From eeda7ff15aff5ea601e71256f6f37ae10e0deed9 Mon Sep 17 00:00:00 2001 From: Rodolfo Ferreira Date: Tue, 21 Nov 2023 10:33:02 -0300 Subject: [PATCH 1/4] Added property to omit event type information in logs --- configuration/esapi/ESAPI.properties | 2 + src/main/java/org/owasp/esapi/PropNames.java | 1 + .../logging/appender/LogPrefixAppender.java | 10 +++- .../esapi/logging/java/JavaLogFactory.java | 9 ++-- .../esapi/logging/slf4j/Slf4JLogFactory.java | 10 ++-- .../appender/LogPrefixAppenderTest.java | 49 +++++++++++++------ .../logging/java/JavaLogFactoryTest.java | 8 +-- .../logging/slf4j/Slf4JLogFactoryTest.java | 8 +-- src/test/resources/esapi/ESAPI.properties | 2 + 9 files changed, 71 insertions(+), 28 deletions(-) diff --git a/configuration/esapi/ESAPI.properties b/configuration/esapi/ESAPI.properties index 030f61588..977c071f1 100644 --- a/configuration/esapi/ESAPI.properties +++ b/configuration/esapi/ESAPI.properties @@ -400,6 +400,8 @@ Logger.LogServerIP=true Logger.UserInfo=true # Determines whether ESAPI should log the session id and client IP. Logger.ClientInfo=true +# Determines whether ESAPI should log the event type or not +Logger.OmitEventTypeInLogs=false #=========================================================================== # ESAPI Intrusion Detection diff --git a/src/main/java/org/owasp/esapi/PropNames.java b/src/main/java/org/owasp/esapi/PropNames.java index 2f3f8ee49..fd91db397 100644 --- a/src/main/java/org/owasp/esapi/PropNames.java +++ b/src/main/java/org/owasp/esapi/PropNames.java @@ -111,6 +111,7 @@ public final class PropNames { public static final String LOG_ENCODING_REQUIRED = "Logger.LogEncodingRequired"; public static final String LOG_APPLICATION_NAME = "Logger.LogApplicationName"; public static final String LOG_SERVER_IP = "Logger.LogServerIP"; + public static final String OMIT_EVENT_TYPE_IN_LOGS = "Logger.OmitEventTypeInLogs"; public static final String VALIDATION_PROPERTIES = "Validator.ConfigurationFile"; public static final String VALIDATION_PROPERTIES_MULTIVALUED = "Validator.ConfigurationFile.MultiValued"; diff --git a/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java b/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java index 20f692ebf..a4f5cd051 100644 --- a/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java +++ b/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java @@ -35,6 +35,8 @@ public class LogPrefixAppender implements LogAppender { private final boolean logApplicationName; /** Application Name to record. */ private final String appName; + /** Whether to omit event type in logs or not. */ + private final boolean omitEventTypeInLogs; /** * Ctr. @@ -44,17 +46,23 @@ public class LogPrefixAppender implements LogAppender { * @param logServerIp Whether or not to record server ip information * @param logApplicationName Whether or not to record application name * @param appName Application Name to record. + * @param omitEventTypeInLogs Application Name to record. */ - public LogPrefixAppender(boolean logUserInfo, boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName) { + public LogPrefixAppender(boolean logUserInfo, boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName, boolean omitEventTypeInLogs) { this.logUserInfo = logUserInfo; this.logClientInfo = logClientInfo; this.logServerIp = logServerIp; this.logApplicationName = logApplicationName; this.appName = appName; + this.omitEventTypeInLogs = omitEventTypeInLogs; } @Override public String appendTo(String logName, EventType eventType, String message) { + if (omitEventTypeInLogs) { + return message; + } + EventTypeLogSupplier eventTypeSupplier = new EventTypeLogSupplier(eventType); UserInfoSupplier userInfoSupplier = new UserInfoSupplier(); diff --git a/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java b/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java index 47502e16c..f260de5b6 100644 --- a/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java +++ b/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java @@ -41,6 +41,7 @@ import static org.owasp.esapi.PropNames.LOG_APPLICATION_NAME; import static org.owasp.esapi.PropNames.APPLICATION_NAME; import static org.owasp.esapi.PropNames.LOG_SERVER_IP; +import static org.owasp.esapi.PropNames.OMIT_EVENT_TYPE_IN_LOGS; /** * LogFactory implementation which creates JAVA supporting Loggers. @@ -79,7 +80,8 @@ public class JavaLogFactory implements LogFactory { boolean logApplicationName = ESAPI.securityConfiguration().getBooleanProp(LOG_APPLICATION_NAME); String appName = ESAPI.securityConfiguration().getStringProp(APPLICATION_NAME); boolean logServerIp = ESAPI.securityConfiguration().getBooleanProp(LOG_SERVER_IP); - JAVA_LOG_APPENDER = createLogAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName); + boolean omitEventTypeInLogs = ESAPI.securityConfiguration().getBooleanProp(OMIT_EVENT_TYPE_IN_LOGS); + JAVA_LOG_APPENDER = createLogAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName, omitEventTypeInLogs); Map levelLookup = new HashMap<>(); levelLookup.put(Logger.ALL, JavaLogLevelHandlers.ALWAYS); @@ -156,11 +158,12 @@ public class JavaLogFactory implements LogFactory { * @param logApplicationName * @param logServerIp * @param logClientInfo + * @param omitEventTypeInLogs * * @return LogAppender instance. */ - /*package*/ static LogAppender createLogAppender(boolean logUserInfo, boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName) { - return new LogPrefixAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName); + /*package*/ static LogAppender createLogAppender(boolean logUserInfo, boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName, boolean omitEventTypeInLogs) { + return new LogPrefixAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName, omitEventTypeInLogs); } diff --git a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java index af113b80c..0bbd5d492 100644 --- a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java +++ b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java @@ -36,6 +36,8 @@ import static org.owasp.esapi.PropNames.LOG_APPLICATION_NAME; import static org.owasp.esapi.PropNames.APPLICATION_NAME; import static org.owasp.esapi.PropNames.LOG_SERVER_IP; +import static org.owasp.esapi.PropNames.OMIT_EVENT_TYPE_IN_LOGS; + import org.slf4j.LoggerFactory; /** * LogFactory implementation which creates SLF4J supporting Loggers. @@ -69,7 +71,8 @@ public class Slf4JLogFactory implements LogFactory { boolean logApplicationName = ESAPI.securityConfiguration().getBooleanProp(LOG_APPLICATION_NAME); String appName = ESAPI.securityConfiguration().getStringProp(APPLICATION_NAME); boolean logServerIp = ESAPI.securityConfiguration().getBooleanProp(LOG_SERVER_IP); - SLF4J_LOG_APPENDER = createLogAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName); + boolean omitEventTypeInLogs = ESAPI.securityConfiguration().getBooleanProp(OMIT_EVENT_TYPE_IN_LOGS); + SLF4J_LOG_APPENDER = createLogAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName, omitEventTypeInLogs); Map levelLookup = new HashMap<>(); levelLookup.put(Logger.ALL, Slf4JLogLevelHandlers.TRACE); @@ -107,11 +110,12 @@ public class Slf4JLogFactory implements LogFactory { * @param logApplicationName * @param logServerIp * @param logClientInfo + * @param omitEventTypeInLogs * * @return LogAppender instance. */ - /*package*/ static LogAppender createLogAppender(boolean logUserInfo, boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName) { - return new LogPrefixAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName); + /*package*/ static LogAppender createLogAppender(boolean logUserInfo, boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName, boolean omitEventTypeInLogs) { + return new LogPrefixAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName, omitEventTypeInLogs); } diff --git a/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderTest.java b/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderTest.java index bc733ec2e..7653c81bf 100644 --- a/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderTest.java +++ b/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderTest.java @@ -26,6 +26,7 @@ public class LogPrefixAppenderTest { private static final String CIS_RESULT = "CLIENT_INFO"; private static final String UIS_RESULT = "USER_INFO"; private static final String SIS_RESULT = "SERVER_INFO"; + private static final boolean NOT_OMIT_EVENT_TYPE = false; @Rule public TestName testName = new TestName(); @@ -63,7 +64,7 @@ public void testCtrArgTruePassthroughToDelegates() throws Exception { whenNew(ClientInfoSupplier.class).withNoArguments().thenReturn(cisSpy); whenNew(ServerInfoSupplier.class).withArguments(testLoggerName).thenReturn(sisSpy); - LogPrefixAppender lpa = new LogPrefixAppender(true, true,true,true, testApplicationName); + LogPrefixAppender lpa = new LogPrefixAppender(true, true,true,true, testApplicationName, false); lpa.appendTo(testLoggerName, testEventType, testLogMessage); verify(uisSpy, times(1)).setLogUserInfo(true); @@ -84,7 +85,7 @@ public void testCtrArgFalsePassthroughToDelegates() throws Exception { whenNew(ClientInfoSupplier.class).withNoArguments().thenReturn(cisSpy); whenNew(ServerInfoSupplier.class).withArguments(testLoggerName).thenReturn(sisSpy); - LogPrefixAppender lpa = new LogPrefixAppender(false, false, false, false, null); + LogPrefixAppender lpa = new LogPrefixAppender(false, false, false, false, null, false); lpa.appendTo(testLoggerName, testEventType, testLogMessage); verify(uisSpy, times(1)).setLogUserInfo(false); @@ -102,51 +103,61 @@ public void testDelegateCtrArgs() throws Exception { whenNew(ClientInfoSupplier.class).withNoArguments().thenReturn(cisSpy); whenNew(ServerInfoSupplier.class).withArguments(logNameCapture.capture()).thenReturn(sisSpy); - LogPrefixAppender lpa = new LogPrefixAppender(true, true,true,true, testApplicationName); + LogPrefixAppender lpa = new LogPrefixAppender(true, true,true,true, testApplicationName, false); lpa.appendTo(testLoggerName, testEventType, testLogMessage); assertEquals(testEventType, eventTypeCapture.getValue()); assertEquals(testLoggerName, logNameCapture.getValue()); } + @Test + public void testOmitEventTypeInLogs() throws Exception { + runTest(ETL_RESULT, EMPTY_RESULT, EMPTY_RESULT, EMPTY_RESULT, true, ""); + } + + @Test + public void testNotOmitEventTypeInLogs() throws Exception { + runTest(ETL_RESULT, EMPTY_RESULT, EMPTY_RESULT, EMPTY_RESULT, NOT_OMIT_EVENT_TYPE, "[EVENT_TYPE]"); + } + @Test public void testLogContentWhenClientInfoEmpty() throws Exception { - runTest(ETL_RESULT, UIS_RESULT, EMPTY_RESULT,SIS_RESULT, "[EVENT_TYPE USER_INFO -> SERVER_INFO]"); + runTest(ETL_RESULT, UIS_RESULT, EMPTY_RESULT,SIS_RESULT, NOT_OMIT_EVENT_TYPE, "[EVENT_TYPE USER_INFO -> SERVER_INFO]"); } @Test public void testLogContentWhenUserInfoEmpty() throws Exception { - runTest(ETL_RESULT, EMPTY_RESULT, CIS_RESULT,SIS_RESULT, "[EVENT_TYPE CLIENT_INFO -> SERVER_INFO]"); + runTest(ETL_RESULT, EMPTY_RESULT, CIS_RESULT,SIS_RESULT, NOT_OMIT_EVENT_TYPE, "[EVENT_TYPE CLIENT_INFO -> SERVER_INFO]"); } @Test public void testLogContentWhenClientInfoEmptyAndServerInfoEmpty() throws Exception { - runTest(ETL_RESULT, UIS_RESULT, EMPTY_RESULT,EMPTY_RESULT, "[EVENT_TYPE