Investigate Component Allowlists/Blocklists

[orpiske]

Investigate Component Allowlists/Blocklists

Objective

Research and implement security mechanism to control which Camel components can be used in code execution, preventing potentially dangerous component usage.

Dependencies

• Investigate Endpoint/Route Allowlists/Blocklists #3 (similar security mechanism pattern)

Requirements

• Investigate Camel component security risks (exec, file system access, etc.)
• Design component allowlist/blocklist configuration
• Implement component filtering at appropriate lifecycle point
• Support component-level and granular permission rules
• Handle component dependency implications
• Prevent runtime component loading if blocked
• Document dangerous components and recommended restrictions
• Provide configuration examples for common scenarios

Affected Files/Modules

• /core/core-runtimes/core-runtime-camel/ (component filtering)
• /backend/router/src/main/java/ai/wanaku/router/bridge/CodeExecutionBridge.java (enforcement)
• Configuration files (component rules)

Notes

Component-level security is crucial. Examples of dangerous components: camel-exec (arbitrary command execution), camel-ssh, components with file system write access. Consider: (1) blocking at component registry level, (2) preventing ClassLoader from loading component classes, (3) validation during route building. May require Camel context customization.