Skip to content

Commit

Permalink
Update the logging properties to opt-out of the prefix events ESAPI#844
Browse files Browse the repository at this point in the history 
… sixt iteration
  • Loading branch information
@mickeyz07
mickeyz07 committed Jul 24, 2024
1 parent 9ca8473 commit c9d5b78
Show file tree
Hide file tree
Showing 8 changed files with 95 additions and 23 deletions.
7 changes: 7 additions & 0 deletions src/main/java/org/owasp/esapi/configuration/EsapiPropertyLoader.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,13 @@ public interface EsapiPropertyLoader {
*/
public Boolean getBooleanProp(String propertyName) throws ConfigurationException;

/**
* Get any Boolean type property from security configuration.
* If property does not exist in configuration or has incorrect type, defaultValue is returned
* @return property value.
*/
public Boolean getBooleanProp(String propertyName, Boolean defaultValue);

/**
* Get any property from security configuration. As every property can be returned as string, this method
* throws exception only when property does not exist.
Expand Down
16 changes: 16 additions & 0 deletions src/main/java/org/owasp/esapi/configuration/EsapiPropertyManager.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,22 @@ public Boolean getBooleanProp(String propertyName) throws ConfigurationException
throw new ConfigurationException("Could not find property " + propertyName + " in configuration");
}

/**
* {@inheritDoc}
*/
@Override
public Boolean getBooleanProp(String propertyName, Boolean defaultValue) {
for (AbstractPrioritizedPropertyLoader loader : loaders) {
try {
return loader.getBooleanProp(propertyName);
} catch (ConfigurationException e) {
return defaultValue;
}
}
return defaultValue;
}


/**
* {@inheritDoc}
*/
Expand Down
18 changes: 18 additions & 0 deletions src/main/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoader.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,24 @@ public Boolean getBooleanProp(String propertyName) throws ConfigurationException
}
}

/**
* {@inheritDoc}
*/
@Override
public Boolean getBooleanProp(String propertyName, Boolean defaultValue) {
String property = properties.getProperty(propertyName);
if (property == null) {
return defaultValue;
}
if (property.equalsIgnoreCase("true") || property.equalsIgnoreCase("yes")) {
return true;
}
if (property.equalsIgnoreCase("false") || property.equalsIgnoreCase("no")) {
return false;
}
return defaultValue;
}

/**
* {@inheritDoc}
*/
Expand Down
18 changes: 18 additions & 0 deletions src/main/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoader.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,24 @@ public Boolean getBooleanProp(String propertyName) throws ConfigurationException
}
}

/**
* {@inheritDoc}
*/
@Override
public Boolean getBooleanProp(String propertyName, Boolean defaultValue) {
String property = properties.getProperty(propertyName);
if (property == null) {
return defaultValue;
}
if (property.equalsIgnoreCase("true") || property.equalsIgnoreCase("yes")) {
return true;
}
if (property.equalsIgnoreCase("false") || property.equalsIgnoreCase("no")) {
return false;
}
return defaultValue;
}

/**
* {@inheritDoc}
*/
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@ public class JavaLogFactory implements LogFactory {
boolean logApplicationName = ESAPI.securityConfiguration().getBooleanProp(LOG_APPLICATION_NAME);
String appName = ESAPI.securityConfiguration().getStringProp(APPLICATION_NAME);
boolean logServerIp = ESAPI.securityConfiguration().getBooleanProp(LOG_SERVER_IP);
boolean logPrefix = ESAPI.securityConfiguration().getBooleanProp(LOG_PREFIX);
boolean logPrefix = ESAPI.securityConfiguration().getBooleanProp(LOG_PREFIX, true);
JAVA_LOG_APPENDER = createLogAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName, logPrefix);

Map<Integer, JavaLogLevelHandler> levelLookup = new HashMap<>();
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ public class Slf4JLogFactory implements LogFactory {
boolean logApplicationName = ESAPI.securityConfiguration().getBooleanProp(LOG_APPLICATION_NAME);
String appName = ESAPI.securityConfiguration().getStringProp(APPLICATION_NAME);
boolean logServerIp = ESAPI.securityConfiguration().getBooleanProp(LOG_SERVER_IP);
boolean logPrefix = ESAPI.securityConfiguration().getBooleanProp(LOG_PREFIX);
boolean logPrefix = ESAPI.securityConfiguration().getBooleanProp(LOG_PREFIX, true);
SLF4J_LOG_APPENDER = createLogAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName, logPrefix);

Map<Integer, Slf4JLogLevelHandler> levelLookup = new HashMap<>();
Expand Down
50 changes: 29 additions & 21 deletions src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1441,39 +1441,47 @@ public Boolean getBooleanProp(String propertyName) throws ConfigurationException
try {
return esapiPropertyManager.getBooleanProp(propertyName);
} catch (ConfigurationException ex) {

String property = properties.getProperty( propertyName );
String property = properties.getProperty(propertyName);
if ( property == null ) {
if (propertyName.startsWith("Logger.")) {
if (propertyName.equals("Logger.LogEncodingRequired")) {
return Boolean.FALSE;
}
else {
return Boolean.TRUE;
}
}
throw new ConfigurationException( "SecurityConfiguration for " + propertyName + " not found in ESAPI.properties");
}
if ( property.equalsIgnoreCase("true") || property.equalsIgnoreCase("yes" ) ) {
if ( property.equalsIgnoreCase("true") || property.equalsIgnoreCase("yes") ) {
return true;
}
if ( property.equalsIgnoreCase("false") || property.equalsIgnoreCase( "no" ) ) {
if ( property.equalsIgnoreCase("false") || property.equalsIgnoreCase("no") ) {
return false;
}

if (propertyName.startsWith("Logger.")) {
if (propertyName.equals("Logger.LogEncodingRequired")) {
return Boolean.FALSE;
}
else {
return Boolean.TRUE;
}
}
throw new ConfigurationException( "SecurityConfiguration for " + propertyName + " has incorrect " +
"type");
}
}

/**
* {@inheritDoc}
* Looks for property in three configuration files in following order:
* 1.) In file defined as org.owasp.esapi.opsteam system property
* 2.) In file defined as org.owasp.esapi.devteam system property
* 3.) In ESAPI.properties
*/
@Override
public Boolean getBooleanProp(String propertyName, Boolean defaultValue) {
try {
return esapiPropertyManager.getBooleanProp(propertyName);
} catch (ConfigurationException ex) {
String property = properties.getProperty(propertyName);
if ( property == null ) {
return defaultValue;
}
if ( property.equalsIgnoreCase("true") || property.equalsIgnoreCase("yes") ) {
return true;
}
if ( property.equalsIgnoreCase("false") || property.equalsIgnoreCase("no") ) {
return false;
}
return defaultValue;
}
}

/**
* {@inheritDoc}
* Looks for property in three configuration files in following order:
Expand Down
5 changes: 5 additions & 0 deletions src/test/java/org/owasp/esapi/SecurityConfigurationWrapper.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -558,6 +558,11 @@ public Boolean getBooleanProp(String propertyName) throws ConfigurationException
return wrapped.getBooleanProp(propertyName);
}

@Override
public Boolean getBooleanProp(String propertyName, Boolean defaultValue) {
return wrapped.getBooleanProp(propertyName, defaultValue);
}

@Override
public String getStringProp(String propertyName) throws ConfigurationException {
return wrapped.getStringProp(propertyName);
Expand Down

0 comments on commit c9d5b78

Please sign in to comment.