USER_INFO]"); + runTest(ETL_RESULT, UIS_RESULT, EMPTY_RESULT,EMPTY_RESULT, NOT_OMIT_EVENT_TYPE, "[EVENT_TYPE USER_INFO]"); } @Test public void testLogContentWhenUserInfoEmptyAndServerInfoEmpty() throws Exception { - runTest(ETL_RESULT, EMPTY_RESULT, CIS_RESULT,EMPTY_RESULT, "[EVENT_TYPE CLIENT_INFO]"); + runTest(ETL_RESULT, EMPTY_RESULT, CIS_RESULT,EMPTY_RESULT, NOT_OMIT_EVENT_TYPE, "[EVENT_TYPE CLIENT_INFO]"); } @Test public void testLogContentWhenUserInfoAndClientInfoEmpty() throws Exception { - runTest(ETL_RESULT, EMPTY_RESULT, EMPTY_RESULT, SIS_RESULT, "[EVENT_TYPE -> SERVER_INFO]"); + runTest(ETL_RESULT, EMPTY_RESULT, EMPTY_RESULT, SIS_RESULT, NOT_OMIT_EVENT_TYPE, "[EVENT_TYPE -> SERVER_INFO]"); } @Test public void testLogContentWhenServerInfoEmpty() throws Exception { - runTest(ETL_RESULT, UIS_RESULT, CIS_RESULT, EMPTY_RESULT, "[EVENT_TYPE USER_INFO:CLIENT_INFO]"); + runTest(ETL_RESULT, UIS_RESULT, CIS_RESULT, EMPTY_RESULT, NOT_OMIT_EVENT_TYPE, "[EVENT_TYPE USER_INFO:CLIENT_INFO]"); } @Test public void testLogContentWhenUserInfoEmptyAndClientInfoEmptyAndServerInfoEmpty() throws Exception { - runTest(ETL_RESULT, EMPTY_RESULT, EMPTY_RESULT, EMPTY_RESULT, "[EVENT_TYPE]"); + runTest(ETL_RESULT, EMPTY_RESULT, EMPTY_RESULT, EMPTY_RESULT, NOT_OMIT_EVENT_TYPE, "[EVENT_TYPE]"); } - private void runTest(String typeResult, String userResult, String clientResult, String serverResult, String exResult) throws Exception{ + private void runTest(String typeResult, String userResult, String clientResult, String serverResult, boolean omitEventTypeInLogs, String exResult) throws Exception{ when(etlsSpy.get()).thenReturn(typeResult); when(uisSpy.get()).thenReturn(userResult); when(cisSpy.get()).thenReturn(clientResult); @@ -158,9 +169,17 @@ private void runTest(String typeResult, String userResult, String clientResult, whenNew(ServerInfoSupplier.class).withArguments(testLoggerName).thenReturn(sisSpy); //Since everything is mocked these booleans don't much matter aside from the later verifies - LogPrefixAppender lpa = new LogPrefixAppender(false, false, false, false, null); - String result = lpa.appendTo(testLoggerName, testEventType, testLogMessage); - - assertEquals(exResult + " " + testName.getMethodName() + "-MESSAGE", result); + LogPrefixAppender lpa = new LogPrefixAppender(false, false, false, false, null, omitEventTypeInLogs); + String actualResult = lpa.appendTo(testLoggerName, testEventType, testLogMessage); + + StringBuilder expectedResult = new StringBuilder(); + if (!exResult.isEmpty()) { + expectedResult.append(exResult); + expectedResult.append(" "); + } + expectedResult.append(testName.getMethodName()); + expectedResult.append("-MESSAGE"); + + assertEquals(expectedResult.toString() , actualResult); } } diff --git a/src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java b/src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java index 523660304..b0a035b92 100644 --- a/src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java +++ b/src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java @@ -171,16 +171,17 @@ public void checkScrubberWithoutEncoding() throws Exception { */ @Test public void checkPassthroughAppenderConstruct() throws Exception { - LogPrefixAppender stubAppender = new LogPrefixAppender(true, true, true, true, ""); + LogPrefixAppender stubAppender = new LogPrefixAppender(true, true, true, true, "", false); ArgumentCaptor userInfoCapture = ArgumentCaptor.forClass(Boolean.class); ArgumentCaptor clientInfoCapture = ArgumentCaptor.forClass(Boolean.class); ArgumentCaptor serverInfoCapture = ArgumentCaptor.forClass(Boolean.class); ArgumentCaptor logAppNameCapture = ArgumentCaptor.forClass(Boolean.class); ArgumentCaptor