From c9d5b7826fe18ab24379b848aa993898952502d0 Mon Sep 17 00:00:00 2001 From: mickeyz07 Date: Wed, 24 Jul 2024 10:33:16 +0100 Subject: [PATCH] Update the logging properties to opt-out of the prefix events #844 sixt iteration --- .../configuration/EsapiPropertyLoader.java | 7 +++ .../configuration/EsapiPropertyManager.java | 16 ++++++ .../StandardEsapiPropertyLoader.java | 18 +++++++ .../configuration/XmlEsapiPropertyLoader.java | 18 +++++++ .../esapi/logging/java/JavaLogFactory.java | 2 +- .../esapi/logging/slf4j/Slf4JLogFactory.java | 2 +- .../DefaultSecurityConfiguration.java | 50 +++++++++++-------- .../esapi/SecurityConfigurationWrapper.java | 5 ++ 8 files changed, 95 insertions(+), 23 deletions(-) diff --git a/src/main/java/org/owasp/esapi/configuration/EsapiPropertyLoader.java b/src/main/java/org/owasp/esapi/configuration/EsapiPropertyLoader.java index 7709483bf..2ddd16590 100644 --- a/src/main/java/org/owasp/esapi/configuration/EsapiPropertyLoader.java +++ b/src/main/java/org/owasp/esapi/configuration/EsapiPropertyLoader.java @@ -33,6 +33,13 @@ public interface EsapiPropertyLoader { */ public Boolean getBooleanProp(String propertyName) throws ConfigurationException; + /** + * Get any Boolean type property from security configuration. + * If property does not exist in configuration or has incorrect type, defaultValue is returned + * @return property value. + */ + public Boolean getBooleanProp(String propertyName, Boolean defaultValue); + /** * Get any property from security configuration. As every property can be returned as string, this method * throws exception only when property does not exist. diff --git a/src/main/java/org/owasp/esapi/configuration/EsapiPropertyManager.java b/src/main/java/org/owasp/esapi/configuration/EsapiPropertyManager.java index 94b5e4d5a..999309500 100644 --- a/src/main/java/org/owasp/esapi/configuration/EsapiPropertyManager.java +++ b/src/main/java/org/owasp/esapi/configuration/EsapiPropertyManager.java @@ -76,6 +76,22 @@ public Boolean getBooleanProp(String propertyName) throws ConfigurationException throw new ConfigurationException("Could not find property " + propertyName + " in configuration"); } + /** + * {@inheritDoc} + */ + @Override + public Boolean getBooleanProp(String propertyName, Boolean defaultValue) { + for (AbstractPrioritizedPropertyLoader loader : loaders) { + try { + return loader.getBooleanProp(propertyName); + } catch (ConfigurationException e) { + return defaultValue; + } + } + return defaultValue; + } + + /** * {@inheritDoc} */ diff --git a/src/main/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoader.java b/src/main/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoader.java index fe50e02d7..199355829 100644 --- a/src/main/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoader.java +++ b/src/main/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoader.java @@ -70,6 +70,24 @@ public Boolean getBooleanProp(String propertyName) throws ConfigurationException } } + /** + * {@inheritDoc} + */ + @Override + public Boolean getBooleanProp(String propertyName, Boolean defaultValue) { + String property = properties.getProperty(propertyName); + if (property == null) { + return defaultValue; + } + if (property.equalsIgnoreCase("true") || property.equalsIgnoreCase("yes")) { + return true; + } + if (property.equalsIgnoreCase("false") || property.equalsIgnoreCase("no")) { + return false; + } + return defaultValue; + } + /** * {@inheritDoc} */ diff --git a/src/main/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoader.java b/src/main/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoader.java index 3b3dc8ebc..55e5f85c7 100644 --- a/src/main/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoader.java +++ b/src/main/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoader.java @@ -86,6 +86,24 @@ public Boolean getBooleanProp(String propertyName) throws ConfigurationException } } + /** + * {@inheritDoc} + */ + @Override + public Boolean getBooleanProp(String propertyName, Boolean defaultValue) { + String property = properties.getProperty(propertyName); + if (property == null) { + return defaultValue; + } + if (property.equalsIgnoreCase("true") || property.equalsIgnoreCase("yes")) { + return true; + } + if (property.equalsIgnoreCase("false") || property.equalsIgnoreCase("no")) { + return false; + } + return defaultValue; + } + /** * {@inheritDoc} */ diff --git a/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java b/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java index a101defdc..2e246e519 100644 --- a/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java +++ b/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java @@ -80,7 +80,7 @@ public class JavaLogFactory implements LogFactory { boolean logApplicationName = ESAPI.securityConfiguration().getBooleanProp(LOG_APPLICATION_NAME); String appName = ESAPI.securityConfiguration().getStringProp(APPLICATION_NAME); boolean logServerIp = ESAPI.securityConfiguration().getBooleanProp(LOG_SERVER_IP); - boolean logPrefix = ESAPI.securityConfiguration().getBooleanProp(LOG_PREFIX); + boolean logPrefix = ESAPI.securityConfiguration().getBooleanProp(LOG_PREFIX, true); JAVA_LOG_APPENDER = createLogAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName, logPrefix); Map levelLookup = new HashMap<>(); diff --git a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java index 326f8b32d..9387dc99e 100644 --- a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java +++ b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java @@ -70,7 +70,7 @@ public class Slf4JLogFactory implements LogFactory { boolean logApplicationName = ESAPI.securityConfiguration().getBooleanProp(LOG_APPLICATION_NAME); String appName = ESAPI.securityConfiguration().getStringProp(APPLICATION_NAME); boolean logServerIp = ESAPI.securityConfiguration().getBooleanProp(LOG_SERVER_IP); - boolean logPrefix = ESAPI.securityConfiguration().getBooleanProp(LOG_PREFIX); + boolean logPrefix = ESAPI.securityConfiguration().getBooleanProp(LOG_PREFIX, true); SLF4J_LOG_APPENDER = createLogAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName, logPrefix); Map levelLookup = new HashMap<>(); diff --git a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java index e3926eaab..400be5457 100644 --- a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java +++ b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java @@ -1441,39 +1441,47 @@ public Boolean getBooleanProp(String propertyName) throws ConfigurationException try { return esapiPropertyManager.getBooleanProp(propertyName); } catch (ConfigurationException ex) { - - String property = properties.getProperty( propertyName ); + String property = properties.getProperty(propertyName); if ( property == null ) { - if (propertyName.startsWith("Logger.")) { - if (propertyName.equals("Logger.LogEncodingRequired")) { - return Boolean.FALSE; - } - else { - return Boolean.TRUE; - } - } throw new ConfigurationException( "SecurityConfiguration for " + propertyName + " not found in ESAPI.properties"); } - if ( property.equalsIgnoreCase("true") || property.equalsIgnoreCase("yes" ) ) { + if ( property.equalsIgnoreCase("true") || property.equalsIgnoreCase("yes") ) { return true; } - if ( property.equalsIgnoreCase("false") || property.equalsIgnoreCase( "no" ) ) { + if ( property.equalsIgnoreCase("false") || property.equalsIgnoreCase("no") ) { return false; } - - if (propertyName.startsWith("Logger.")) { - if (propertyName.equals("Logger.LogEncodingRequired")) { - return Boolean.FALSE; - } - else { - return Boolean.TRUE; - } - } throw new ConfigurationException( "SecurityConfiguration for " + propertyName + " has incorrect " + "type"); } } + /** + * {@inheritDoc} + * Looks for property in three configuration files in following order: + * 1.) In file defined as org.owasp.esapi.opsteam system property + * 2.) In file defined as org.owasp.esapi.devteam system property + * 3.) In ESAPI.properties + */ + @Override + public Boolean getBooleanProp(String propertyName, Boolean defaultValue) { + try { + return esapiPropertyManager.getBooleanProp(propertyName); + } catch (ConfigurationException ex) { + String property = properties.getProperty(propertyName); + if ( property == null ) { + return defaultValue; + } + if ( property.equalsIgnoreCase("true") || property.equalsIgnoreCase("yes") ) { + return true; + } + if ( property.equalsIgnoreCase("false") || property.equalsIgnoreCase("no") ) { + return false; + } + return defaultValue; + } + } + /** * {@inheritDoc} * Looks for property in three configuration files in following order: diff --git a/src/test/java/org/owasp/esapi/SecurityConfigurationWrapper.java b/src/test/java/org/owasp/esapi/SecurityConfigurationWrapper.java index 1d5a521b8..3d8bf123a 100644 --- a/src/test/java/org/owasp/esapi/SecurityConfigurationWrapper.java +++ b/src/test/java/org/owasp/esapi/SecurityConfigurationWrapper.java @@ -558,6 +558,11 @@ public Boolean getBooleanProp(String propertyName) throws ConfigurationException return wrapped.getBooleanProp(propertyName); } + @Override + public Boolean getBooleanProp(String propertyName, Boolean defaultValue) { + return wrapped.getBooleanProp(propertyName, defaultValue); + } + @Override public String getStringProp(String propertyName) throws ConfigurationException { return wrapped.getStringProp(propertyName);