diff options
author | Manuel Bentele | 2021-12-13 11:04:15 +0100 |
---|---|---|
committer | Manuel Bentele | 2021-12-15 15:44:57 +0100 |
commit | f7daa85863f784282f6ad37db2ff39cdcdf0483d (patch) | |
tree | af6069433723345d1356f8634690de6ee6fd32c4 /dozentenmodul/src/main/java/org/openslx/dozmod/App.java | |
parent | [CLIENT] Adapt OS loader of QEMU machines for local edit (diff) | |
download | tutor-module-f7daa85863f784282f6ad37db2ff39cdcdf0483d.tar.gz tutor-module-f7daa85863f784282f6ad37db2ff39cdcdf0483d.tar.xz tutor-module-f7daa85863f784282f6ad37db2ff39cdcdf0483d.zip |
[CLIENT] Update log4j because of the CVE-2021-44228 security flaw
Diffstat (limited to 'dozentenmodul/src/main/java/org/openslx/dozmod/App.java')
-rwxr-xr-x | dozentenmodul/src/main/java/org/openslx/dozmod/App.java | 128 |
1 files changed, 50 insertions, 78 deletions
diff --git a/dozentenmodul/src/main/java/org/openslx/dozmod/App.java b/dozentenmodul/src/main/java/org/openslx/dozmod/App.java index b64ad0b8..e246a6df 100755 --- a/dozentenmodul/src/main/java/org/openslx/dozmod/App.java +++ b/dozentenmodul/src/main/java/org/openslx/dozmod/App.java @@ -13,22 +13,24 @@ import java.util.HashSet; import java.util.Locale; import java.util.Set; import java.util.concurrent.CountDownLatch; -import java.util.regex.Matcher; -import java.util.regex.Pattern; +import java.util.zip.Deflater; import javax.net.ssl.SSLContext; import javax.swing.SwingUtilities; import javax.swing.UIDefaults; import javax.swing.UIManager; -import org.apache.log4j.AppenderSkeleton; -import org.apache.log4j.BasicConfigurator; -import org.apache.log4j.FileAppender; -import org.apache.log4j.Level; -import org.apache.log4j.LogManager; -import org.apache.log4j.Logger; -import org.apache.log4j.PatternLayout; -import org.apache.log4j.spi.LoggingEvent; +import org.apache.logging.log4j.Level; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; +import org.apache.logging.log4j.core.LoggerContext; +import org.apache.logging.log4j.core.appender.RollingFileAppender; +import org.apache.logging.log4j.core.appender.rolling.DefaultRolloverStrategy; +import org.apache.logging.log4j.core.appender.rolling.OnStartupTriggeringPolicy; +import org.apache.logging.log4j.core.config.Configuration; +import org.apache.logging.log4j.core.config.Configurator; +import org.apache.logging.log4j.core.config.DefaultConfiguration; +import org.apache.logging.log4j.core.layout.PatternLayout; import org.openslx.dozmod.Config.ProxyMode; import org.openslx.dozmod.gui.Gui; import org.openslx.dozmod.gui.MainWindow; @@ -47,7 +49,7 @@ import com.formdev.flatlaf.FlatLightLaf; public class App { // Logger - private final static Logger LOGGER = Logger.getLogger(App.class); + private final static Logger LOGGER = LogManager.getLogger(App.class); public static final int THRIFT_PORT = 9090; @@ -64,79 +66,49 @@ public class App { private static String setupFileLogger() { // path to the log file - final String logFilePath = Config.getPath() + File.separator + Branding.getConfigDirectory() + ".log"; - - // check if we had an old log file - final File logFile = new File(logFilePath); - if (logFile.exists() && !logFile.isDirectory()) { - // we have one, rename it to 'bwSuite.log.old' - try { - File oldFile = new File(logFilePath + ".old"); - oldFile.delete(); - logFile.renameTo(oldFile); - logFile.delete(); - } catch (Exception e) { - LOGGER.error("Could not move '" + logFilePath + "' to '" + logFilePath + ".old'", e); - } - } - - // add file appender to global logger - FileAppender fa = null; - try { - fa = new FileAppender(new PatternLayout("[%t] %-5p %F - %m%n"), logFilePath); - fa.setEncoding("UTF-8"); - fa.setThreshold(Level.DEBUG); - } catch (IOException e) { - LOGGER.error("Failed to set logfile path to '" + logFilePath + "': ", e); - return null; - } - - final FileAppender ffa = fa; - final Pattern re = Pattern.compile("authorization:(\\w|\\+|/|\\s)+", Pattern.CASE_INSENSITIVE - | Pattern.MULTILINE); - - AppenderSkeleton ap = new AppenderSkeleton() { - - @Override - public boolean requiresLayout() { - return ffa.requiresLayout(); - } - - @Override - public void close() { - ffa.close(); - } - - @Override - protected void append(LoggingEvent event) { - // TODO Set up filtering properly - if ("org.apache.http.wire".equals(event.getLoggerName())) - return; - String s = event.getRenderedMessage(); - if (s.contains("uthorization")) { - Matcher m = re.matcher(s); - if (m.find()) { - s = m.replaceAll("Authorization: ***********"); - } - } - ffa.append(new LoggingEvent(event.getFQNOfLoggerClass(), event.getLogger(), - event.getTimeStamp(), event.getLevel(), s, event.getThreadName(), - event.getThrowableInformation(), event.getNDC(), event.getLocationInformation(), - event.getProperties())); - } - }; + final String logFileName = Config.getPath() + File.separator + Branding.getConfigDirectory() + ".log"; + final LoggerContext loggingContext = LoggerContext.class.cast(LogManager.getContext(false)); + final Configuration loggingConfig = loggingContext.getConfiguration(); + + // add rolling file appender + final RollingFileAppender fileAppender = RollingFileAppender.newBuilder() + .setName("logToFile") + .withFileName(logFileName) + .withFilePattern(logFileName + ".%i") + .withAppend(true) + .withBufferedIo(true) + .setConfiguration(loggingConfig) + .withCreateOnDemand(false) + .setLayout(PatternLayout.newBuilder() + .withConfiguration(loggingConfig) + .withPattern("[%t] %-5p %F - %m%n") + .build()) + .withStrategy(DefaultRolloverStrategy.newBuilder() + .withMin("1") + .withMax("9") + .withFileIndex("1") + .withCompressionLevelStr(Integer.toString(Deflater.NO_COMPRESSION)) + .withConfig(loggingConfig) + .build()) + .withPolicy(OnStartupTriggeringPolicy.createPolicy(1)) + .build(); + + fileAppender.start(); + + // register rolling file appender + loggingConfig.addAppender(fileAppender); + loggingConfig.getRootLogger().addAppender(fileAppender, Level.ALL, null); - // register file logger (appender) - BasicConfigurator.configure(ap); + loggingContext.updateLoggers(loggingConfig); - return logFilePath; + return logFileName; } public static void main(final String[] args) throws InvocationTargetException, InterruptedException { - // setup basic logging appender to log output on console if no external appender (log4j.properties) is configured - if (LogManager.getRootLogger().getAllAppenders() == null) { - BasicConfigurator.configure(); + // setup basic logging appender to log output on console if no external appender (log4j2.properties) is configured + if (org.apache.logging.log4j.core.Logger.class.cast(LogManager.getRootLogger()).getAppenders().isEmpty()) { + Configurator.initialize(new DefaultConfiguration()); } if (args.length >= 2) { |