appNameCapture = ArgumentCaptor.forClass(String.class); + ArgumentCaptor omitEventTypeInLogsCapture = ArgumentCaptor.forClass(Boolean.class); - PowerMockito.whenNew(LogPrefixAppender.class).withArguments(userInfoCapture.capture(), clientInfoCapture.capture(), serverInfoCapture.capture(), logAppNameCapture.capture(), appNameCapture.capture()).thenReturn(stubAppender); + PowerMockito.whenNew(LogPrefixAppender.class).withArguments(userInfoCapture.capture(), clientInfoCapture.capture(), serverInfoCapture.capture(), logAppNameCapture.capture(), appNameCapture.capture(), omitEventTypeInLogsCapture.capture()).thenReturn(stubAppender); - LogAppender appender = JavaLogFactory.createLogAppender(true, true, false, true, testName.getMethodName()); + LogAppender appender = JavaLogFactory.createLogAppender(true, true, false, true, testName.getMethodName(), false); Assert.assertEquals(stubAppender, appender); Assert.assertTrue(userInfoCapture.getValue()); @@ -188,6 +189,7 @@ public void checkPassthroughAppenderConstruct() throws Exception { Assert.assertFalse(serverInfoCapture.getValue()); Assert.assertTrue(logAppNameCapture.getValue()); Assert.assertEquals(testName.getMethodName(), appNameCapture.getValue()); + Assert.assertEquals(omitEventTypeInLogsCapture.getValue(), false); } diff --git a/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactoryTest.java b/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactoryTest.java index 12a16af4c..c833710a1 100644 --- a/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactoryTest.java +++ b/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactoryTest.java @@ -85,16 +85,17 @@ public void checkScrubberWithoutEncoding() throws Exception { */ @Test public void checkPassthroughAppenderConstruct() throws Exception { - LogPrefixAppender stubAppender = new LogPrefixAppender(true, true, true, true, ""); + LogPrefixAppender stubAppender = new LogPrefixAppender(true, true, true, true, "", false); ArgumentCaptor userInfoCapture = ArgumentCaptor.forClass(Boolean.class); ArgumentCaptor clientInfoCapture = ArgumentCaptor.forClass(Boolean.class); ArgumentCaptor serverInfoCapture = ArgumentCaptor.forClass(Boolean.class); ArgumentCaptor logAppNameCapture = ArgumentCaptor.forClass(Boolean.class); ArgumentCaptor appNameCapture = ArgumentCaptor.forClass(String.class); + ArgumentCaptor omitEventTypeInLogsCapture = ArgumentCaptor.forClass(Boolean.class); - PowerMockito.whenNew(LogPrefixAppender.class).withArguments(userInfoCapture.capture(), clientInfoCapture.capture(), serverInfoCapture.capture(), logAppNameCapture.capture(), appNameCapture.capture()).thenReturn(stubAppender); + PowerMockito.whenNew(LogPrefixAppender.class).withArguments(userInfoCapture.capture(), clientInfoCapture.capture(), serverInfoCapture.capture(), logAppNameCapture.capture(), appNameCapture.capture(), omitEventTypeInLogsCapture.capture()).thenReturn(stubAppender); - LogAppender appender = Slf4JLogFactory.createLogAppender(true, true, false, true, testName.getMethodName()); + LogAppender appender = Slf4JLogFactory.createLogAppender(true, true, false, true, testName.getMethodName(), false); Assert.assertEquals(stubAppender, appender); Assert.assertTrue(userInfoCapture.getValue()); @@ -102,6 +103,7 @@ public void checkPassthroughAppenderConstruct() throws Exception { Assert.assertFalse(serverInfoCapture.getValue()); Assert.assertTrue(logAppNameCapture.getValue()); Assert.assertEquals(testName.getMethodName(), appNameCapture.getValue()); + Assert.assertEquals(omitEventTypeInLogsCapture.getValue(), false); } diff --git a/src/test/resources/esapi/ESAPI.properties b/src/test/resources/esapi/ESAPI.properties index 9ab844622..cf38c7633 100644 --- a/src/test/resources/esapi/ESAPI.properties +++ b/src/test/resources/esapi/ESAPI.properties @@ -431,6 +431,8 @@ Logger.LogServerIP=true Logger.UserInfo=true # Determines whether ESAPI should log the session id and client IP. Logger.ClientInfo=true +# Determines whether ESAPI should log the event type or not +Logger.OmitEventTypeInLogs=false #=========================================================================== # ESAPI Intrusion Detection From fe4841c1f51a3c75b9650cc65408fd6842abf1e9 Mon Sep 17 00:00:00 2001 From: Rodolfo Ferreira Date: Wed, 22 Nov 2023 10:07:55 -0300 Subject: [PATCH 2/4] Applied some review changes, moved the property reading to LogPrefixAppender, updated the prefix building and improved the tests --- .../logging/appender/LogPrefixAppender.java | 35 ++++++++---- .../esapi/logging/java/JavaLogFactory.java | 9 +-- .../esapi/logging/slf4j/Slf4JLogFactory.java | 10 +--- .../appender/LogPrefixAppenderTest.java | 56 ++++++++++++++----- .../logging/java/JavaLogFactoryTest.java | 8 +-- .../logging/slf4j/Slf4JLogFactoryTest.java | 8 +-- src/test/resources/esapi/ESAPI.properties | 2 - 7 files changed, 77 insertions(+), 51 deletions(-) diff --git a/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java b/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java index a4f5cd051..1e5ad249b 100644 --- a/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java +++ b/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java @@ -15,7 +15,11 @@ package org.owasp.esapi.logging.appender; +import org.owasp.esapi.ESAPI; import org.owasp.esapi.Logger.EventType; +import org.owasp.esapi.errors.ConfigurationException; + +import static org.owasp.esapi.PropNames.OMIT_EVENT_TYPE_IN_LOGS; /** * LogAppender Implementation which can prefix the common logger information for @@ -36,7 +40,17 @@ public class LogPrefixAppender implements LogAppender { /** Application Name to record. */ private final String appName; /** Whether to omit event type in logs or not. */ - private final boolean omitEventTypeInLogs; + private static boolean omitEventTypeInLogs; + + static { + + try { + omitEventTypeInLogs = + ESAPI.securityConfiguration().getBooleanProp(OMIT_EVENT_TYPE_IN_LOGS); + } catch (ConfigurationException ex) { + omitEventTypeInLogs = false; + } + } /** * Ctr. @@ -46,23 +60,17 @@ public class LogPrefixAppender implements LogAppender { * @param logServerIp Whether or not to record server ip information * @param logApplicationName Whether or not to record application name * @param appName Application Name to record. - * @param omitEventTypeInLogs Application Name to record. */ - public LogPrefixAppender(boolean logUserInfo, boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName, boolean omitEventTypeInLogs) { + public LogPrefixAppender(boolean logUserInfo, boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName) { this.logUserInfo = logUserInfo; this.logClientInfo = logClientInfo; this.logServerIp = logServerIp; this.logApplicationName = logApplicationName; this.appName = appName; - this.omitEventTypeInLogs = omitEventTypeInLogs; } @Override public String appendTo(String logName, EventType eventType, String message) { - if (omitEventTypeInLogs) { - return message; - } - EventTypeLogSupplier eventTypeSupplier = new EventTypeLogSupplier(eventType); UserInfoSupplier userInfoSupplier = new UserInfoSupplier(); @@ -75,7 +83,7 @@ public String appendTo(String logName, EventType eventType, String message) { serverInfoSupplier.setLogServerIp(logServerIp); serverInfoSupplier.setLogApplicationName(logApplicationName, appName); - String eventTypeMsg = eventTypeSupplier.get().trim(); + String eventTypeMsg = omitEventTypeInLogs ? "" : eventTypeSupplier.get().trim(); String userInfoMsg = userInfoSupplier.get().trim(); String