the inbound path, filtering Camel*/camel* prefixes case-insensitively — consistent with the mail consumer's own inbound filtering.

Verified:

  • DefaultHeaderFilterStrategy with defaults correctly catches all case variants (CamelFoo, camelBar, CAMELBaz) via inFilterStartsWith + lowerCase=true
  • Using DefaultHeaderFilterStrategy (not MailHeaderFilterStrategy) is correct — the data format operates on MIME content generically, not JavaMail sessions
  • Test covers prefix matching, case-insensitivity, and normal header passthrough
  • Upgrade guide entry documents the behavior change with a clear workaround
  • Branch naming, commit format, JIRA linkage, AI attribution all follow project conventions

This review was generated by an AI agent and may contain inaccuracies. Please verify all suggestions before applying.

@gnodet gnodet left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Clean, well-scoped security hardening. Verified independently — agreed with the existing review.

Analysis:

  1. Correct strategy choice — Using DefaultHeaderFilterStrategy (not MailHeaderFilterStrategy) is appropriate. The data format operates on generic MIME content independent of the mail component. MailHeaderFilterStrategy additionally filters mail.smtp.* / mail.smtps.* prefixes which are specific to the mail consumer's JavaMail session properties (CAMEL-23522) and don't apply to the data format.

  2. Case-insensitive filtering works correctly — Traced through DefaultHeaderFilterStrategy.doFiltering(): the inFilterStartsWith defaults to { "Camel", "camel" } and with lowerCase=true (default), all case variants are caught. For CAMELBaz: first tryHeaderMatch("CAMELBaz", {"Camel", "camel"}) → false, then lower = "camelbaz"tryHeaderMatch("camelbaz", {"Camel", "camel"}) → true (matches "camel" prefix). Confirmed by the test's assertNull on all three case variants.

  3. Scope is correct — Only the headersInline=true unmarshal path (unmarshalWithInlineHeaderscopyNonStandardHeaders) is affected. The unmarshalWithExternalHeaders path doesn't call copyNonStandardHeaders.

  4. Thread safetyDefaultHeaderFilterStrategy is effectively immutable after construction (default configuration, no mutations). The private final field is safe for concurrent access.

  5. Upgrade guide — Accurate, clear workaround documented.

This is consistent with the security model in CLAUDE.md: external message senders are untrusted, and Camel* headers from untrusted sources should be filtered to prevent header-injection attacks (the same class as CVE-2025-27636).

This review does not replace specialized AI review tools (CodeRabbit, Sourcery) or static analysis (SonarCloud).

This review was generated by an AI agent and may contain inaccuracies. Please verify all suggestions before applying.

Claude Code on behalf of Jiri Ondrusek

@oscerd oscerd merged commit ca74898 into apache:main Jul 3, 2026
6 checks passed
@oscerd oscerd deleted the fix/CAMEL-23891 branch July 3, 2026 13:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants