Skip to content

CAMEL-23594: Fix property resolution issues in kamelet endpoint URIs #23391

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
cunningt wants to merge 1 commit into
base: main
Choose a base branch
from
+15 −1
Open

CAMEL-23594: Fix property resolution issues in kamelet endpoint URIs #23391

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions ...ents/camel-kamelet/src/main/java/org/apache/camel/component/kamelet/KameletComponent.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,8 @@
*/
package org.apache.camel.component.kamelet;

import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
Expand Down Expand Up @@ -132,6 +134,18 @@ protected Endpoint createEndpoint(String uri, String remaining, Map<String, Obje
parameters.remove(PARAM_LOCATION);
parameters.remove(PARAM_UUID);

// URL-decode non-RAW parameter values. The YAML DSL URL-encodes property values
// when building query strings (via URISupport.createQueryString), but useRawUri=true
// prevents automatic decoding during URI parsing. Decode here so values like
// "application/json" are not left as "application%2Fjson".
for (Map.Entry<String, Object> entry : parameters.entrySet()) {
if (entry.getValue() instanceof String s
&& !s.startsWith(URISupport.RAW_TOKEN_PREFIX + "(")
&& !s.startsWith(URISupport.RAW_TOKEN_PREFIX + "{")) {
entry.setValue(URLDecoder.decode(s, StandardCharsets.UTF_8));
Copy link
Copy Markdown
Contributor

@davsclaus davsclaus May 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

createEndpoint() is called from all DSLs (Java, XML, YAML), not just YAML. If a value arrives without URL-encoding (e.g., from Java DSL to("kamelet:foo?contentType=application/json")), URLDecoder.decode() will still process it. While application/json survives decoding, a value containing % (like 100%done) would be corrupted or throw an IllegalArgumentException.

Consider either:

  • Fixing the encoding at the source (the YAML DSL's URISupport.createQueryString() call) so values aren't double-encoded
  • Or guarding this decode with a check that the value actually contains URL-encoded sequences (e.g., %xx patterns)

Copy link
Copy Markdown
Contributor

@gnodet gnodet May 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

URLDecoder.decode() will throw IllegalArgumentException on values containing bare % characters (e.g., 100%complete or [a-z]%[0-9]). This createEndpoint() method is called from all DSLs, not just YAML, so non-encoded values will reach here.

Consider either:

  1. Fix at the source: use createQueryString(params, false) in YamlRoutesBuilderLoader for kamelet URIs (like KameletDeserializer and YamlSupport already do with encode=false). This would be consistent with the CAMEL-23284 approach.
  2. Or guard the decode: at minimum wrap in try/catch IllegalArgumentException and fall back to the original value.
Suggested change
entry.setValue(URLDecoder.decode(s, StandardCharsets.UTF_8));
for (Map.Entry<String, Object> entry : parameters.entrySet()) {
if (entry.getValue() instanceof String s
&& !s.startsWith(URISupport.RAW_TOKEN_PREFIX + "(")
&& !s.startsWith(URISupport.RAW_TOKEN_PREFIX + "{")) {
try {
entry.setValue(URLDecoder.decode(s, StandardCharsets.UTF_8));
} catch (IllegalArgumentException e) {
// value contains bare % not part of URL encoding, leave as-is
}
}
}

Though option 1 (fixing the encoding at the YAML DSL source) would be the cleanest solution.

Claude Code on behalf of Guillaume Nodet

}
}

// manually need to resolve raw parameters as input to the kamelet because
// resolveRawParameterValues is false
// this ensures that parameters such as passwords are used as-is and not encoded
Expand Down
2 changes: 1 addition & 1 deletion ...mel-base/src/main/java/org/apache/camel/component/properties/DefaultPropertiesParser.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -514,7 +514,7 @@ private String doGetPropertyValue(String key, String defaultValue) {
if (answer == null) {
answer = value;
}
return answer;
return answer != null ? answer.trim() : null;
Copy link
Copy Markdown
Contributor

@davsclaus davsclaus May 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This .trim() applies to every property resolution across the entire framework, not just YAML/kamelet scenarios. Property values that legitimately contain leading/trailing whitespace (passwords with trailing spaces, PEM data, regex patterns) would be silently corrupted.

The root cause is YAML literal block scalars (|) preserving trailing newlines. This should be fixed at the YAML parsing layer where the newline is introduced, not in the global properties parser.

Consider removing this change and instead trimming at the YAML DSL level where property values are extracted from block scalars.

Copy link
Copy Markdown
Contributor

@gnodet gnodet May 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This .trim() applies to every property resolution across the entire Camel framework -- system properties, environment variables, .properties files, Spring Boot config, etc. Property values that legitimately contain trailing whitespace (passwords, PEM data, regex, template strings) would be silently corrupted.

The root cause is YAML literal block scalars (|) preserving trailing newlines. Please fix this at the YAML parsing layer where property values are extracted, not in the global properties parser.

Suggest removing this change entirely.

Claude Code on behalf of Guillaume Nodet

}
}

Expand Down