[CLIENT] Update log4j because of the CVE-2021-44228 security flaw

1 files changed, 50 insertions, 78 deletions

diff --git a/dozentenmodul/src/main/java/org/openslx/dozmod/App.java b/dozentenmodul/src/main/java/org/openslx/dozmod/App.java
index b64ad0b8..e246a6df 100755
--- a/dozentenmodul/src/main/java/org/openslx/dozmod/App.java
+++ b/dozentenmodul/src/main/java/org/openslx/dozmod/App.java
@@ -13,22 +13,24 @@ import java.util.HashSet;
 import java.util.Locale;
 import java.util.Set;
 import java.util.concurrent.CountDownLatch;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
+import java.util.zip.Deflater;
 
 import javax.net.ssl.SSLContext;
 import javax.swing.SwingUtilities;
 import javax.swing.UIDefaults;
 import javax.swing.UIManager;
 
-import org.apache.log4j.AppenderSkeleton;
-import org.apache.log4j.BasicConfigurator;
-import org.apache.log4j.FileAppender;
-import org.apache.log4j.Level;
-import org.apache.log4j.LogManager;
-import org.apache.log4j.Logger;
-import org.apache.log4j.PatternLayout;
-import org.apache.log4j.spi.LoggingEvent;
+import org.apache.logging.log4j.Level;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+import org.apache.logging.log4j.core.LoggerContext;
+import org.apache.logging.log4j.core.appender.RollingFileAppender;
+import org.apache.logging.log4j.core.appender.rolling.DefaultRolloverStrategy;
+import org.apache.logging.log4j.core.appender.rolling.OnStartupTriggeringPolicy;
+import org.apache.logging.log4j.core.config.Configuration;
+import org.apache.logging.log4j.core.config.Configurator;
+import org.apache.logging.log4j.core.config.DefaultConfiguration;
+import org.apache.logging.log4j.core.layout.PatternLayout;
 import org.openslx.dozmod.Config.ProxyMode;
 import org.openslx.dozmod.gui.Gui;
 import org.openslx.dozmod.gui.MainWindow;
@@ -47,7 +49,7 @@ import com.formdev.flatlaf.FlatLightLaf;
 public class App {
 
 	// Logger
-	private final static Logger LOGGER = Logger.getLogger(App.class);
+	private final static Logger LOGGER = LogManager.getLogger(App.class);
 
 	public static final int THRIFT_PORT = 9090;
 
@@ -64,79 +66,49 @@ public class App {
 	private static String setupFileLogger() {
 
 		// path to the log file
-		final String logFilePath = Config.getPath() + File.separator + Branding.getConfigDirectory() + ".log";
-
-		// check if we had an old log file
-		final File logFile = new File(logFilePath);
-		if (logFile.exists() && !logFile.isDirectory()) {
-			// we have one, rename it to 'bwSuite.log.old'
-			try {
-				File oldFile = new File(logFilePath + ".old");
-				oldFile.delete();
-				logFile.renameTo(oldFile);
-				logFile.delete();
-			} catch (Exception e) {
-				LOGGER.error("Could not move '" + logFilePath + "' to '" + logFilePath + ".old'", e);
-			}
-		}
-
-		// add file appender to global logger
-		FileAppender fa = null;
-		try {
-			fa = new FileAppender(new PatternLayout("[%t] %-5p %F - %m%n"), logFilePath);
-			fa.setEncoding("UTF-8");
-			fa.setThreshold(Level.DEBUG);
-		} catch (IOException e) {
-			LOGGER.error("Failed to set logfile path to '" + logFilePath + "': ", e);
-			return null;
-		}
-
-		final FileAppender ffa = fa;
-		final Pattern re = Pattern.compile("authorization:(\\w|\\+|/|\\s)+", Pattern.CASE_INSENSITIVE
-				| Pattern.MULTILINE);
-
-		AppenderSkeleton ap = new AppenderSkeleton() {
-
-			@Override
-			public boolean requiresLayout() {
-				return ffa.requiresLayout();
-			}
-
-			@Override
-			public void close() {
-				ffa.close();
-			}
-
-			@Override
-			protected void append(LoggingEvent event) {
-				// TODO Set up filtering properly
-				if ("org.apache.http.wire".equals(event.getLoggerName()))
-					return;
-				String s = event.getRenderedMessage();
-				if (s.contains("uthorization")) {
-					Matcher m = re.matcher(s);
-					if (m.find()) {
-						s = m.replaceAll("Authorization: ***********");
-					}
-				}
-				ffa.append(new LoggingEvent(event.getFQNOfLoggerClass(), event.getLogger(),
-						event.getTimeStamp(), event.getLevel(), s, event.getThreadName(),
-						event.getThrowableInformation(), event.getNDC(), event.getLocationInformation(),
-						event.getProperties()));
-			}
-		};
+		final String logFileName = Config.getPath() + File.separator + Branding.getConfigDirectory() + ".log";
+		final LoggerContext loggingContext = LoggerContext.class.cast(LogManager.getContext(false));
+		final Configuration loggingConfig = loggingContext.getConfiguration();
+		
+		// add rolling file appender
+		final RollingFileAppender fileAppender = RollingFileAppender.newBuilder()
+				.setName("logToFile")
+				.withFileName(logFileName)
+				.withFilePattern(logFileName + ".%i")
+				.withAppend(true)
+				.withBufferedIo(true)
+				.setConfiguration(loggingConfig)
+				.withCreateOnDemand(false)
+				.setLayout(PatternLayout.newBuilder()
+						.withConfiguration(loggingConfig)
+						.withPattern("[%t] %-5p %F - %m%n")
+						.build())
+				.withStrategy(DefaultRolloverStrategy.newBuilder()
+						.withMin("1")
+						.withMax("9")
+						.withFileIndex("1")
+						.withCompressionLevelStr(Integer.toString(Deflater.NO_COMPRESSION))
+						.withConfig(loggingConfig)
+						.build())
+				.withPolicy(OnStartupTriggeringPolicy.createPolicy(1))
+				.build();
+		
+		fileAppender.start();
+		
+		// register rolling file appender
+		loggingConfig.addAppender(fileAppender);
+		loggingConfig.getRootLogger().addAppender(fileAppender, Level.ALL, null);
 
-		// register file logger (appender)
-		BasicConfigurator.configure(ap);
+		loggingContext.updateLoggers(loggingConfig);
 
-		return logFilePath;
+		return logFileName;
 	}
 	
 	public static void main(final String[] args) throws InvocationTargetException, InterruptedException
 	{
-		// setup basic logging appender to log output on console if no external appender (log4j.properties) is configured
-		if (LogManager.getRootLogger().getAllAppenders() == null) {
-			BasicConfigurator.configure();
+		// setup basic logging appender to log output on console if no external appender (log4j2.properties) is configured
+		if (org.apache.logging.log4j.core.Logger.class.cast(LogManager.getRootLogger()).getAppenders().isEmpty()) {
+			Configurator.initialize(new DefaultConfiguration());
 		}
 		
 		if (args.length >= 2) {