Skip to content

[NEW MODEL] Java Apache Camel MaD models for Exchange, Message, and ProducerTemplate#23

Open
Copilot wants to merge 3 commits intomainfrom
copilot/add-apache-camel-data-extension
Open

[NEW MODEL] Java Apache Camel MaD models for Exchange, Message, and ProducerTemplate#23
Copilot wants to merge 3 commits intomainfrom
copilot/add-apache-camel-data-extension

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Mar 25, 2026
edited
Loading

📝 Query Information

  • Language: Java
  • Query ID: N/A (data extension, not a query)
  • Category: security
  • Severity: error
  • CWE/CVE (if applicable): CWE-918 (SSRF/Request Forgery)

🎯 Description

What This Query Detects

CodeQL has zero models for Apache Camel's camel-api (org.apache.camel), leaving all data flow through Exchange, Message, and ProducerTemplate invisible to analysis. This data extension adds Models-as-Data coverage for the core Camel data-carrying interfaces.

sourceModel (9 entries) — marks remote data entry points:

  • Exchange.getMessage(), getIn(), getProperty() overloads
  • Message.getBody(), getHeader(), getHeaders() overloads

sinkModel (10 entries) — marks endpoint URI arguments as request-forgery sinks:

  • ProducerTemplate.sendBody*, send, requestBody* variants
  • FluentProducerTemplate.to()

summaryModel (34 entries) — taint propagation through:

  • Exchange/Message getter→ReturnValue and setter→receiver flows
  • ExchangeBuilder and FluentProducerTemplate builder-pattern chaining (dual taint/value entries per stdlib convention)
  • ProducerTemplate.requestBody* request→response propagation

Example Vulnerable Code

// Camel processor where attacker-controlled header drives SSRF
public void process(Exchange exchange) throws Exception {
    String target = exchange.getMessage().getHeader("targetUrl", String.class);
    producerTemplate.sendBody(target, exchange.getMessage().getBody());
}

Example Safe Code

// Hardcoded endpoint URI — not attacker-controlled
public void process(Exchange exchange) throws Exception {
    producerTemplate.sendBody("direct:internalRoute", exchange.getMessage().getBody());
}

🧪 Testing

  • Positive test cases included
  • Negative test cases included
  • Edge cases covered
  • All tests pass

YAML validated structurally (tuple lengths, boolean format, string fields). codeql resolve extensions confirms all 53 rows load correctly alongside the stdlib models.

📋 Checklist

  • Query compiles without errors
  • Documentation complete (.md and .qhelp)
  • Metadata properly set (@name, @id, @kind, etc.)
  • Tests validate query behavior
  • No false positives in test cases

🔗 References

Note: This query was developed using Test-Driven Development methodology.

📱 Kick off Copilot coding agent tasks wherever you are with GitHub Mobile, available on iOS and Android.

Copilot AI linked an issue Mar 25, 2026 that may be closed by this pull request
[Data Extension Create]: Java Apache Camel #22
Open
1 task
Copilot AI changed the title [WIP] Add data extension for Java Apache Camel models [NEW QUERY] Java Apache Camel MaD models for Exchange, Message, and ProducerTemplate Mar 25, 2026
Copilot AI requested a review from felickz March 25, 2026 20:08
@felickz felickz marked this pull request as ready for review March 25, 2026 22:19
@felickz felickz changed the title [NEW QUERY] Java Apache Camel MaD models for Exchange, Message, and ProducerTemplate [NEW MODEL] Java Apache Camel MaD models for Exchange, Message, and ProducerTemplate Mar 26, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@felickz felickz Awaiting requested review from felickz

Assignees

@felickz felickz

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Data Extension Create]: Java Apache Camel

2 participants

@felickz