CAMEL-23273 - Camel-Jbang-mcp: Warn about sensitive data in POM conte…

[oscerd]

…nt passed to migration tools

Add PomSanitizer utility to detect and mask sensitive data (passwords, tokens, API keys, secrets) in POM content before processing. Strips and sections. Add sanitizePom boolean parameter (default: true) to camel_migration_analyze, camel_dependency_check, and camel_migration_wildfly_karaf tools. Update tool descriptions with sanitization guidance. Add 21 tests covering detection, masking, placeholder preservation, and tool integration.

Description

Target

• I checked that the commit is targeting the correct branch (Camel 4 uses the main branch)

Tracking

• If this is a large change, bug fix, or code improvement, I checked there is a JIRA issue filed for the change (usually before you start working on it).

Apache Camel coding standards and style

• I checked that each commit in the pull request has a meaningful subject line and body.

• I have run mvn clean install -DskipTests locally from root folder and I have committed all auto-generated changes.

[github-actions]

🌟 Thank you for your contribution to the Apache Camel project! 🌟
🤖 CI automation will test this PR automatically.

🐫 Apache Camel Committers, please review the following items:

• First-time contributors require MANUAL approval for the GitHub Actions to run
• You can use the command /component-test (camel-)component-name1 (camel-)component-name2.. to request a test from the test bot although they are normally detected and executed by CI.
• You can label PRs using build-all, build-dependents, skip-tests and test-dependents to fine-tune the checks executed by this PR.
• Build and test logs are available in the summary page. Only Apache Camel committers have access to the summary.

⚠️ Be careful when sharing logs. Review their contents before sharing them publicly.

[github-actions]

🧪 CI tested the following changed modules:

• dsl/camel-jbang/camel-jbang-mcp

[gnodet]

Review Summary

Claude Code on behalf of Guillaume Nodet

Overview: This PR adds a PomSanitizer utility to detect and mask sensitive data (passwords, tokens, API keys) in POM content before processing by MCP migration tools. It adds a sanitizePom boolean parameter (default: true) to camel_migration_analyze, camel_dependency_check, and camel_migration_wildfly_karaf tools. Includes 21 unit tests for the sanitizer and 3 integration tests.

Verdict: Request changes

---

Blocking

1. Rebase needed against current main — This PR was branched before dba5a0f7194e (CAMEL-23270), which added @Tool.Annotations(readOnlyHint, destructiveHint, openWorldHint) to all MCP tools. The PR's versions of MigrationTools.java, DependencyCheckTools.java, and MigrationWildflyKarafTools.java do not include the annotations parameter on @Tool. Merging as-is will either cause conflicts or silently drop the annotations. Please rebase onto current main.

Major

2. Code duplication — The 13-line sanitization block is copy-pasted identically across all three tool methods:

   String processedPom = pomContent;
   List<String> sanitizationWarnings = new ArrayList<>();
   if (sanitizePom == null || sanitizePom) {
       PomSanitizer.SanitizationResult sr = PomSanitizer.sanitize(pomContent);
       processedPom = sr.pomContent();
       for (String pattern : sr.detectedPatterns()) {
           sanitizationWarnings.add("Sensitive data detected and masked: " + pattern);
       }
   }

   Consider extracting a helper into PomSanitizer, e.g.:

   record ProcessedPom(String content, List<String> warnings) {}
   static ProcessedPom process(String pomContent, Boolean sanitize) { ... }

   This keeps each tool method clean and ensures consistent behavior if the sanitization logic evolves.

3. Missing integration tests for MigrationTools and MigrationWildflyKarafTools — Sanitization was added to all three tools, but integration tests were only added to DependencyCheckToolsTest. The other two tool test classes should also verify that:

   • sanitization masks sensitive data and produces warnings
   • sanitizePom=false bypasses sanitization
   • analysis still works correctly after sanitization

Minor

4. <servers> is a settings.xml element, not a pom.xml element — The <servers> section belongs to Maven's settings.xml, not pom.xml. A valid POM should never contain <servers>. While stripping it as a safety net for accidental pastes is harmless, the Javadoc should clarify this (e.g., "Strips <servers> sections which belong to settings.xml and may be accidentally included").

Nit

5. wasSanitized field is computed but never consumed — SanitizationResult.wasSanitized() is only used in tests, never by the tool methods themselves (they check detectedPatterns instead). Consider removing it or documenting it's for testing/logging only.

6. Per-pattern warning messages are verbose — The loop prefixes each detected pattern with "Sensitive data detected and masked: ". A single summary warning (e.g., "Sensitive data detected and masked: db.password, api.token") would be more concise in the tool response.

---

Overall the approach is sound — POM sanitization is a sensible security measure for MCP tools that accept user-provided POM content. The PomSanitizer regex patterns are well-crafted and the property placeholder preservation (${...}) is a nice touch. The test coverage for the sanitizer itself is thorough. The main action items are rebasing onto current main and reducing the code duplication.