From 8b68f753f107dfd543aaedadfe63c3edc0defcdc Mon Sep 17 00:00:00 2001 From: Mickey Zarev Date: Tue, 25 Jun 2024 14:50:17 +0100 Subject: [PATCH 1/9] Update the logging properties to opt-out of the prefix events #844 --- configuration/esapi/ESAPI.properties | 4 + src/main/java/org/owasp/esapi/PropNames.java | 1 + .../appender/EventTypeLogSupplier.java | 15 ++- .../logging/appender/LogPrefixAppender.java | 33 ++++- .../logging/appender/ServerInfoSupplier.java | 27 +++- .../esapi/logging/java/JavaLogFactory.java | 18 ++- .../esapi/logging/slf4j/Slf4JLogFactory.java | 17 ++- ...entTypeLogSupplierIgnoreEventTypeTest.java | 44 +++++++ .../appender/LogPrefixAppenderTest.java | 55 ++++++++- .../ServerInfoSupplierIgnoreLogNameTest.java | 116 ++++++++++++++++++ src/test/resources/esapi/ESAPI.properties | 4 + 11 files changed, 322 insertions(+), 12 deletions(-) create mode 100644 src/test/java/org/owasp/esapi/logging/appender/EventTypeLogSupplierIgnoreEventTypeTest.java create mode 100644 src/test/java/org/owasp/esapi/logging/appender/ServerInfoSupplierIgnoreLogNameTest.java diff --git a/configuration/esapi/ESAPI.properties b/configuration/esapi/ESAPI.properties index d489cdce8..955e49fa2 100644 --- a/configuration/esapi/ESAPI.properties +++ b/configuration/esapi/ESAPI.properties @@ -407,6 +407,10 @@ Logger.UserInfo=true # Determines whether ESAPI should log the session id and client IP. Logger.ClientInfo=true +# Determines whether ESAPI should log the prefix of [EVENT_TYPE - APPLICATION NAME]. +# If all above Logger entries are set to false and LogIgnorePrefix is true, then the output would be the same like if no ESAPI was used +Logger.LogIgnorePrefix=true + #=========================================================================== # ESAPI Intrusion Detection # diff --git a/src/main/java/org/owasp/esapi/PropNames.java b/src/main/java/org/owasp/esapi/PropNames.java index 2f3f8ee49..57fa255a3 100644 --- a/src/main/java/org/owasp/esapi/PropNames.java +++ b/src/main/java/org/owasp/esapi/PropNames.java @@ -111,6 +111,7 @@ public final class PropNames { public static final String LOG_ENCODING_REQUIRED = "Logger.LogEncodingRequired"; public static final String LOG_APPLICATION_NAME = "Logger.LogApplicationName"; public static final String LOG_SERVER_IP = "Logger.LogServerIP"; + public static final String LOG_IGNORE_PREFIX = "Logger.LogIgnorePrefix"; public static final String VALIDATION_PROPERTIES = "Validator.ConfigurationFile"; public static final String VALIDATION_PROPERTIES_MULTIVALUED = "Validator.ConfigurationFile.MultiValued"; diff --git a/src/main/java/org/owasp/esapi/logging/appender/EventTypeLogSupplier.java b/src/main/java/org/owasp/esapi/logging/appender/EventTypeLogSupplier.java index 681839af5..9251678d2 100644 --- a/src/main/java/org/owasp/esapi/logging/appender/EventTypeLogSupplier.java +++ b/src/main/java/org/owasp/esapi/logging/appender/EventTypeLogSupplier.java @@ -30,18 +30,27 @@ public class EventTypeLogSupplier // implements Supplier { /** EventType reference to supply log representation of. */ private final EventType eventType; + /** Whether to log or not the event type */ + private boolean ignoreLogEventType = false; /** * Ctr * - * @param evtyp EventType reference to supply log representation for + * @param eventType EventType reference to supply log representation for */ - public EventTypeLogSupplier(EventType evtyp) { - this.eventType = evtyp == null ? Logger.EVENT_UNSPECIFIED : evtyp; + public EventTypeLogSupplier(EventType eventType) { + this.eventType = eventType == null ? Logger.EVENT_UNSPECIFIED : eventType; } // @Override -- Uncomment when we switch to Java 8 as minimal baseline. public String get() { + if (this.ignoreLogEventType) { + return ""; + } return eventType.toString(); } + + public void setIgnoreLogEventType(boolean ignoreLogEventType) { + this.ignoreLogEventType = ignoreLogEventType; + } } diff --git a/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java b/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java index 20f692ebf..fb6b07f08 100644 --- a/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java +++ b/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java @@ -35,6 +35,8 @@ public class LogPrefixAppender implements LogAppender { private final boolean logApplicationName; /** Application Name to record. */ private final String appName; + /** Whether or not to print the prefix. */ + private final boolean ignoreLogPrefix; /** * Ctr. @@ -51,11 +53,32 @@ public LogPrefixAppender(boolean logUserInfo, boolean logClientInfo, boolean log this.logServerIp = logServerIp; this.logApplicationName = logApplicationName; this.appName = appName; + this.ignoreLogPrefix = false; + } + + /** + * Ctr. + * + * @param logUserInfo Whether or not to record user information + * @param logClientInfo Whether or not to record client information + * @param logServerIp Whether or not to record server ip information + * @param logApplicationName Whether or not to record application name + * @param appName Application Name to record. + * @param ignoreLogPrefix Whether or not to print the prefix + */ + public LogPrefixAppender(boolean logUserInfo, boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName, boolean ignoreLogPrefix) { + this.logUserInfo = logUserInfo; + this.logClientInfo = logClientInfo; + this.logServerIp = logServerIp; + this.logApplicationName = logApplicationName; + this.appName = appName; + this.ignoreLogPrefix = ignoreLogPrefix; } @Override public String appendTo(String logName, EventType eventType, String message) { EventTypeLogSupplier eventTypeSupplier = new EventTypeLogSupplier(eventType); + eventTypeSupplier.setIgnoreLogEventType(this.ignoreLogPrefix); UserInfoSupplier userInfoSupplier = new UserInfoSupplier(); userInfoSupplier.setLogUserInfo(logUserInfo); @@ -66,6 +89,7 @@ public String appendTo(String logName, EventType eventType, String message) { ServerInfoSupplier serverInfoSupplier = new ServerInfoSupplier(logName); serverInfoSupplier.setLogServerIp(logServerIp); serverInfoSupplier.setLogApplicationName(logApplicationName, appName); + serverInfoSupplier.setIgnoreLogName(ignoreLogPrefix); String eventTypeMsg = eventTypeSupplier.get().trim(); String userInfoMsg = userInfoSupplier.get().trim(); @@ -81,8 +105,10 @@ public String appendTo(String logName, EventType eventType, String message) { String[] optionalPrefixContent = new String[] {userInfoMsg + clientInfoMsg, serverInfoMsg}; StringBuilder logPrefix = new StringBuilder(); - //EventType is always appended - logPrefix.append(eventTypeMsg); + //EventType is always appended (unless we specifically asked not to Log Prefix) + if (!this.ignoreLogPrefix) { + logPrefix.append(eventTypeMsg); + } for (String element : optionalPrefixContent) { if (!element.isEmpty()) { @@ -91,6 +117,9 @@ public String appendTo(String logName, EventType eventType, String message) { } } + if (logPrefix.toString().isEmpty()) { + return message; + } return String.format(RESULT_FORMAT, logPrefix.toString(), message); } } diff --git a/src/main/java/org/owasp/esapi/logging/appender/ServerInfoSupplier.java b/src/main/java/org/owasp/esapi/logging/appender/ServerInfoSupplier.java index 45fb4da55..934142f2d 100644 --- a/src/main/java/org/owasp/esapi/logging/appender/ServerInfoSupplier.java +++ b/src/main/java/org/owasp/esapi/logging/appender/ServerInfoSupplier.java @@ -34,7 +34,8 @@ public class ServerInfoSupplier // implements Supplier private boolean logAppName = true; /** The application name to log. */ private String applicationName = ""; - + /** Whether to log the Name */ + private boolean ignoreLogName = false; /** Reference to the associated logname/module name. */ private final String logName; @@ -57,10 +58,19 @@ public String get() { appInfo.append(request.getLocalAddr()).append(":").append(request.getLocalPort()); } } - if (logAppName) { - appInfo.append("/").append(applicationName); + + if (this.logAppName) { + if (this.applicationName != null && !this.applicationName.isEmpty()) { + appInfo.append("/").append(this.applicationName); + } + else if (this.applicationName == null) { + appInfo.append("/").append(this.applicationName); + } + } + + if (!this.ignoreLogName) { + appInfo.append("/").append(logName); } - appInfo.append("/").append(logName); return appInfo.toString(); } @@ -74,6 +84,15 @@ public void setLogServerIp(boolean log) { this.logServerIP = log; } + /** + * Specify whether the instance should record the prefix. + * + * @param ignoreLogName {@code true} to record + */ + public void setIgnoreLogName(boolean ignoreLogName) { + this.ignoreLogName = ignoreLogName; + } + /** * Specify whether the instance should record the application name * diff --git a/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java b/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java index 9ebd52d92..3cac1e1f8 100644 --- a/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java +++ b/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java @@ -20,6 +20,7 @@ import static org.owasp.esapi.PropNames.LOG_ENCODING_REQUIRED; import static org.owasp.esapi.PropNames.LOG_SERVER_IP; import static org.owasp.esapi.PropNames.LOG_USER_INFO; +import static org.owasp.esapi.PropNames.LOG_IGNORE_PREFIX; import java.io.IOException; import java.io.InputStream; @@ -79,7 +80,8 @@ public class JavaLogFactory implements LogFactory { boolean logApplicationName = ESAPI.securityConfiguration().getBooleanProp(LOG_APPLICATION_NAME); String appName = ESAPI.securityConfiguration().getStringProp(APPLICATION_NAME); boolean logServerIp = ESAPI.securityConfiguration().getBooleanProp(LOG_SERVER_IP); - JAVA_LOG_APPENDER = createLogAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName); + boolean logIgnorePrefix = ESAPI.securityConfiguration().getBooleanProp(LOG_IGNORE_PREFIX); + JAVA_LOG_APPENDER = createLogAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName, logIgnorePrefix); Map levelLookup = new HashMap<>(); levelLookup.put(Logger.ALL, JavaLogLevelHandlers.ALWAYS); @@ -144,6 +146,20 @@ public class JavaLogFactory implements LogFactory { return new LogPrefixAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName); } + /** + * Populates the default log appender for use in factory-created loggers. + * @param appName + * @param logApplicationName + * @param logServerIp + * @param logClientInfo + * @param logIgnorePrefix + * + * @return LogAppender instance. + */ + /*package*/ static LogAppender createLogAppender(boolean logUserInfo, boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName, boolean logIgnorePrefix) { + return new LogPrefixAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName, logIgnorePrefix); + } + @Override public Logger getLogger(String moduleName) { diff --git a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java index af113b80c..387672116 100644 --- a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java +++ b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java @@ -36,6 +36,7 @@ import static org.owasp.esapi.PropNames.LOG_APPLICATION_NAME; import static org.owasp.esapi.PropNames.APPLICATION_NAME; import static org.owasp.esapi.PropNames.LOG_SERVER_IP; +import static org.owasp.esapi.PropNames.LOG_IGNORE_PREFIX; import org.slf4j.LoggerFactory; /** * LogFactory implementation which creates SLF4J supporting Loggers. @@ -69,7 +70,8 @@ public class Slf4JLogFactory implements LogFactory { boolean logApplicationName = ESAPI.securityConfiguration().getBooleanProp(LOG_APPLICATION_NAME); String appName = ESAPI.securityConfiguration().getStringProp(APPLICATION_NAME); boolean logServerIp = ESAPI.securityConfiguration().getBooleanProp(LOG_SERVER_IP); - SLF4J_LOG_APPENDER = createLogAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName); + boolean logIgnorePrefix = ESAPI.securityConfiguration().getBooleanProp(LOG_IGNORE_PREFIX); + SLF4J_LOG_APPENDER = createLogAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName, logIgnorePrefix); Map levelLookup = new HashMap<>(); levelLookup.put(Logger.ALL, Slf4JLogLevelHandlers.TRACE); @@ -114,6 +116,19 @@ public class Slf4JLogFactory implements LogFactory { return new LogPrefixAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName); } + /** + * Populates the default log appender for use in factory-created loggers. + * @param appName + * @param logApplicationName + * @param logServerIp + * @param logClientInfo + * @param logIgnorePrefix + * + * @return LogAppender instance. + */ + /*package*/ static LogAppender createLogAppender(boolean logUserInfo, boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName, boolean logIgnorePrefix) { + return new LogPrefixAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName, logIgnorePrefix); + } @Override public Logger getLogger(String moduleName) { diff --git a/src/test/java/org/owasp/esapi/logging/appender/EventTypeLogSupplierIgnoreEventTypeTest.java b/src/test/java/org/owasp/esapi/logging/appender/EventTypeLogSupplierIgnoreEventTypeTest.java new file mode 100644 index 000000000..b5e15a15e --- /dev/null +++ b/src/test/java/org/owasp/esapi/logging/appender/EventTypeLogSupplierIgnoreEventTypeTest.java @@ -0,0 +1,44 @@ +package org.owasp.esapi.logging.appender; + +import static org.junit.Assert.assertEquals; + +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.Parameterized; +import org.owasp.esapi.Logger; + +import java.util.ArrayList; +import java.util.Collection; +import java.util.List; + +@RunWith(Parameterized.class) +public class EventTypeLogSupplierIgnoreEventTypeTest { + + @Parameterized.Parameters (name="{0} -> {1}") + public static Collection assembleTests() { + List paramSets = new ArrayList<>(); + paramSets.add(new Object[] {Logger.EVENT_FAILURE,""}); + paramSets.add(new Object[] {Logger.EVENT_SUCCESS,""}); + paramSets.add(new Object[] {Logger.EVENT_UNSPECIFIED,""}); + paramSets.add(new Object[] {Logger.SECURITY_AUDIT,""}); + paramSets.add(new Object[] {Logger.SECURITY_FAILURE,""}); + paramSets.add(new Object[] {Logger.SECURITY_SUCCESS,""}); + paramSets.add(new Object[] {null, ""}); + + return paramSets; + } + + private final Logger.EventType eventType; + private final String expectedResult; + + public EventTypeLogSupplierIgnoreEventTypeTest(Logger.EventType eventType, String result) { + this.eventType = eventType; + this.expectedResult = result; + } + @Test + public void testEventTypeLogIgnoreEventType() { + EventTypeLogSupplier supplier = new EventTypeLogSupplier(eventType); + supplier.setIgnoreLogEventType(true); + assertEquals(expectedResult, supplier.get()); + } +} diff --git a/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderTest.java b/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderTest.java index bc733ec2e..ad3422c97 100644 --- a/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderTest.java +++ b/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderTest.java @@ -34,6 +34,7 @@ public class LogPrefixAppenderTest { private String testLogMessage = testName.getMethodName() + "-MESSAGE"; private String testApplicationName = testName.getMethodName() + "-APPLICATION_NAME"; private EventType testEventType = Logger.EVENT_UNSPECIFIED; + private boolean testIgnorePrefix = true; private EventTypeLogSupplier etlsSpy; private ClientInfoSupplier cisSpy; @@ -145,7 +146,6 @@ public void testLogContentWhenUserInfoEmptyAndClientInfoEmptyAndServerInfoEmpty( runTest(ETL_RESULT, EMPTY_RESULT, EMPTY_RESULT, EMPTY_RESULT, "[EVENT_TYPE]"); } - private void runTest(String typeResult, String userResult, String clientResult, String serverResult, String exResult) throws Exception{ when(etlsSpy.get()).thenReturn(typeResult); when(uisSpy.get()).thenReturn(userResult); @@ -163,4 +163,57 @@ private void runTest(String typeResult, String userResult, String clientResult, assertEquals(exResult + " " + testName.getMethodName() + "-MESSAGE", result); } + + @Test + public void testLogContentWhenServerInfoEmptyAndIgnoreLogPrefix() throws Exception { + runTestWithLogPrefixIgnore(ETL_RESULT, UIS_RESULT, CIS_RESULT, EMPTY_RESULT, true, "[ USER_INFO:CLIENT_INFO]"); + } + + @Test + public void testLogContentWhenUserInfoEmptyAndServerInfoEmptyAndIgnoreLogPrefix() throws Exception { + runTestWithLogPrefixIgnore(ETL_RESULT, EMPTY_RESULT, CIS_RESULT, EMPTY_RESULT, true, "[ CLIENT_INFO]"); + } + + @Test + public void testLogContentWhenUserInfoEmptyAndClientInfoEmptyAndIgnoreLogPrefix() throws Exception { + runTestWithLogPrefixIgnore(ETL_RESULT, EMPTY_RESULT, EMPTY_RESULT, SIS_RESULT, true, "[ -> SERVER_INFO]"); + } + + @Test + public void testLogContentWhenClientInfoEmptyAndServerInfoEmptyAndIgnoreLogPrefix() throws Exception { + runTestWithLogPrefixIgnore(ETL_RESULT, UIS_RESULT, EMPTY_RESULT, EMPTY_RESULT, true, "[ USER_INFO]"); + } + + @Test + public void testLogContentWhenUserInfoEmptyAndClientInfoEmptyAndServerInfoEmptyAndIgnoreLogPrefix() throws Exception { + runTestWithLogPrefixIgnore(ETL_RESULT, EMPTY_RESULT, EMPTY_RESULT, EMPTY_RESULT, true, ""); + } + + private void runTestWithLogPrefixIgnore(String typeResult, String userResult, String clientResult, String serverResult, boolean ignoreLogPrefix, String exResult) throws Exception{ + etlsSpy.setIgnoreLogEventType(ignoreLogPrefix); + when(etlsSpy.get()).thenReturn(typeResult); + + when(uisSpy.get()).thenReturn(userResult); + when(cisSpy.get()).thenReturn(clientResult); + + sisSpy.setIgnoreLogName(ignoreLogPrefix); + when(sisSpy.get()).thenReturn(serverResult); + + whenNew(EventTypeLogSupplier.class).withArguments(testEventType).thenReturn(etlsSpy); + whenNew(UserInfoSupplier.class).withNoArguments().thenReturn(uisSpy); + whenNew(ClientInfoSupplier.class).withNoArguments().thenReturn(cisSpy); + whenNew(ServerInfoSupplier.class).withArguments(testLoggerName).thenReturn(sisSpy); + + //Since everything is mocked these booleans don't much matter aside from the later verifies + LogPrefixAppender lpa = new LogPrefixAppender(false, false, false, false, null, true); + String result = lpa.appendTo(testLoggerName, testEventType, testLogMessage); + + if (exResult.isEmpty()) { + assertEquals( testName.getMethodName() + "-MESSAGE", result); + } + else { + assertEquals(exResult + " " + testName.getMethodName() + "-MESSAGE", result); + } + } + } diff --git a/src/test/java/org/owasp/esapi/logging/appender/ServerInfoSupplierIgnoreLogNameTest.java b/src/test/java/org/owasp/esapi/logging/appender/ServerInfoSupplierIgnoreLogNameTest.java new file mode 100644 index 000000000..b8822a967 --- /dev/null +++ b/src/test/java/org/owasp/esapi/logging/appender/ServerInfoSupplierIgnoreLogNameTest.java @@ -0,0 +1,116 @@ +package org.owasp.esapi.logging.appender; + +import static org.junit.Assert.assertEquals; +import static org.mockito.Mockito.mock; +import static org.powermock.api.mockito.PowerMockito.mockStatic; +import static org.powermock.api.mockito.PowerMockito.when; + +import javax.servlet.http.HttpServletRequest; + +import org.junit.Before; +import org.junit.Rule; +import org.junit.Test; +import org.junit.rules.TestName; +import org.junit.runner.RunWith; +import org.owasp.esapi.ESAPI; +import org.powermock.core.classloader.annotations.PrepareForTest; +import org.powermock.modules.junit4.PowerMockRunner; + +@RunWith(PowerMockRunner.class) +@PrepareForTest({ ESAPI.class }) +public class ServerInfoSupplierIgnoreLogNameTest { + @Rule + public TestName testName = new TestName(); + + private HttpServletRequest request; + + @Before + public void buildStaticMocks() { + request = mock(HttpServletRequest.class); + mockStatic(ESAPI.class); + } + + @Test + public void verifyFullOutputIgnoreLogName() throws Exception { + when(ESAPI.class, "currentRequest").thenReturn(request); + when(request.getLocalAddr()).thenReturn("LOCAL_ADDR"); + when(request.getLocalPort()).thenReturn(99999); + + ServerInfoSupplier sis = new ServerInfoSupplier(testName.getMethodName()); + sis.setLogApplicationName(true, testName.getMethodName() + "-APPLICATION"); + sis.setLogServerIp(true); + sis.setIgnoreLogName(true); + + String result = sis.get(); + assertEquals("LOCAL_ADDR:99999/" + testName.getMethodName() + "-APPLICATION", + result); + } + + @Test + public void verifyOutputNullRequestIgnoreLogName() throws Exception { + when(ESAPI.class, "currentRequest").thenReturn(null); + ServerInfoSupplier sis = new ServerInfoSupplier(testName.getMethodName()); + sis.setLogApplicationName(true, testName.getMethodName() + "-APPLICATION"); + sis.setLogServerIp(true); + sis.setIgnoreLogName(true); + + String result = sis.get(); + assertEquals("/" + testName.getMethodName() + "-APPLICATION", result); + } + + @Test + public void verifyOutputNoAppNameIgnoreLogName() throws Exception { + when(ESAPI.class, "currentRequest").thenReturn(request); + when(request.getLocalAddr()).thenReturn("LOCAL_ADDR"); + when(request.getLocalPort()).thenReturn(99999); + + ServerInfoSupplier sis = new ServerInfoSupplier(testName.getMethodName()); + sis.setLogApplicationName(false, null); + sis.setLogServerIp(true); + sis.setIgnoreLogName(true); + + String result = sis.get(); + assertEquals("LOCAL_ADDR:99999", result); + } + + @Test + public void verifyOutputNullAppNameIgnoreLogName() throws Exception { + when(ESAPI.class, "currentRequest").thenReturn(request); + when(request.getLocalAddr()).thenReturn("LOCAL_ADDR"); + when(request.getLocalPort()).thenReturn(99999); + + ServerInfoSupplier sis = new ServerInfoSupplier(testName.getMethodName()); + sis.setLogApplicationName(true, null); + sis.setLogServerIp(true); + sis.setIgnoreLogName(true); + + String result = sis.get(); + assertEquals("LOCAL_ADDR:99999/null", result); + } + + @Test + public void verifyOutputNoServerIpIgnoreLogName() { + ServerInfoSupplier sis = new ServerInfoSupplier(testName.getMethodName()); + sis.setLogApplicationName(true, testName.getMethodName() + "-APPLICATION"); + sis.setLogServerIp(false); + sis.setIgnoreLogName(true); + + String result = sis.get(); + assertEquals("/" + testName.getMethodName() + "-APPLICATION", result); + } + + @Test + public void verifyOutputNullRequestNoServerIpNullAppNameIgnoreLogName() throws Exception { + when(ESAPI.class, "currentRequest").thenReturn(null); + ServerInfoSupplier sis = new ServerInfoSupplier(testName.getMethodName()); + sis.setLogApplicationName(false, null); + sis.setLogServerIp(false); + sis.setIgnoreLogName(true); + + String result = sis.get(); + assertEquals("", result); + } + + +} + diff --git a/src/test/resources/esapi/ESAPI.properties b/src/test/resources/esapi/ESAPI.properties index c967bad33..85351dcf0 100644 --- a/src/test/resources/esapi/ESAPI.properties +++ b/src/test/resources/esapi/ESAPI.properties @@ -439,6 +439,10 @@ Logger.UserInfo=true # Determines whether ESAPI should log the session id and client IP. Logger.ClientInfo=true +# Determines whether ESAPI should log the prefix of [EVENT_TYPE - APPLICATION NAME]. +# If all above Logger entries are set to false and LogIgnorePrefix is true, then the output would be the same like if no ESAPI was used +Logger.LogIgnorePrefix=true + #=========================================================================== # ESAPI Intrusion Detection # From d3f2a2f551e2b4409ea7fa766f06191c10515a93 Mon Sep 17 00:00:00 2001 From: Mickey Zarev Date: Fri, 28 Jun 2024 12:53:51 +0100 Subject: [PATCH 2/9] Update the logging properties to opt-out of the prefix events, second iteration for #844 --- configuration/esapi/ESAPI.properties | 4 +-- src/main/java/org/owasp/esapi/PropNames.java | 2 +- .../appender/EventTypeLogSupplier.java | 11 +++---- .../logging/appender/LogPrefixAppender.java | 30 +++++++++---------- .../logging/appender/ServerInfoSupplier.java | 10 +++---- .../esapi/logging/java/JavaLogFactory.java | 12 ++++---- .../esapi/logging/slf4j/Slf4JLogFactory.java | 12 ++++---- ...entTypeLogSupplierIgnoreEventTypeTest.java | 3 +- .../appender/LogPrefixAppenderTest.java | 20 ++++++------- .../ServerInfoSupplierIgnoreLogNameTest.java | 12 ++++---- src/test/resources/esapi/ESAPI.properties | 4 +-- 11 files changed, 58 insertions(+), 62 deletions(-) diff --git a/configuration/esapi/ESAPI.properties b/configuration/esapi/ESAPI.properties index 955e49fa2..b5b6aacc6 100644 --- a/configuration/esapi/ESAPI.properties +++ b/configuration/esapi/ESAPI.properties @@ -408,8 +408,8 @@ Logger.UserInfo=true Logger.ClientInfo=true # Determines whether ESAPI should log the prefix of [EVENT_TYPE - APPLICATION NAME]. -# If all above Logger entries are set to false and LogIgnorePrefix is true, then the output would be the same like if no ESAPI was used -Logger.LogIgnorePrefix=true +# If all above Logger entries are set to false, as well as LogPrefix, then the output would be the same as if no ESAPI was used +Logger.LogPrefix=true #=========================================================================== # ESAPI Intrusion Detection diff --git a/src/main/java/org/owasp/esapi/PropNames.java b/src/main/java/org/owasp/esapi/PropNames.java index 57fa255a3..ab30e47fa 100644 --- a/src/main/java/org/owasp/esapi/PropNames.java +++ b/src/main/java/org/owasp/esapi/PropNames.java @@ -111,7 +111,7 @@ public final class PropNames { public static final String LOG_ENCODING_REQUIRED = "Logger.LogEncodingRequired"; public static final String LOG_APPLICATION_NAME = "Logger.LogApplicationName"; public static final String