[jira] [Updated] (CAMEL-23273) Camel-Jbang-mcp: Warn about sensitive data in POM content passed to migration tools

[Andrea Cosentino (Jira)]

     [ 
https://issues.apache.org/jira/browse/CAMEL-23273?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andrea Cosentino updated CAMEL-23273:
-------------------------------------
    Description: 
Several MCP tools (camel_migration_analyze, camel_dependency_check, 
camel_migration_wildfly_karaf) accept raw POM content as a string parameter. 
POM files may contain sensitive data such as repository credentials in <server> 
sections, property values with passwords/API keys/tokens, private repository 
URLs, and cloud service endpoints. The full POM text is stored in MCP message 
history, creating a risk of credential leakage.                                 
                                 
                  
Added a PomSanitizer utility that scans POM content for common credential 
patterns and automatically masks or strips sensitive sections before 
processing. Each affected tool now has an optional sanitizePom parameter 
(default: true) that controls this behavior.


  was:
  Several MCP tools (camel_migration_analyze, camel_dependency_check, 
camel_migration_wildfly_karaf) accept raw POM content as a string parameter. 
POM files may contain 
  sensitive data such as repository credentials in <server> sections, property 
values with passwords/API keys/tokens, private repository URLs, and cloud 
service
  endpoints. The full POM text is stored in MCP message history, creating a 
risk of credential leakage.                                                     
             
                  
  Added a PomSanitizer utility that scans POM content for common credential 
patterns and automatically masks or strips sensitive sections before 
processing. Each        
  affected tool now has an optional sanitizePom parameter (default: true) that 
controls this behavior.



> Camel-Jbang-mcp: Warn about sensitive data in POM content passed to migration 
> tools
> -----------------------------------------------------------------------------------
>
>                 Key: CAMEL-23273
>                 URL: https://issues.apache.org/jira/browse/CAMEL-23273
>             Project: Camel
>          Issue Type: Improvement
>            Reporter: Andrea Cosentino
>            Assignee: Andrea Cosentino
>            Priority: Major
>             Fix For: 4.19.0
>
>
> Several MCP tools (camel_migration_analyze, camel_dependency_check, 
> camel_migration_wildfly_karaf) accept raw POM content as a string parameter. 
> POM files may contain sensitive data such as repository credentials in 
> <server> sections, property values with passwords/API keys/tokens, private 
> repository URLs, and cloud service endpoints. The full POM text is stored in 
> MCP message history, creating a risk of credential leakage.                   
>                                                
>                   
> Added a PomSanitizer utility that scans POM content for common credential 
> patterns and automatically masks or strips sensitive sections before 
> processing. Each affected tool now has an optional sanitizePom parameter 
> (default: true) that controls this behavior.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)