clientInfoMsg = clientInfoSupplier.get().trim(); String serverInfoMsg = serverInfoSupplier.get().trim(); @@ -89,7 +97,7 @@ public String appendTo(String logName, EventType eventType, String message) { String[] optionalPrefixContent = new String[] {userInfoMsg + clientInfoMsg, serverInfoMsg}; StringBuilder logPrefix = new StringBuilder(); - //EventType is always appended + logPrefix.append(eventTypeMsg); for (String element : optionalPrefixContent) { @@ -99,6 +107,11 @@ public String appendTo(String logName, EventType eventType, String message) { } } - return String.format(RESULT_FORMAT, logPrefix.toString(), message); + if (logPrefix.toString().trim().isEmpty()) { + // if there isn't any log prefix we just send back the message without touching it + return message; + } + + return String.format(RESULT_FORMAT, logPrefix.toString().trim(), message); } } diff --git a/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java b/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java index f260de5b6..47502e16c 100644 --- a/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java +++ b/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java @@ -41,7 +41,6 @@ import static org.owasp.esapi.PropNames.LOG_APPLICATION_NAME; import static org.owasp.esapi.PropNames.APPLICATION_NAME; import static org.owasp.esapi.PropNames.LOG_SERVER_IP; -import static org.owasp.esapi.PropNames.OMIT_EVENT_TYPE_IN_LOGS; /** * LogFactory implementation which creates JAVA supporting Loggers. @@ -80,8 +79,7 @@ public class JavaLogFactory implements LogFactory { boolean logApplicationName = ESAPI.securityConfiguration().getBooleanProp(LOG_APPLICATION_NAME); String appName = ESAPI.securityConfiguration().getStringProp(APPLICATION_NAME); boolean logServerIp = ESAPI.securityConfiguration().getBooleanProp(LOG_SERVER_IP); - boolean omitEventTypeInLogs = ESAPI.securityConfiguration().getBooleanProp(OMIT_EVENT_TYPE_IN_LOGS); - JAVA_LOG_APPENDER = createLogAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName, omitEventTypeInLogs); + JAVA_LOG_APPENDER = createLogAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName); Map levelLookup = new HashMap<>(); levelLookup.put(Logger.ALL, JavaLogLevelHandlers.ALWAYS); @@ -158,12 +156,11 @@ public class JavaLogFactory implements LogFactory { * @param logApplicationName * @param logServerIp * @param logClientInfo - * @param omitEventTypeInLogs * * @return LogAppender instance. */ - /*package*/ static LogAppender createLogAppender(boolean logUserInfo, boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName, boolean omitEventTypeInLogs) { - return new LogPrefixAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName, omitEventTypeInLogs); + /*package*/ static LogAppender createLogAppender(boolean logUserInfo, boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName) { + return new LogPrefixAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName); } diff --git a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java index 0bbd5d492..af113b80c 100644 --- a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java +++ b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java @@ -36,8 +36,6 @@ import static org.owasp.esapi.PropNames.LOG_APPLICATION_NAME; import static org.owasp.esapi.PropNames.APPLICATION_NAME; import static org.owasp.esapi.PropNames.LOG_SERVER_IP; -import static org.owasp.esapi.PropNames.OMIT_EVENT_TYPE_IN_LOGS; - import org.slf4j.LoggerFactory; /** * LogFactory implementation which creates SLF4J supporting Loggers. @@ -71,8 +69,7 @@ public class Slf4JLogFactory implements LogFactory { boolean logApplicationName = ESAPI.securityConfiguration().getBooleanProp(LOG_APPLICATION_NAME); String appName = ESAPI.securityConfiguration().getStringProp(APPLICATION_NAME); boolean