LOG_SERVER_IP = "Logger.LogServerIP"; - public static final String LOG_IGNORE_PREFIX = "Logger.LogIgnorePrefix"; + public static final String LOG_PREFIX = "Logger.LogPrefix"; public static final String VALIDATION_PROPERTIES = "Validator.ConfigurationFile"; public static final String VALIDATION_PROPERTIES_MULTIVALUED = "Validator.ConfigurationFile.MultiValued"; diff --git a/src/main/java/org/owasp/esapi/logging/appender/EventTypeLogSupplier.java b/src/main/java/org/owasp/esapi/logging/appender/EventTypeLogSupplier.java index 9251678d2..93d3bd416 100644 --- a/src/main/java/org/owasp/esapi/logging/appender/EventTypeLogSupplier.java +++ b/src/main/java/org/owasp/esapi/logging/appender/EventTypeLogSupplier.java @@ -31,7 +31,7 @@ public class EventTypeLogSupplier // implements Supplier /** EventType reference to supply log representation of. */ private final EventType eventType; /** Whether to log or not the event type */ - private boolean ignoreLogEventType = false; + private boolean logEventType = true; /** * Ctr @@ -44,13 +44,10 @@ public EventTypeLogSupplier(EventType eventType) { // @Override -- Uncomment when we switch to Java 8 as minimal baseline. public String get() { - if (this.ignoreLogEventType) { - return ""; - } - return eventType.toString(); + return logEventType ? eventType.toString() : ""; } - public void setIgnoreLogEventType(boolean ignoreLogEventType) { - this.ignoreLogEventType = ignoreLogEventType; + public void setLogEventType(boolean logEventType) { + this.logEventType = logEventType; } } diff --git a/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java b/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java index fb6b07f08..fac90757f 100644 --- a/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java +++ b/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java @@ -36,7 +36,7 @@ public class LogPrefixAppender implements LogAppender { /** Application Name to record. */ private final String appName; /** Whether or not to print the prefix. */ - private final boolean ignoreLogPrefix; + private final boolean logPrefix; /** * Ctr. @@ -53,7 +53,7 @@ public LogPrefixAppender(boolean logUserInfo, boolean logClientInfo, boolean log this.logServerIp = logServerIp; this.logApplicationName = logApplicationName; this.appName = appName; - this.ignoreLogPrefix = false; + this.logPrefix = true; } /** @@ -64,21 +64,21 @@ public LogPrefixAppender(boolean logUserInfo, boolean logClientInfo, boolean log * @param logServerIp Whether or not to record server ip information * @param logApplicationName Whether or not to record application name * @param appName Application Name to record. - * @param ignoreLogPrefix Whether or not to print the prefix + * @param logPrefix Whether or not to print the prefix */ - public LogPrefixAppender(boolean logUserInfo, boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName, boolean ignoreLogPrefix) { + public LogPrefixAppender(boolean logUserInfo, boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName, boolean logPrefix) { this.logUserInfo = logUserInfo; this.logClientInfo = logClientInfo; this.logServerIp = logServerIp; this.logApplicationName = logApplicationName; this.appName = appName; - this.ignoreLogPrefix = ignoreLogPrefix; + this.logPrefix = logPrefix; } @Override public String appendTo(String logName, EventType eventType, String message) { EventTypeLogSupplier eventTypeSupplier = new EventTypeLogSupplier(eventType); - eventTypeSupplier.setIgnoreLogEventType(this.ignoreLogPrefix); + eventTypeSupplier.setLogEventType(this.logPrefix); UserInfoSupplier userInfoSupplier = new UserInfoSupplier(); userInfoSupplier.setLogUserInfo(logUserInfo); @@ -89,7 +89,7 @@ public String appendTo(String logName, EventType eventType, String message) { ServerInfoSupplier serverInfoSupplier = new ServerInfoSupplier(logName); serverInfoSupplier.setLogServerIp(logServerIp); serverInfoSupplier.setLogApplicationName(logApplicationName, appName); - serverInfoSupplier.setIgnoreLogName(ignoreLogPrefix); + serverInfoSupplier.setLogLogName(logPrefix); String eventTypeMsg = eventTypeSupplier.get().trim(); String userInfoMsg = userInfoSupplier.get().trim(); @@ -104,22 +104,20 @@ public String appendTo(String logName, EventType eventType, String message) { String[] optionalPrefixContent = new String[] {userInfoMsg + clientInfoMsg, serverInfoMsg}; - StringBuilder logPrefix = new StringBuilder(); + StringBuilder logPrefixBuilder = new StringBuilder(); //EventType is always appended (unless we specifically asked not to Log Prefix) - if (!this.ignoreLogPrefix) { - logPrefix.append(eventTypeMsg); + if (this.logPrefix) { + logPrefixBuilder.append(eventTypeMsg); } for (String element : optionalPrefixContent) { if (!element.isEmpty()) { - logPrefix.append(" "); - logPrefix.append(element); + logPrefixBuilder.append(" "); + logPrefixBuilder.append(element); } } - if (logPrefix.toString().isEmpty()) { - return message; - } - return String.format(RESULT_FORMAT, logPrefix.toString(), message); + String logPrefixContent = logPrefixBuilder.toString(); + return logPrefixContent.trim().isEmpty() ? message : String.format(RESULT_FORMAT, logPrefixContent, message); } } diff --git a/src/main/java/org/owasp/esapi/logging/appender/ServerInfoSupplier.java b/src/main/java/org/owasp/esapi/logging/appender/ServerInfoSupplier.java index 934142f2d..d383b1697 100644 --- a/src/main/java/org/owasp/esapi/logging/appender/ServerInfoSupplier.java +++ b/src/main/java/org/owasp/esapi/logging/appender/ServerInfoSupplier.java @@ -35,7 +35,7 @@ public class ServerInfoSupplier // implements Supplier /** The application name to log. */ private String applicationName = ""; /** Whether to log the Name */ - private boolean ignoreLogName = false; + private boolean logLogName = true; /** Reference to the associated logname/module name. */ private final String logName; @@ -68,7 +68,7 @@ else if (this.applicationName == null) { } } - if (!this.ignoreLogName) { + if (this.logLogName) { appInfo.append("/").append(logName); } @@ -87,10 +87,10 @@ public void setLogServerIp(boolean log) { /** * Specify whether the instance should record the prefix. * - * @param ignoreLogName {@code true} to record + * @param logLogName {@code true} to record */ - public void setIgnoreLogName(boolean ignoreLogName) { - this.ignoreLogName = ignoreLogName; + public void setLogLogName(boolean logLogName) { + this.logLogName = logLogName; } /** diff --git a/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java b/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java index 3cac1e1f8..a101defdc 100644 --- a/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java +++ b/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java @@ -20,7 +20,7 @@ import static org.owasp.esapi.PropNames.LOG_ENCODING_REQUIRED; import static org.owasp.esapi.PropNames.LOG_SERVER_IP; import static org.owasp.esapi.PropNames.LOG_USER_INFO; -import static org.owasp.esapi.PropNames.LOG_IGNORE_PREFIX; +import static org.owasp.esapi.PropNames.LOG_PREFIX; import java.io.IOException; import java.io.InputStream; @@ -80,8 +80,8 @@ public class JavaLogFactory implements LogFactory { boolean logApplicationName = ESAPI.securityConfiguration().getBooleanProp(LOG_APPLICATION_NAME); String appName = ESAPI.securityConfiguration().getStringProp(APPLICATION_NAME); boolean logServerIp = ESAPI.securityConfiguration().getBooleanProp(LOG_SERVER_IP); - boolean logIgnorePrefix = ESAPI.securityConfiguration().getBooleanProp(LOG_IGNORE_PREFIX); - JAVA_LOG_APPENDER = createLogAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName, logIgnorePrefix); + boolean logPrefix = ESAPI.securityConfiguration().getBooleanProp(LOG_PREFIX); + JAVA_LOG_APPENDER = createLogAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName, logPrefix); Map levelLookup = new HashMap<>(); levelLookup.put(Logger.ALL, JavaLogLevelHandlers.ALWAYS); @@ -152,12 +152,12 @@ public class JavaLogFactory implements LogFactory { * @param logApplicationName * @param logServerIp * @param logClientInfo - * @param logIgnorePrefix + * @param logPrefix * * @return LogAppender instance. */ - /*package*/ static LogAppender createLogAppender(boolean logUserInfo, boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName, boolean logIgnorePrefix) { - return new LogPrefixAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName, logIgnorePrefix); + /*package*/ static LogAppender createLogAppender(boolean logUserInfo, boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName, boolean logPrefix) { + return new LogPrefixAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName, logPrefix); } diff --git a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java index 387672116..326f8b32d 100644 --- a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java +++ b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java @@ -36,7 +36,7 @@ import static org.owasp.esapi.PropNames.LOG_APPLICATION_NAME; import static org.owasp.esapi.PropNames.APPLICATION_NAME; import static org.owasp.esapi.PropNames.LOG_SERVER_IP; -import static org.owasp.esapi.PropNames.LOG_IGNORE_PREFIX; +import static org.owasp.esapi.PropNames.LOG_PREFIX; import org.slf4j.LoggerFactory; /** * LogFactory implementation which creates SLF4J supporting Loggers. @@ -70,8 +70,8 @@ public class Slf4JLogFactory implements LogFactory { boolean logApplicationName = ESAPI.securityConfiguration().getBooleanProp(LOG_APPLICATION_NAME); String appName = ESAPI.securityConfiguration().getStringProp(APPLICATION_NAME); boolean logServerIp = ESAPI.securityConfiguration().getBooleanProp(LOG_SERVER_IP); - boolean logIgnorePrefix = ESAPI.securityConfiguration().getBooleanProp(LOG_IGNORE_PREFIX); - SLF4J_LOG_APPENDER = createLogAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName, logIgnorePrefix); + boolean logPrefix = ESAPI.securityConfiguration().getBooleanProp(LOG_PREFIX); + SLF4J_LOG_APPENDER = createLogAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName, logPrefix); Map levelLookup = new HashMap<>(); levelLookup.put(Logger.ALL, Slf4JLogLevelHandlers.TRACE); @@ -122,12 +122,12 @@ public class Slf4JLogFactory implements LogFactory { * @param logApplicationName * @param logServerIp * @param logClientInfo - * @param logIgnorePrefix + * @param logPrefix * * @return LogAppender instance. */ - /*package*/ static LogAppender createLogAppender(boolean logUserInfo, boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName, boolean logIgnorePrefix) { - return new LogPrefixAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName, logIgnorePrefix); + /*package*/ static LogAppender createLogAppender(boolean logUserInfo, boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName, boolean logPrefix) { + return new LogPrefixAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName, logPrefix); } @Override diff --git a/src/test/java/org/owasp/esapi/logging/appender/EventTypeLogSupplierIgnoreEventTypeTest.java b/src/test/java/org/owasp/esapi/logging/appender/EventTypeLogSupplierIgnoreEventTypeTest.java index b5e15a15e..3f8858bfa 100644 --- a/src/test/java/org/owasp/esapi/logging/appender/EventTypeLogSupplierIgnoreEventTypeTest.java +++ b/src/test/java/org/owasp/esapi/logging/appender/EventTypeLogSupplierIgnoreEventTypeTest.java @@ -35,10 +35,11 @@ public EventTypeLogSupplierIgnoreEventTypeTest(Logger.EventType eventType, Strin this.eventType = eventType; this.expectedResult = result; } + @Test public void testEventTypeLogIgnoreEventType() { EventTypeLogSupplier supplier = new EventTypeLogSupplier(eventType); - supplier.setIgnoreLogEventType(true); + supplier.setLogEventType(false); assertEquals(expectedResult, supplier.get()); } } diff --git a/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderTest.java b/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderTest.java index ad3422c97..3de2b16be 100644 --- a/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderTest.java +++ b/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderTest.java @@ -34,7 +34,7 @@ public class LogPrefixAppenderTest { private String testLogMessage = testName.getMethodName() + "-MESSAGE"; private String testApplicationName = testName.getMethodName() + "-APPLICATION_NAME"; private EventType testEventType = Logger.EVENT_UNSPECIFIED; - private boolean testIgnorePrefix = true; + //private boolean testIgnorePrefix = true; private EventTypeLogSupplier etlsSpy; private ClientInfoSupplier cisSpy; @@ -166,37 +166,37 @@ private void runTest(String typeResult, String userResult, String clientResult, @Test public void testLogContentWhenServerInfoEmptyAndIgnoreLogPrefix() throws Exception { - runTestWithLogPrefixIgnore(ETL_RESULT, UIS_RESULT, CIS_RESULT, EMPTY_RESULT, true, "[ USER_INFO:CLIENT_INFO]"); + runTestWithLogPrefixIgnore(ETL_RESULT, UIS_RESULT, CIS_RESULT, EMPTY_RESULT, false, "[ USER_INFO:CLIENT_INFO]"); } @Test public void testLogContentWhenUserInfoEmptyAndServerInfoEmptyAndIgnoreLogPrefix() throws Exception { - runTestWithLogPrefixIgnore(ETL_RESULT, EMPTY_RESULT, CIS_RESULT, EMPTY_RESULT, true, "[ CLIENT_INFO]"); + runTestWithLogPrefixIgnore(ETL_RESULT, EMPTY_RESULT, CIS_RESULT, EMPTY_RESULT, false, "[ CLIENT_INFO]"); } @Test public void testLogContentWhenUserInfoEmptyAndClientInfoEmptyAndIgnoreLogPrefix() throws Exception { - runTestWithLogPrefixIgnore(ETL_RESULT, EMPTY_RESULT, EMPTY_RESULT, SIS_RESULT, true, "[ -> SERVER_INFO]"); + runTestWithLogPrefixIgnore(ETL_RESULT, EMPTY_RESULT, EMPTY_RESULT, SIS_RESULT, false, "[ -> SERVER_INFO]"); } @Test public void testLogContentWhenClientInfoEmptyAndServerInfoEmptyAndIgnoreLogPrefix() throws Exception { - runTestWithLogPrefixIgnore(ETL_RESULT, UIS_RESULT, EMPTY_RESULT, EMPTY_RESULT, true, "[ USER_INFO]"); + runTestWithLogPrefixIgnore(ETL_RESULT, UIS_RESULT, EMPTY_RESULT, EMPTY_RESULT, false, "[ USER_INFO]"); } @Test public void testLogContentWhenUserInfoEmptyAndClientInfoEmptyAndServerInfoEmptyAndIgnoreLogPrefix() throws Exception { - runTestWithLogPrefixIgnore(ETL_RESULT, EMPTY_RESULT, EMPTY_RESULT, EMPTY_RESULT, true, ""); + runTestWithLogPrefixIgnore(ETL_RESULT, EMPTY_RESULT, EMPTY_RESULT, EMPTY_RESULT, false, ""); } - private void runTestWithLogPrefixIgnore(String typeResult, String userResult, String clientResult, String serverResult, boolean ignoreLogPrefix, String exResult) throws Exception{ - etlsSpy.setIgnoreLogEventType(ignoreLogPrefix); + private void runTestWithLogPrefixIgnore(String typeResult, String userResult, String clientResult, String serverResult, boolean logPrefix, String exResult) throws Exception{ + etlsSpy.setLogEventType(logPrefix); when(etlsSpy.get()).thenReturn(typeResult); when(uisSpy.get()).thenReturn(userResult); when(cisSpy.get()).thenReturn(clientResult); - sisSpy.setIgnoreLogName(ignoreLogPrefix); + sisSpy.setLogLogName(logPrefix); when(sisSpy.get()).thenReturn(serverResult); whenNew(EventTypeLogSupplier.class).withArguments(testEventType).thenReturn(etlsSpy); @@ -205,7 +205,7 @@ private void runTestWithLogPrefixIgnore(String typeResult, String userResult, St whenNew(ServerInfoSupplier.class).withArguments(testLoggerName).thenReturn(sisSpy); //Since everything is mocked these booleans don't much matter aside from the later verifies - LogPrefixAppender lpa = new LogPrefixAppender(false, false, false, false, null, true); + LogPrefixAppender lpa = new LogPrefixAppender(false, false, false, false, null, false); String result = lpa.appendTo(testLoggerName, testEventType, testLogMessage); if (exResult.isEmpty()) { diff --git a/src/test/java/org/owasp/esapi/logging/appender/ServerInfoSupplierIgnoreLogNameTest.java b/src/test/java/org/owasp/esapi/logging/appender/ServerInfoSupplierIgnoreLogNameTest.java index b8822a967..5bd3c8335 100644 --- a/src/test/java/org/owasp/esapi/logging/appender/ServerInfoSupplierIgnoreLogNameTest.java +++ b/src/test/java/org/owasp/esapi/logging/appender/ServerInfoSupplierIgnoreLogNameTest.java @@ -39,7 +39,7 @@ public void verifyFullOutputIgnoreLogName() throws Exception { ServerInfoSupplier sis = new ServerInfoSupplier(testName.getMethodName()); sis.setLogApplicationName(true, testName.getMethodName() + "-APPLICATION"); sis.setLogServerIp(true); - sis.setIgnoreLogName(true); + sis.setLogLogName(false); String result = sis.get(); assertEquals("LOCAL_ADDR:99999/" + testName.getMethodName() + "-APPLICATION", @@ -52,7 +52,7 @@ public void verifyOutputNullRequestIgnoreLogName() throws Exception { ServerInfoSupplier sis = new ServerInfoSupplier(testName.getMethodName()); sis.setLogApplicationName(true, testName.getMethodName() + "-APPLICATION"); sis.setLogServerIp(true); - sis.setIgnoreLogName(true); + sis.setLogLogName(false); String result = sis.get(); assertEquals("/" + testName.getMethodName() + "-APPLICATION", result); @@ -67,7 +67,7 @@ public void verifyOutputNoAppNameIgnoreLogName() throws Exception { ServerInfoSupplier sis = new ServerInfoSupplier(testName.getMethodName()); sis.setLogApplicationName(false, null); sis.setLogServerIp(true); - sis.setIgnoreLogName(true); + sis.setLogLogName(false); String result = sis.get(); assertEquals("LOCAL_ADDR:99999", result); @@ -82,7 +82,7 @@ public void verifyOutputNullAppNameIgnoreLogName() throws Exception { ServerInfoSupplier sis = new ServerInfoSupplier(testName.getMethodName()); sis.setLogApplicationName(true, null); sis.setLogServerIp(true); - sis.setIgnoreLogName(true); + sis.setLogLogName(false); String result = sis.get(); assertEquals("LOCAL_ADDR:99999/null", result); @@ -93,7 +93,7 @@ public void verifyOutputNoServerIpIgnoreLogName() { ServerInfoSupplier sis = new ServerInfoSupplier(testName.getMethodName()); sis.setLogApplicationName(true, testName.getMethodName() + "-APPLICATION"); sis.setLogServerIp(false); - sis.setIgnoreLogName(true); + sis.setLogLogName(false); String result = sis.get(); assertEquals("/" + testName.getMethodName() + "-APPLICATION", result); @@ -105,7 +105,7 @@ public void verifyOutputNullRequestNoServerIpNullAppNameIgnoreLogName() throws E ServerInfoSupplier sis = new ServerInfoSupplier(testName.getMethodName()); sis.setLogApplicationName(false, null); sis.setLogServerIp(false); - sis.setIgnoreLogName(true); + sis.setLogLogName(false); String result = sis.get(); assertEquals("", result); diff --git a/src/test/resources/esapi/ESAPI.properties b/src/test/resources/esapi/ESAPI.properties index 85351dcf0..8ffc61f66 100644 --- a/src/test/resources/esapi/ESAPI.properties +++ b/src/test/resources/esapi/ESAPI.properties @@ -440,8 +440,8 @@ Logger.UserInfo=true Logger.ClientInfo=true # Determines whether ESAPI should log the prefix of [EVENT_TYPE - APPLICATION NAME]. -# If all above Logger entries are set to false and LogIgnorePrefix is true, then the output would be the same like if no ESAPI was used -Logger.LogIgnorePrefix=true +# If all above Logger entries are set to false, as well as LogPrefix, then the output would be the same as if no ESAPI was used +Logger.LogPrefix=true #=========================================================================== # ESAPI Intrusion Detection From 6d8f3077356fbecdc51184745c84122861ea5e75 Mon Sep 17 00:00:00 2001 From: Mickey Zarev Date: Mon, 1 Jul 2024 14:23:57 +0100 Subject: [PATCH 3/9] Update the logging properties to opt-out of the prefix events, third iteration --- .../owasp/esapi/logging/appender/LogPrefixAppender.java | 9 +++------ .../esapi/logging/appender/LogPrefixAppenderTest.java | 1 - 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java b/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java index fac90757f..d0000bc31 100644 --- a/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java +++ b/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java @@ -46,14 +46,11 @@ public class LogPrefixAppender implements LogAppender { * @param logServerIp Whether or not to record server ip information * @param logApplicationName Whether or not to record application name * @param appName Application Name to record. + * @param logPrefix is set by default to true */ + @SuppressWarnings("JavadocReference") public LogPrefixAppender(boolean logUserInfo, boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName) { - this.logUserInfo = logUserInfo; - this.logClientInfo = logClientInfo; - this.logServerIp = logServerIp; - this.logApplicationName = logApplicationName; - this.appName = appName; - this.logPrefix = true; + this(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName, true); } /** diff --git a/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderTest.java b/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderTest.java index 3de2b16be..cbd368b5e 100644 --- a/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderTest.java +++ b/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderTest.java @@ -34,7 +34,6 @@ public class LogPrefixAppenderTest { private String testLogMessage = testName.getMethodName() + "-MESSAGE"; private String testApplicationName = testName.getMethodName() + "-APPLICATION_NAME"; private EventType testEventType = Logger.EVENT_UNSPECIFIED; - //private boolean testIgnorePrefix = true; private EventTypeLogSupplier etlsSpy; private ClientInfoSupplier cisSpy; From 7822d6f3c3bc0345cd627c7c55a0ec7cead7b103 Mon Sep 17 00:00:00 2001 From: Mickey Zarev Date: Mon, 1 Jul 2024 15:18:26 +0100 Subject: [PATCH 4/9] Update the logging properties to opt-out of the prefix events #844 fourt iteration --- .../owasp/esapi/logging/appender/LogPrefixAppender.java | 4 ++-- .../owasp/esapi/logging/appender/ServerInfoSupplier.java | 9 ++------- 2 files changed, 4 insertions(+), 9 deletions(-) diff --git a/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java b/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java index d0000bc31..57cddfa26 100644 --- a/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java +++ b/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java @@ -39,7 +39,7 @@ public class LogPrefixAppender implements LogAppender { private final boolean logPrefix; /** - * Ctr. + * Constructor * * @param logUserInfo Whether or not to record user information * @param logClientInfo Whether or not to record client information @@ -54,7 +54,7 @@ public LogPrefixAppender(boolean logUserInfo, boolean logClientInfo, boolean log } /** - * Ctr. + * Constructor * * @param logUserInfo Whether or not to record user information * @param logClientInfo Whether or not to record client information diff --git a/src/main/java/org/owasp/esapi/logging/appender/ServerInfoSupplier.java b/src/main/java/org/owasp/esapi/logging/appender/ServerInfoSupplier.java index d383b1697..8d62a58f0 100644 --- a/src/main/java/org/owasp/esapi/logging/appender/ServerInfoSupplier.java +++ b/src/main/java/org/owasp/esapi/logging/appender/ServerInfoSupplier.java @@ -58,14 +58,9 @@ public String get() { appInfo.append(request.getLocalAddr()).append(":").append(request.getLocalPort()); } } - + if (this.logAppName) { - if (this.applicationName != null && !this.applicationName.isEmpty()) { - appInfo.append("/").append(this.applicationName); - } - else if (this.applicationName == null) { - appInfo.append("/").append(this.applicationName); - } + appInfo.append("/").append(this.applicationName); } if (this.logLogName) { From 2e2d0e5d3488711ed31a92491f400d499ae3596b Mon Sep 17 00:00:00 2001 From: Mickey Zarev Date: Wed, 10 Jul 2024 17:17:11 +0100 Subject: [PATCH 5/9] Update the logging properties to opt-out of the prefix events #844 fifth iteration --- .../DefaultSecurityConfiguration.java | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java index 8cba81982..e3926eaab 100644 --- a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java +++ b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java @@ -1441,8 +1441,17 @@ public Boolean getBooleanProp(String propertyName) throws ConfigurationException try { return esapiPropertyManager.getBooleanProp(propertyName); } catch (ConfigurationException ex) { + String property = properties.getProperty( propertyName ); if ( property == null ) { + if (propertyName.startsWith("Logger.")) { + if (propertyName.equals("Logger.LogEncodingRequired")) { + return Boolean.FALSE; + } + else { + return Boolean.TRUE; + } + } throw new ConfigurationException( "SecurityConfiguration for " + propertyName + " not found in ESAPI.properties"); } if ( property.equalsIgnoreCase("true") || property.equalsIgnoreCase("yes" ) ) { @@ -1451,6 +1460,15 @@ public Boolean getBooleanProp(String propertyName) throws ConfigurationException if ( property.equalsIgnoreCase("false") || property.equalsIgnoreCase( "no" ) ) { return false; } + + if (propertyName.startsWith("Logger.")) { + if (propertyName.equals("Logger.LogEncodingRequired")) { + return Boolean.FALSE; + } + else { + return Boolean.TRUE; + } + } throw new ConfigurationException( "SecurityConfiguration for " + propertyName + " has incorrect " + "type"); } From c9d5b7826fe18ab24379b848aa993898952502d0 Mon Sep 17 00:00:00 2001 From: mickeyz07 Date: Wed, 24 Jul 2024 10:33:16 +0100 Subject: [PATCH 6/9] Update the logging properties to opt-out of the prefix events #844 sixt iteration --- .../configuration/EsapiPropertyLoader.java | 7 +++ .../configuration/EsapiPropertyManager.java | 16 ++++++ .../StandardEsapiPropertyLoader.java | 18 +++++++ .../configuration/XmlEsapiPropertyLoader.java | 18 +++++++ .../esapi/logging/java/JavaLogFactory.java | 2 +- .../esapi/logging/slf4j/Slf4JLogFactory.java | 2 +- .../DefaultSecurityConfiguration.java | 50 +++++++++++-------- .../esapi/SecurityConfigurationWrapper.java | 5 ++ 8 files changed, 95 insertions(+), 23 deletions(-) diff --git a/src/main/java/org/owasp/esapi/configuration/EsapiPropertyLoader.java b/src/main/java/org/owasp/esapi/configuration/EsapiPropertyLoader.java index 7709483bf..2ddd16590 100644 --- a/src/main/java/org/owasp/esapi/configuration/EsapiPropertyLoader.java +++ b/src/main/java/org/owasp/esapi/configuration/EsapiPropertyLoader.java @@ -33,6 +33,13 @@ public interface EsapiPropertyLoader { */ public Boolean getBooleanProp(String propertyName) throws ConfigurationException; + /** + * Get any Boolean type property from security configuration. + * If property does not exist in configuration or has incorrect type, defaultValue is returned + * @return property value. + */ + public Boolean getBooleanProp(String propertyName, Boolean defaultValue); + /** * Get any property from security configuration. As every property can be returned as string, this method * throws exception only when property does not exist. diff --git a/src/main/java/org/owasp/esapi/configuration/EsapiPropertyManager.java b/src/main/java/org/owasp/esapi/configuration/EsapiPropertyManager.java index 94b5e4d5a..999309500 100644 --- a/src/main/java/org/owasp/esapi/configuration/EsapiPropertyManager.java +++ b/src/main/java/org/owasp/esapi/configuration/EsapiPropertyManager.java @@ -76,6 +76,22 @@ public Boolean getBooleanProp(String propertyName) throws ConfigurationException throw new ConfigurationException("Could not find property " + propertyName + " in configuration"); } + /** + * {@inheritDoc} + */ + @Override + public Boolean getBooleanProp(String propertyName, Boolean defaultValue) { + for (AbstractPrioritizedPropertyLoader loader : loaders) { + try { + return loader.getBooleanProp(propertyName); + } catch (ConfigurationException e) { + return defaultValue; + } + } + return defaultValue; + } + + /** * {@inheritDoc} */ diff --git a/src/main/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoader.java b/src/main/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoader.java index fe50e02d7..199355829 100644 --- a/src/main/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoader.java +++ b/src/main/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoader.java @@ -70,6 +70,24 @@ public Boolean getBooleanProp(String propertyName) throws ConfigurationException } } + /** + * {@inheritDoc} + */ + @Override + public Boolean getBooleanProp(String propertyName, Boolean defaultValue) { + String property = properties.getProperty(propertyName); + if (property == null) { + return defaultValue; + } + if (property.equalsIgnoreCase("true") || property.equalsIgnoreCase("yes")) { + return true; + } + if (property.equalsIgnoreCase("false") || property.equalsIgnoreCase("no")) { + return false; + } + return defaultValue; + } + /** * {@inheritDoc} */ diff --git a/src/main/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoader.java b/src/main/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoader.java index 3b3dc8ebc..55e5f85c7 100644 --- a/src/main/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoader.java +++ b/src/main/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoader.java @@ -86,6 +86,24 @@ public Boolean getBooleanProp(String propertyName) throws ConfigurationException } } + /** + * {@inheritDoc} + */ + @Override + public Boolean getBooleanProp(String propertyName, Boolean defaultValue) { + String property = properties.getProperty(propertyName); + if (property == null) { + return defaultValue; + } + if (property.equalsIgnoreCase("true") || property.equalsIgnoreCase("yes")) { + return true; + } + if (property.equalsIgnoreCase("false") || property.equalsIgnoreCase("no")) { + return false; + } + return defaultValue; + } + /** * {@inheritDoc} */ diff --git a/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java b/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java index a101defdc..2e246e519 100644 --- a/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java +++ b/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java @@ -80,7 +80,7 @@ public class JavaLogFactory implements LogFactory { boolean logApplicationName = ESAPI.securityConfiguration().getBooleanProp(LOG_APPLICATION_NAME); String appName = ESAPI.securityConfiguration().getStringProp(APPLICATION_NAME); boolean logServerIp = ESAPI.securityConfiguration().getBooleanProp(LOG_SERVER_IP); - boolean logPrefix = ESAPI.securityConfiguration().getBooleanProp(LOG_PREFIX); + boolean logPrefix = ESAPI.securityConfiguration().getBooleanProp(LOG_PREFIX, true); JAVA_LOG_APPENDER = createLogAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName, logPrefix); Map levelLookup = new HashMap<>(); diff --git a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java index 326f8b32d..9387dc99e 100644 --- a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java +++ b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java @@ -70,7 +70,7 @@ public class Slf4JLogFactory implements LogFactory { boolean logApplicationName = ESAPI.securityConfiguration().getBooleanProp(LOG_APPLICATION_NAME); String appName = ESAPI.securityConfiguration().getStringProp(APPLICATION_NAME); boolean logServerIp = ESAPI.securityConfiguration().getBooleanProp(LOG_SERVER_IP); - boolean logPrefix = ESAPI.securityConfiguration().getBooleanProp(LOG_PREFIX); + boolean logPrefix = ESAPI.securityConfiguration().getBooleanProp(LOG_PREFIX, true); SLF4J_LOG_APPENDER = createLogAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName, logPrefix); Map levelLookup = new HashMap<>(); diff --git a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java index e3926eaab..400be5457 100644 --- a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java +++ b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java @@ -1441,39 +1441,47 @@ public Boolean getBooleanProp(String propertyName) throws ConfigurationException try { return esapiPropertyManager.getBooleanProp(propertyName); } catch (ConfigurationException ex) { - - String property = properties.getProperty( propertyName ); + String property = properties.getProperty(propertyName); if ( property == null ) { - if (propertyName.startsWith("Logger.")) { - if (propertyName.equals("Logger.LogEncodingRequired")) { - return Boolean.FALSE; - } - else { - return Boolean.TRUE; - } - } throw new ConfigurationException( "SecurityConfiguration for " + propertyName + " not found in ESAPI.properties"); } - if ( property.equalsIgnoreCase("true") || property.equalsIgnoreCase("yes" ) ) { + if ( property.equalsIgnoreCase("true") || property.equalsIgnoreCase("yes") ) { return true; } - if ( property.equalsIgnoreCase("false") || property.equalsIgnoreCase( "no" ) ) { + if ( property.equalsIgnoreCase("false") || property.equalsIgnoreCase("no") ) { return false; } - - if (propertyName.startsWith("Logger.")) { - if (propertyName.equals("Logger.LogEncodingRequired")) { - return Boolean.FALSE; - } - else { - return Boolean.TRUE; - } - } throw new ConfigurationException( "SecurityConfiguration for " + propertyName + " has incorrect " + "type"); } } + /** + * {@inheritDoc} + * Looks for property in three configuration files in following order: + * 1.) In file defined as org.owasp.esapi.opsteam system property + * 2.) In file defined as org.owasp.esapi.devteam system property + * 3.) In ESAPI.properties + */ + @Override + public Boolean getBooleanProp(String propertyName, Boolean defaultValue) { + try { + return esapiPropertyManager.getBooleanProp(propertyName); + } catch (ConfigurationException ex) { + String property = properties.getProperty(propertyName); + if ( property == null ) { + return defaultValue; + } + if ( property.equalsIgnoreCase("true") || property.equalsIgnoreCase("yes") ) { + return true; + } + if ( property.equalsIgnoreCase("false") || property.equalsIgnoreCase("no") ) { + return false; + } + return defaultValue; + } + } + /** * {@inheritDoc} * Looks for property in three configuration files in following order: diff --git a/src/test/java/org/owasp/esapi/SecurityConfigurationWrapper.java b/src/test/java/org/owasp/esapi/SecurityConfigurationWrapper.java index 1d5a521b8..3d8bf123a 100644 --- a/src/test/java/org/owasp/esapi/SecurityConfigurationWrapper.java +++ b/src/test/java/org/owasp/esapi/SecurityConfigurationWrapper.java @@ -558,6 +558,11 @@ public Boolean getBooleanProp(String propertyName) throws ConfigurationException return wrapped.getBooleanProp(propertyName); } + @Override + public Boolean getBooleanProp(String propertyName, Boolean defaultValue) { + return wrapped.getBooleanProp(propertyName, defaultValue); + } + @Override public String getStringProp(String propertyName) throws ConfigurationException { return wrapped.getStringProp(propertyName); From 54a7463e9479ae2b7aaa771179b96fc7e53f345c Mon Sep 17 00:00:00 2001 From: Mickey Zarev Date: Wed, 31 Jul 2024 13:30:12 +0100 Subject: [PATCH 7/9] Update the logging properties to opt-out of the prefix events #844 seventh iteration --- .../configuration/EsapiPropertyManager.java | 6 +- .../EsapiPropertyManagerTest.java | 78 +++++++ .../StandardEsapiPropertyLoaderTest.java | 192 ++++++++++++++++++ .../XmlEsapiPropertyLoaderTest.java | 183 +++++++++++++++++ 4 files changed, 454 insertions(+), 5 deletions(-) diff --git a/src/main/java/org/owasp/esapi/configuration/EsapiPropertyManager.java b/src/main/java/org/owasp/esapi/configuration/EsapiPropertyManager.java index 999309500..2a7b2cecd 100644 --- a/src/main/java/org/owasp/esapi/configuration/EsapiPropertyManager.java +++ b/src/main/java/org/owasp/esapi/configuration/EsapiPropertyManager.java @@ -82,11 +82,7 @@ public Boolean getBooleanProp(String propertyName) throws ConfigurationException @Override public Boolean getBooleanProp(String propertyName, Boolean defaultValue) { for (AbstractPrioritizedPropertyLoader loader : loaders) { - try { - return loader.getBooleanProp(propertyName); - } catch (ConfigurationException e) { - return defaultValue; - } + return loader.getBooleanProp(propertyName, defaultValue); } return defaultValue; } diff --git a/src/test/java/org/owasp/esapi/configuration/EsapiPropertyManagerTest.java b/src/test/java/org/owasp/esapi/configuration/EsapiPropertyManagerTest.java index 507f33ce1..dcf98c40c 100644 --- a/src/test/java/org/owasp/esapi/configuration/EsapiPropertyManagerTest.java +++ b/src/test/java/org/owasp/esapi/configuration/EsapiPropertyManagerTest.java @@ -288,6 +288,46 @@ public void testBooleanPropFoundInLoader() { assertEquals(expectedPropertyValue, propertyValue); } + + @Test + public void testBooleanPropFoundInLoaderWithDefaultValueTrue() { + // given + System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), xmlFilename1); + String propertyKey = "boolean_property"; + boolean expectedPropertyValue = true; + + // when + try { + testPropertyManager = new EsapiPropertyManager(); + } catch (IOException e) { + fail(e.getMessage()); + } + boolean propertyValue = testPropertyManager.getBooleanProp(propertyKey, true); + + // then + assertEquals(expectedPropertyValue, propertyValue); + } + + @Test + public void testBooleanPropFoundInLoaderWithDefaultValueFalse() { + // given + System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), xmlFilename1); + String propertyKey = "boolean_property"; + boolean expectedPropertyValue = true; + + // when + try { + testPropertyManager = new EsapiPropertyManager(); + } catch (IOException e) { + fail(e.getMessage()); + } + boolean propertyValue = testPropertyManager.getBooleanProp(propertyKey, false); + + // then + assertEquals(expectedPropertyValue, propertyValue); + } + + @Test(expected = ConfigurationException.class) public void testBooleanPropertyNotFoundByLoaderAndThrowException() { // given @@ -304,6 +344,44 @@ public void testBooleanPropertyNotFoundByLoaderAndThrowException() { // then expect exception } + @Test + public void testBooleanPropertyNotFoundByLoaderWithDefaultValueTrue() { + // given + String propertyKey = "non.existing.property"; + boolean expectedPropertyValue = true; + + // when + try { + testPropertyManager = new EsapiPropertyManager(); + } catch (IOException e) { + fail(e.getMessage()); + } + + boolean propertyValue = testPropertyManager.getBooleanProp(propertyKey, true); + + // then + assertEquals(expectedPropertyValue, propertyValue); + } + + @Test + public void testBooleanPropertyNotFoundByLoaderWithDefaultValueFalse() { + // given + String propertyKey = "non.existing.property"; + boolean expectedPropertyValue = false; + + // when + try { + testPropertyManager = new EsapiPropertyManager(); + } catch (IOException e) { + fail(e.getMessage()); + } + + boolean propertyValue = testPropertyManager.getBooleanProp(propertyKey, false); + + // then + assertEquals(expectedPropertyValue, propertyValue); + } + @Test public void testByteArrayPropFoundInLoader() { // given diff --git a/src/test/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoaderTest.java b/src/test/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoaderTest.java index 080644642..77fe1643b 100644 --- a/src/test/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoaderTest.java +++ b/src/test/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoaderTest.java @@ -239,6 +239,48 @@ public void testGetBooleanProp() { assertEquals(expectedValue, value); } + @Test + public void testGetBooleanPropWithDefaultValueTrue() { + // given + String filename = "src" + File.separator + "test" + File.separator + "resources" + File.separator + + "esapi" + File.separator + "ESAPI-test.properties"; + int priority = 1; + String propertyKey = "boolean_property"; + boolean expectedValue = true; + + // when + try { + testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority); + } catch ( IOException e ) { + fail( e.getMessage() ); + } + boolean value = testPropertyLoader.getBooleanProp(propertyKey,true); + + // then + assertEquals(expectedValue, value); + } + + @Test + public void testGetBooleanPropWithDefaultValueFalse() { + // given + String filename = "src" + File.separator + "test" + File.separator + "resources" + File.separator + + "esapi" + File.separator + "ESAPI-test.properties"; + int priority = 1; + String propertyKey = "boolean_property"; + boolean expectedValue = true; + + // when + try { + testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority); + } catch ( IOException e ) { + fail( e.getMessage() ); + } + boolean value = testPropertyLoader.getBooleanProp(propertyKey,false); + + // then + assertEquals(expectedValue, value); + } + @Test public void testGetBooleanYesProperty() { // given @@ -257,6 +299,42 @@ public void testGetBooleanYesProperty() { assertEquals(expectedValue, value); } + @Test + public void testGetBooleanYesPropertyWithDefaultValueTrue() { + // given + String key = "boolean_yes_property"; + boolean expectedValue = true; + + // when + try { + testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority); + } catch ( IOException e ) { + fail( e.getMessage() ); + } + boolean value = testPropertyLoader.getBooleanProp(key,true); + + // then + assertEquals(expectedValue, value); + } + + @Test + public void testGetBooleanYesPropertyWithDefaultValueFalse() { + // given + String key = "boolean_yes_property"; + boolean expectedValue = true; + + // when + try { + testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority); + } catch ( IOException e ) { + fail( e.getMessage() ); + } + boolean value = testPropertyLoader.getBooleanProp(key,false); + + // then + assertEquals(expectedValue, value); + } + @Test public void testGetBooleanNoProperty() { // given @@ -275,6 +353,42 @@ public void testGetBooleanNoProperty() { assertEquals(expectedValue, value); } + @Test + public void testGetBooleanNoPropertyWithDefaultValueTrue() { + // given + String key = "boolean_no_property"; + boolean expectedValue = false; + + // when + try { + testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority); + } catch ( IOException e ) { + fail( e.getMessage() ); + } + boolean value = testPropertyLoader.getBooleanProp(key, true); + + // then + assertEquals(expectedValue, value); + } + + @Test + public void testGetBooleanNoPropertyWithDefaultValueFalse() { + // given + String key = "boolean_no_property"; + boolean expectedValue = false; + + // when + try { + testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority); + } catch ( IOException e ) { + fail( e.getMessage() ); + } + boolean value = testPropertyLoader.getBooleanProp(key, false); + + // then + assertEquals(expectedValue, value); + } + @Test(expected = ConfigurationException.class) public void testBooleanPropertyNotFound() throws ConfigurationException { // given @@ -294,6 +408,48 @@ public void testBooleanPropertyNotFound() throws ConfigurationException { // then expect exception } + @Test + public void testBooleanPropertyNotFoundWithDefaultValueTrue() { + // given + String filename = "src" + File.separator + "test" + File.separator + "resources" + File.separator + + "esapi" + File.separator + "ESAPI-test.properties"; + int priority = 1; + String propertyKey = "non-existing-key"; + boolean expectedValue = true; + + // when + try { + testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority); + } catch ( IOException e ) { + fail( e.getMessage() ); + } + boolean value = testPropertyLoader.getBooleanProp(propertyKey, true); + + // then + assertEquals(expectedValue, value); + } + + @Test + public void testBooleanPropertyNotFoundWithDefaultValueFalse() { + // given + String filename = "src" + File.separator + "test" + File.separator + "resources" + File.separator + + "esapi" + File.separator + "ESAPI-test.properties"; + int priority = 1; + String propertyKey = "non-existing-key"; + boolean expectedValue = false; + + // when + try { + testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority); + } catch ( IOException e ) { + fail( e.getMessage() ); + } + boolean value = testPropertyLoader.getBooleanProp(propertyKey, false); + + // then + assertEquals(expectedValue, value); + } + @Test(expected = ConfigurationException.class) public void testIncorrectBooleanPropertyType() throws ConfigurationException { // given @@ -310,6 +466,42 @@ public void testIncorrectBooleanPropertyType() throws ConfigurationException { // then expect exception } + @Test + public void testIncorrectBooleanPropertyTypeWithDefaultValueTrue() { + // given + String key = "invalid_boolean_property"; + boolean expectedValue = true; + + // when + try { + testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority); + } catch ( IOException e ) { + fail( e.getMessage() ); + } + boolean value = testPropertyLoader.getBooleanProp(key, true); + + // then + assertEquals(expectedValue, value); + } + + @Test + public void testIncorrectBooleanPropertyTypeWithDefaultValueFalse() { + // given + String key = "invalid_boolean_property"; + boolean expectedValue = false; + + // when + try { + testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority); + } catch ( IOException e ) { + fail( e.getMessage() ); + } + boolean value = testPropertyLoader.getBooleanProp(key, false); + + // then + assertEquals(expectedValue, value); + } + @Test public void testGetByteArrayProp() { // given diff --git a/src/test/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoaderTest.java b/src/test/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoaderTest.java index 6aecec533..f52be60e9 100644 --- a/src/test/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoaderTest.java +++ b/src/test/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoaderTest.java @@ -254,6 +254,42 @@ public void testGetBooleanProp() { assertEquals(expectedValue, value); } + @Test + public void testGetBooleanPropWithDefaultValueTrue() { + // given + String key = "boolean_property"; + boolean expectedValue = true; + + // when + try { + testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority); + } catch ( IOException e ) { + fail( e.getMessage() ); + } + boolean value = testPropertyLoader.getBooleanProp(key, true); + + // then + assertEquals(expectedValue, value); + } + + @Test + public void testGetBooleanPropWithDefaultValueFalse() { + // given + String key = "boolean_property"; + boolean expectedValue = true; + + // when + try { + testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority); + } catch ( IOException e ) { + fail( e.getMessage() ); + } + boolean value = testPropertyLoader.getBooleanProp(key, false); + + // then + assertEquals(expectedValue, value); + } + @Test public void testGetBooleanYesProperty() { // given @@ -272,6 +308,42 @@ public void testGetBooleanYesProperty() { assertEquals(expectedValue, value); } + @Test + public void testGetBooleanYesPropertyWithDefaultValueTrue() { + // given + String key = "boolean_yes_property"; + boolean expectedValue = true; + + // when + try { + testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority); + } catch ( IOException e ) { + fail( e.getMessage() ); + } + boolean value = testPropertyLoader.getBooleanProp(key, true); + + // then + assertEquals(expectedValue, value); + } + + @Test + public void testGetBooleanYesPropertyWithDefaultValueFalse() { + // given + String key = "boolean_yes_property"; + boolean expectedValue = true; + + // when + try { + testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority); + } catch ( IOException e ) { + fail( e.getMessage() ); + } + boolean value = testPropertyLoader.getBooleanProp(key, false); + + // then + assertEquals(expectedValue, value); + } + @Test public void testGetBooleanNoProperty() { // given @@ -290,6 +362,42 @@ public void testGetBooleanNoProperty() { assertEquals(expectedValue, value); } + @Test + public void testGetBooleanNoPropertyWithDefaultValueTrue() { + // given + String key = "boolean_no_property"; + boolean expectedValue = false; + + // when + try { + testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority); + } catch ( IOException e ) { + fail( e.getMessage() ); + } + boolean value = testPropertyLoader.getBooleanProp(key, true); + + // then + assertEquals(expectedValue, value); + } + + @Test + public void testGetBooleanNoPropertyWithDefaultValueFalse() { + // given + String key = "boolean_no_property"; + boolean expectedValue = false; + + // when + try { + testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority); + } catch ( IOException e ) { + fail( e.getMessage() ); + } + boolean value = testPropertyLoader.getBooleanProp(key, false); + + // then + assertEquals(expectedValue, value); + } + @Test(expected = ConfigurationException.class) public void testBooleanPropertyNotFound() throws ConfigurationException { // given @@ -306,6 +414,45 @@ public void testBooleanPropertyNotFound() throws ConfigurationException { // then expect exception } + @Test + public void testBooleanPropertyNotFoundWithDefaultValueTrue() { + // given + String key = "non-existing-key"; + boolean expectedValue = true; + + // when + try { + testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority); + } catch ( IOException e ) { + fail( e.getMessage() ); + } + boolean value = testPropertyLoader.getBooleanProp(key, true); + + // then + assertEquals(expectedValue, value); + + + // then expect exception + } + + @Test + public void testBooleanPropertyNotFoundWithDefaultValueFalse() { + // given + String key = "non-existing-key"; + boolean expectedValue = false; + + // when + try { + testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority); + } catch ( IOException e ) { + fail( e.getMessage() ); + } + boolean value = testPropertyLoader.getBooleanProp(key, false); + + // then + assertEquals(expectedValue, value); + } + @Test(expected = ConfigurationException.class) public void testIncorrectBooleanPropertyType() throws ConfigurationException { // given @@ -322,6 +469,42 @@ public void testIncorrectBooleanPropertyType() throws ConfigurationException { // then expect exception } + @Test + public void testIncorrectBooleanPropertyTypeWithDefaultValueTrue() { + // given + String key = "invalid_boolean_property"; + boolean expectedValue = true; + + // when + try { + testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority); + } catch ( IOException e ) { + fail( e.getMessage() ); + } + boolean value = testPropertyLoader.getBooleanProp(key, true); + + // then + assertEquals(expectedValue, value); + } + + @Test + public void testIncorrectBooleanPropertyTypeWithDefaultValueFalse() { + // given + String key = "invalid_boolean_property"; + boolean expectedValue = false; + + // when + try { + testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority); + } catch ( IOException e ) { + fail( e.getMessage() ); + } + boolean value = testPropertyLoader.getBooleanProp(key, false); + + // then + assertEquals(expectedValue, value); + } + @Test public void testGetByteArrayProp() { // given From 17219b7eb69405c11936aee04fb607ce2e39969c Mon Sep 17 00:00:00 2001 From: Mickey Zarev Date: Tue, 3 Sep 2024 17:24:04 +0100 Subject: [PATCH 8/9] Update the logging properties to opt-out of the prefix events ESAPI#844 eigth iteration --- .../configuration/EsapiPropertyLoader.java | 7 - .../configuration/EsapiPropertyManager.java | 12 -- .../StandardEsapiPropertyLoader.java | 18 -- .../configuration/XmlEsapiPropertyLoader.java | 18 -- .../esapi/logging/java/JavaLogFactory.java | 11 +- .../esapi/logging/slf4j/Slf4JLogFactory.java | 12 +- .../DefaultSecurityConfiguration.java | 26 --- .../esapi/SecurityConfigurationWrapper.java | 5 - .../EsapiPropertyManagerTest.java | 78 ------- .../StandardEsapiPropertyLoaderTest.java | 192 ------------------ .../XmlEsapiPropertyLoaderTest.java | 183 ----------------- 11 files changed, 21 insertions(+), 541 deletions(-) diff --git a/src/main/java/org/owasp/esapi/configuration/EsapiPropertyLoader.java b/src/main/java/org/owasp/esapi/configuration/EsapiPropertyLoader.java index 2ddd16590..7709483bf 100644 --- a/src/main/java/org/owasp/esapi/configuration/EsapiPropertyLoader.java +++ b/src/main/java/org/owasp/esapi/configuration/EsapiPropertyLoader.java @@ -33,13 +33,6 @@ public interface EsapiPropertyLoader { */ public Boolean getBooleanProp(String propertyName) throws ConfigurationException; - /** - * Get any Boolean type property from security configuration. - * If property does not exist in configuration or has incorrect type, defaultValue is returned - * @return property value. - */ - public Boolean getBooleanProp(String propertyName, Boolean defaultValue); - /** * Get any property from security configuration. As every property can be returned as string, this method * throws exception only when property does not exist. diff --git a/src/main/java/org/owasp/esapi/configuration/EsapiPropertyManager.java b/src/main/java/org/owasp/esapi/configuration/EsapiPropertyManager.java index 2a7b2cecd..94b5e4d5a 100644 --- a/src/main/java/org/owasp/esapi/configuration/EsapiPropertyManager.java +++ b/src/main/java/org/owasp/esapi/configuration/EsapiPropertyManager.java @@ -76,18 +76,6 @@ public Boolean getBooleanProp(String propertyName) throws ConfigurationException throw new ConfigurationException("Could not find property " + propertyName + " in configuration"); } - /** - * {@inheritDoc} - */ - @Override - public Boolean getBooleanProp(String propertyName, Boolean defaultValue) { - for (AbstractPrioritizedPropertyLoader loader : loaders) { - return loader.getBooleanProp(propertyName, defaultValue); - } - return defaultValue; - } - - /** * {@inheritDoc} */ diff --git a/src/main/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoader.java b/src/main/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoader.java index 199355829..fe50e02d7 100644 --- a/src/main/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoader.java +++ b/src/main/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoader.java @@ -70,24 +70,6 @@ public Boolean getBooleanProp(String propertyName) throws ConfigurationException } } - /** - * {@inheritDoc} - */ - @Override - public Boolean getBooleanProp(String propertyName, Boolean defaultValue) { - String property = properties.getProperty(propertyName); - if (property == null) { - return defaultValue; - } - if (property.equalsIgnoreCase("true") || property.equalsIgnoreCase("yes")) { - return true; - } - if (property.equalsIgnoreCase("false") || property.equalsIgnoreCase("no")) { - return false; - } - return defaultValue; - } - /** * {@inheritDoc} */ diff --git a/src/main/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoader.java b/src/main/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoader.java index 55e5f85c7..3b3dc8ebc 100644 --- a/src/main/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoader.java +++ b/src/main/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoader.java @@ -86,24 +86,6 @@ public Boolean getBooleanProp(String propertyName) throws ConfigurationException } } - /** - * {@inheritDoc} - */ - @Override - public Boolean getBooleanProp(String propertyName, Boolean defaultValue) { - String property = properties.getProperty(propertyName); - if (property == null) { - return defaultValue; - } - if (property.equalsIgnoreCase("true") || property.equalsIgnoreCase("yes")) { - return true; - } - if (property.equalsIgnoreCase("false") || property.equalsIgnoreCase("no")) { - return false; - } - return defaultValue; - } - /** * {@inheritDoc} */ diff --git a/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java b/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java index 2e246e519..918fd45b7 100644 --- a/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java +++ b/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java @@ -80,7 +80,16 @@ public class JavaLogFactory implements LogFactory { boolean logApplicationName = ESAPI.securityConfiguration().getBooleanProp(LOG_APPLICATION_NAME); String appName = ESAPI.securityConfiguration().getStringProp(APPLICATION_NAME); boolean logServerIp = ESAPI.securityConfiguration().getBooleanProp(LOG_SERVER_IP); - boolean logPrefix = ESAPI.securityConfiguration().getBooleanProp(LOG_PREFIX, true); + + boolean logPrefix = true; + try { + logPrefix = ESAPI.securityConfiguration().getBooleanProp(LOG_PREFIX); + } catch (ConfigurationException ex) { + System.out.println("ESAPI: Failed to read Log Prefix configuration. Defaulting to enabled" + + ". Caught " + ex.getClass().getName() + + "; exception message was: " + ex); + } + JAVA_LOG_APPENDER = createLogAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName, logPrefix); Map levelLookup = new HashMap<>(); diff --git a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java index 9387dc99e..9b453960c 100644 --- a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java +++ b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java @@ -23,6 +23,7 @@ import org.owasp.esapi.LogFactory; import org.owasp.esapi.Logger; import org.owasp.esapi.codecs.HTMLEntityCodec; +import org.owasp.esapi.errors.ConfigurationException; import org.owasp.esapi.logging.appender.LogAppender; import org.owasp.esapi.logging.appender.LogPrefixAppender; import org.owasp.esapi.logging.cleaning.CodecLogScrubber; @@ -70,7 +71,16 @@ public class Slf4JLogFactory implements LogFactory { boolean logApplicationName = ESAPI.securityConfiguration().getBooleanProp(LOG_APPLICATION_NAME); String appName = ESAPI.securityConfiguration().getStringProp(APPLICATION_NAME); boolean logServerIp = ESAPI.securityConfiguration().getBooleanProp(LOG_SERVER_IP); - boolean logPrefix = ESAPI.securityConfiguration().getBooleanProp(LOG_PREFIX, true); + + boolean logPrefix = true; + try { + logPrefix = ESAPI.securityConfiguration().getBooleanProp(LOG_PREFIX); + } catch (ConfigurationException ex) { + System.out.println("ESAPI: Failed to read Log Prefix configuration. Defaulting to enabled" + + ". Caught " + ex.getClass().getName() + + "; exception message was: " + ex); + } + SLF4J_LOG_APPENDER = createLogAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName, logPrefix); Map levelLookup = new HashMap<>(); diff --git a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java index 400be5457..eb561349b 100644 --- a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java +++ b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java @@ -1456,32 +1456,6 @@ public Boolean getBooleanProp(String propertyName) throws ConfigurationException } } - /** - * {@inheritDoc} - * Looks for property in three configuration files in following order: - * 1.) In file defined as org.owasp.esapi.opsteam system property - * 2.) In file defined as org.owasp.esapi.devteam system property - * 3.) In ESAPI.properties - */ - @Override - public Boolean getBooleanProp(String propertyName, Boolean defaultValue) { - try { - return esapiPropertyManager.getBooleanProp(propertyName); - } catch (ConfigurationException ex) { - String property = properties.getProperty(propertyName); - if ( property == null ) { - return defaultValue; - } - if ( property.equalsIgnoreCase("true") || property.equalsIgnoreCase("yes") ) { - return true; - } - if ( property.equalsIgnoreCase("false") || property.equalsIgnoreCase("no") ) { - return false; - } - return defaultValue; - } - } - /** * {@inheritDoc} * Looks for property in three configuration files in following order: diff --git a/src/test/java/org/owasp/esapi/SecurityConfigurationWrapper.java b/src/test/java/org/owasp/esapi/SecurityConfigurationWrapper.java index 3d8bf123a..1d5a521b8 100644 --- a/src/test/java/org/owasp/esapi/SecurityConfigurationWrapper.java +++ b/src/test/java/org/owasp/esapi/SecurityConfigurationWrapper.java @@ -558,11 +558,6 @@ public Boolean getBooleanProp(String propertyName) throws ConfigurationException return wrapped.getBooleanProp(propertyName); } - @Override - public Boolean getBooleanProp(String propertyName, Boolean defaultValue) { - return wrapped.getBooleanProp(propertyName, defaultValue); - } - @Override public String getStringProp(String propertyName) throws ConfigurationException { return wrapped.getStringProp(propertyName); diff --git a/src/test/java/org/owasp/esapi/configuration/EsapiPropertyManagerTest.java b/src/test/java/org/owasp/esapi/configuration/EsapiPropertyManagerTest.java index dcf98c40c..507f33ce1 100644 --- a/src/test/java/org/owasp/esapi/configuration/EsapiPropertyManagerTest.java +++ b/src/test/java/org/owasp/esapi/configuration/EsapiPropertyManagerTest.java @@ -288,46 +288,6 @@ public void testBooleanPropFoundInLoader() { assertEquals(expectedPropertyValue, propertyValue); } - - @Test - public void testBooleanPropFoundInLoaderWithDefaultValueTrue() { - // given - System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), xmlFilename1); - String propertyKey = "boolean_property"; - boolean expectedPropertyValue = true; - - // when - try { - testPropertyManager = new EsapiPropertyManager(); - } catch (IOException e) { - fail(e.getMessage()); - } - boolean propertyValue = testPropertyManager.getBooleanProp(propertyKey, true); - - // then - assertEquals(expectedPropertyValue, propertyValue); - } - - @Test - public void testBooleanPropFoundInLoaderWithDefaultValueFalse() { - // given - System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), xmlFilename1); - String propertyKey = "boolean_property"; - boolean expectedPropertyValue = true; - - // when - try { - testPropertyManager = new EsapiPropertyManager(); - } catch (IOException e) { - fail(e.getMessage()); - } - boolean propertyValue = testPropertyManager.getBooleanProp(propertyKey, false); - - // then - assertEquals(expectedPropertyValue, propertyValue); - } - - @Test(expected = ConfigurationException.class) public void testBooleanPropertyNotFoundByLoaderAndThrowException() { // given @@ -344,44 +304,6 @@ public void testBooleanPropertyNotFoundByLoaderAndThrowException() { // then expect exception } - @Test - public void testBooleanPropertyNotFoundByLoaderWithDefaultValueTrue() { - // given - String propertyKey = "non.existing.property"; - boolean expectedPropertyValue = true; - - // when - try { - testPropertyManager = new EsapiPropertyManager(); - } catch (IOException e) { - fail(e.getMessage()); - } - - boolean propertyValue = testPropertyManager.getBooleanProp(propertyKey, true); - - // then - assertEquals(expectedPropertyValue, propertyValue); - } - - @Test - public void testBooleanPropertyNotFoundByLoaderWithDefaultValueFalse() { - // given - String propertyKey = "non.existing.property"; - boolean expectedPropertyValue = false; - - // when - try { - testPropertyManager = new EsapiPropertyManager(); - } catch (IOException e) { - fail(e.getMessage()); - } - - boolean propertyValue = testPropertyManager.getBooleanProp(propertyKey, false); - - // then - assertEquals(expectedPropertyValue, propertyValue); - } - @Test public void testByteArrayPropFoundInLoader() { // given diff --git a/src/test/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoaderTest.java b/src/test/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoaderTest.java index 77fe1643b..080644642 100644 --- a/src/test/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoaderTest.java +++ b/src/test/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoaderTest.java @@ -239,48 +239,6 @@ public void testGetBooleanProp() { assertEquals(expectedValue, value); } - @Test - public void testGetBooleanPropWithDefaultValueTrue() { - // given - String filename = "src" + File.separator + "test" + File.separator + "resources" + File.separator + - "esapi" + File.separator + "ESAPI-test.properties"; - int priority = 1; - String propertyKey = "boolean_property"; - boolean expectedValue = true; - - // when - try { - testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority); - } catch ( IOException e ) { - fail( e.getMessage() ); - } - boolean value = testPropertyLoader.getBooleanProp(propertyKey,true); - - // then - assertEquals(expectedValue, value); - } - - @Test - public void testGetBooleanPropWithDefaultValueFalse() { - // given - String filename = "src" + File.separator + "test" + File.separator + "resources" + File.separator + - "esapi" + File.separator + "ESAPI-test.properties"; - int priority = 1; - String propertyKey = "boolean_property"; - boolean expectedValue = true; - - // when - try { - testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority); - } catch ( IOException e ) { - fail( e.getMessage() ); - } - boolean value = testPropertyLoader.getBooleanProp(propertyKey,false); - - // then - assertEquals(expectedValue, value); - } - @Test public void testGetBooleanYesProperty() { // given @@ -299,42 +257,6 @@ public void testGetBooleanYesProperty() { assertEquals(expectedValue, value); } - @Test - public void testGetBooleanYesPropertyWithDefaultValueTrue() { - // given - String key = "boolean_yes_property"; - boolean expectedValue = true; - - // when - try { - testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority); - } catch ( IOException e ) { - fail( e.getMessage() ); - } - boolean value = testPropertyLoader.getBooleanProp(key,true); - - // then - assertEquals(expectedValue, value); - } - - @Test - public void testGetBooleanYesPropertyWithDefaultValueFalse() { - // given - String key = "boolean_yes_property"; - boolean expectedValue = true; - - // when - try { - testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority); - } catch ( IOException e ) { - fail( e.getMessage() ); - } - boolean value = testPropertyLoader.getBooleanProp(key,false); - - // then - assertEquals(expectedValue, value); - } - @Test public void testGetBooleanNoProperty() { // given @@ -353,42 +275,6 @@ public void testGetBooleanNoProperty() { assertEquals(expectedValue, value); } - @Test - public void testGetBooleanNoPropertyWithDefaultValueTrue() { - // given - String key = "boolean_no_property"; - boolean expectedValue = false; - - // when - try { - testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority); - } catch ( IOException e ) { - fail( e.getMessage() ); - } - boolean value = testPropertyLoader.getBooleanProp(key, true); - - // then - assertEquals(expectedValue, value); - } - - @Test - public void testGetBooleanNoPropertyWithDefaultValueFalse() { - // given - String key = "boolean_no_property"; - boolean expectedValue = false; - - // when - try { - testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority); - } catch ( IOException e ) { - fail( e.getMessage() ); - } - boolean value = testPropertyLoader.getBooleanProp(key, false); - - // then - assertEquals(expectedValue, value); - } - @Test(expected = ConfigurationException.class) public void testBooleanPropertyNotFound() throws ConfigurationException { // given @@ -408,48 +294,6 @@ public void testBooleanPropertyNotFound() throws ConfigurationException { // then expect exception } - @Test - public void testBooleanPropertyNotFoundWithDefaultValueTrue() { - // given - String filename = "src" + File.separator + "test" + File.separator + "resources" + File.separator + - "esapi" + File.separator + "ESAPI-test.properties"; - int priority = 1; - String propertyKey = "non-existing-key"; - boolean expectedValue = true; - - // when - try { - testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority); - } catch ( IOException e ) { - fail( e.getMessage() ); - } - boolean value = testPropertyLoader.getBooleanProp(propertyKey, true); - - // then - assertEquals(expectedValue, value); - } - - @Test - public void testBooleanPropertyNotFoundWithDefaultValueFalse() { - // given - String filename = "src" + File.separator + "test" + File.separator + "resources" + File.separator + - "esapi" + File.separator + "ESAPI-test.properties"; - int priority = 1; - String propertyKey = "non-existing-key"; - boolean expectedValue = false; - - // when - try { - testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority); - } catch ( IOException e ) { - fail( e.getMessage() ); - } - boolean value = testPropertyLoader.getBooleanProp(propertyKey, false); - - // then - assertEquals(expectedValue, value); - } - @Test(expected = ConfigurationException.class) public void testIncorrectBooleanPropertyType() throws ConfigurationException { // given @@ -466,42 +310,6 @@ public void testIncorrectBooleanPropertyType() throws ConfigurationException { // then expect exception } - @Test - public void testIncorrectBooleanPropertyTypeWithDefaultValueTrue() { - // given - String key = "invalid_boolean_property"; - boolean expectedValue = true; - - // when - try { - testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority); - } catch ( IOException e ) { - fail( e.getMessage() ); - } - boolean value = testPropertyLoader.getBooleanProp(key, true); - - // then - assertEquals(expectedValue, value); - } - - @Test - public void testIncorrectBooleanPropertyTypeWithDefaultValueFalse() { - // given - String key = "invalid_boolean_property"; - boolean expectedValue = false; - - // when - try { - testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority); - } catch ( IOException e ) { - fail( e.getMessage() ); - } - boolean value = testPropertyLoader.getBooleanProp(key, false); - - // then - assertEquals(expectedValue, value); - } - @Test public void testGetByteArrayProp() { // given diff --git a/src/test/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoaderTest.java b/src/test/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoaderTest.java index f52be60e9..6aecec533 100644 --- a/src/test/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoaderTest.java +++ b/src/test/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoaderTest.java @@ -254,42 +254,6 @@ public void testGetBooleanProp() { assertEquals(expectedValue, value); } - @Test - public void testGetBooleanPropWithDefaultValueTrue() { - // given - String key = "boolean_property"; - boolean expectedValue = true; - - // when - try { - testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority); - } catch ( IOException e ) { - fail( e.getMessage() ); - } - boolean value = testPropertyLoader.getBooleanProp(key, true); - - // then - assertEquals(expectedValue, value); - } - - @Test - public void testGetBooleanPropWithDefaultValueFalse() { - // given - String key = "boolean_property"; - boolean expectedValue = true; - - // when - try { - testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority); - } catch ( IOException e ) { - fail( e.getMessage() ); - } - boolean value = testPropertyLoader.getBooleanProp(key, false); - - // then - assertEquals(expectedValue, value); - } - @Test public void testGetBooleanYesProperty() { // given @@ -308,42 +272,6 @@ public void testGetBooleanYesProperty() { assertEquals(expectedValue, value); } - @Test - public void testGetBooleanYesPropertyWithDefaultValueTrue() { - // given - String key = "boolean_yes_property"; - boolean expectedValue = true; - - // when - try { - testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority); - } catch ( IOException e ) { - fail( e.getMessage() ); - } - boolean value = testPropertyLoader.getBooleanProp(key, true); - - // then - assertEquals(expectedValue, value); - } - - @Test - public void testGetBooleanYesPropertyWithDefaultValueFalse() { - // given - String key = "boolean_yes_property"; - boolean expectedValue = true; - - // when - try { - testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority); - } catch ( IOException e ) { - fail( e.getMessage() ); - } - boolean value = testPropertyLoader.getBooleanProp(key, false); - - // then - assertEquals(expectedValue, value); - } - @Test public void testGetBooleanNoProperty() { // given @@ -362,42 +290,6 @@ public void testGetBooleanNoProperty() { assertEquals(expectedValue, value); } - @Test - public void testGetBooleanNoPropertyWithDefaultValueTrue() { - // given - String key = "boolean_no_property"; - boolean expectedValue = false; - - // when - try { - testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority); - } catch ( IOException e ) { - fail( e.getMessage() ); - } - boolean value = testPropertyLoader.getBooleanProp(key, true); - - // then - assertEquals(expectedValue, value); - } - - @Test - public void testGetBooleanNoPropertyWithDefaultValueFalse() { - // given - String key = "boolean_no_property"; - boolean expectedValue = false; - - // when - try { - testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority); - } catch ( IOException e ) { - fail( e.getMessage() ); - } - boolean value = testPropertyLoader.getBooleanProp(key, false); - - // then - assertEquals(expectedValue, value); - } - @Test(expected = ConfigurationException.class) public void testBooleanPropertyNotFound() throws ConfigurationException { // given @@ -414,45 +306,6 @@ public void testBooleanPropertyNotFound() throws ConfigurationException { // then expect exception } - @Test - public void testBooleanPropertyNotFoundWithDefaultValueTrue() { - // given - String key = "non-existing-key"; - boolean expectedValue = true; - - // when - try { - testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority); - } catch ( IOException e ) { - fail( e.getMessage() ); - } - boolean value = testPropertyLoader.getBooleanProp(key, true); - - // then - assertEquals(expectedValue, value); - - - // then expect exception - } - - @Test - public void testBooleanPropertyNotFoundWithDefaultValueFalse() { - // given - String key = "non-existing-key"; - boolean expectedValue = false; - - // when - try { - testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority); - } catch ( IOException e ) { - fail( e.getMessage() ); - } - boolean value = testPropertyLoader.getBooleanProp(key, false); - - // then - assertEquals(expectedValue, value); - } - @Test(expected = ConfigurationException.class) public void testIncorrectBooleanPropertyType() throws ConfigurationException { // given @@ -469,42 +322,6 @@ public void testIncorrectBooleanPropertyType() throws ConfigurationException { // then expect exception } - @Test - public void testIncorrectBooleanPropertyTypeWithDefaultValueTrue() { - // given - String key = "invalid_boolean_property"; - boolean expectedValue = true; - - // when - try { - testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority); - } catch ( IOException e ) { - fail( e.getMessage() ); - } - boolean value = testPropertyLoader.getBooleanProp(key, true); - - // then - assertEquals(expectedValue, value); - } - - @Test - public void testIncorrectBooleanPropertyTypeWithDefaultValueFalse() { - // given - String key = "invalid_boolean_property"; - boolean expectedValue = false; - - // when - try { - testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority); - } catch ( IOException e ) { - fail( e.getMessage() ); - } - boolean value = testPropertyLoader.getBooleanProp(key, false); - - // then - assertEquals(expectedValue, value); - } - @Test public void testGetByteArrayProp() { // given From 0e9bb760415b270ad400774223d94a2030bf2d2e Mon Sep 17 00:00:00 2001 From: Mickey Zarev Date: Thu, 5 Sep 2024 09:19:02 +0100 Subject: [PATCH 9/9] Update the logging properties to opt-out of the prefix events ESAPI#844 ninth iteration --- src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java | 2 +- .../java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java b/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java index 918fd45b7..8cca8fb25 100644 --- a/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java +++ b/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java @@ -85,7 +85,7 @@ public class JavaLogFactory implements LogFactory { try { logPrefix = ESAPI.securityConfiguration().getBooleanProp(LOG_PREFIX); } catch (ConfigurationException ex) { - System.out.println("ESAPI: Failed to read Log Prefix configuration. Defaulting to enabled" + + System.out.println("ESAPI: Failed to read Log Prefix configuration " + LOG_PREFIX + ". Defaulting to enabled" + ". Caught " + ex.getClass().getName() + "; exception message was: " + ex); } diff --git a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java index 9b453960c..5e1810a93 100644 --- a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java +++ b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java @@ -76,7 +76,7 @@ public class Slf4JLogFactory implements LogFactory { try { logPrefix = ESAPI.securityConfiguration().getBooleanProp(LOG_PREFIX); } catch (ConfigurationException ex) { - System.out.println("ESAPI: Failed to read Log Prefix configuration. Defaulting to enabled" + + System.out.println("ESAPI: Failed to read Log Prefix configuration " + LOG_PREFIX + ". Defaulting to enabled" + ". Caught " + ex.getClass().getName() + "; exception message was: " + ex); }