logServerIp = ESAPI.securityConfiguration().getBooleanProp(LOG_SERVER_IP); - boolean omitEventTypeInLogs = ESAPI.securityConfiguration().getBooleanProp(OMIT_EVENT_TYPE_IN_LOGS); - SLF4J_LOG_APPENDER = createLogAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName, omitEventTypeInLogs); + SLF4J_LOG_APPENDER = createLogAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName); Map levelLookup = new HashMap<>(); levelLookup.put(Logger.ALL, Slf4JLogLevelHandlers.TRACE); @@ -110,12 +107,11 @@ public class Slf4JLogFactory implements LogFactory { * @param logApplicationName * @param logServerIp * @param logClientInfo - * @param omitEventTypeInLogs * * @return LogAppender instance. */ - /*package*/ static LogAppender createLogAppender(boolean logUserInfo, boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName, boolean omitEventTypeInLogs) { - return new LogPrefixAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName, omitEventTypeInLogs); + /*package*/ static LogAppender createLogAppender(boolean logUserInfo, boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName) { + return new LogPrefixAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName); } diff --git a/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderTest.java b/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderTest.java index 7653c81bf..8c4bfdb29 100644 --- a/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderTest.java +++ b/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderTest.java @@ -18,6 +18,8 @@ import org.powermock.core.classloader.annotations.PrepareForTest; import org.powermock.modules.junit4.PowerMockRunner; +import java.lang.reflect.Field; + @RunWith(PowerMockRunner.class) @PrepareForTest(LogPrefixAppender.class) public class LogPrefixAppenderTest { @@ -26,7 +28,6 @@ public class LogPrefixAppenderTest { private static final String CIS_RESULT = "CLIENT_INFO"; private static final String UIS_RESULT = "USER_INFO"; private static final String SIS_RESULT = "SERVER_INFO"; - private static final boolean NOT_OMIT_EVENT_TYPE = false; @Rule public TestName testName = new TestName(); @@ -64,7 +65,7 @@ public void testCtrArgTruePassthroughToDelegates() throws Exception { whenNew(ClientInfoSupplier.class).withNoArguments().thenReturn(cisSpy); whenNew(ServerInfoSupplier.class).withArguments(testLoggerName).thenReturn(sisSpy); - LogPrefixAppender lpa = new LogPrefixAppender(true, true,true,true, testApplicationName, false); + LogPrefixAppender lpa = new LogPrefixAppender(true, true,true,true, testApplicationName); lpa.appendTo(testLoggerName, testEventType, testLogMessage); verify(uisSpy, times(1)).setLogUserInfo(true); @@ -85,7 +86,7 @@ public void testCtrArgFalsePassthroughToDelegates() throws Exception { whenNew(ClientInfoSupplier.class).withNoArguments().thenReturn(cisSpy); whenNew(ServerInfoSupplier.class).withArguments(testLoggerName).thenReturn(sisSpy); - LogPrefixAppender lpa = new LogPrefixAppender(false, false, false, false, null, false); + LogPrefixAppender lpa = new LogPrefixAppender(false, false, false, false, null); lpa.appendTo(testLoggerName, testEventType, testLogMessage); verify(uisSpy, times(1)).setLogUserInfo(false); @@ -103,7 +104,7 @@ public void testDelegateCtrArgs() throws Exception { whenNew(ClientInfoSupplier.class).withNoArguments().thenReturn(cisSpy); whenNew(ServerInfoSupplier.class).withArguments(logNameCapture.capture()).thenReturn(sisSpy); - LogPrefixAppender lpa = new LogPrefixAppender(true, true,true,true, testApplicationName, false); + LogPrefixAppender lpa = new LogPrefixAppender(true, true,true,true, testApplicationName); lpa.appendTo(testLoggerName, testEventType, testLogMessage); assertEquals(testEventType, eventTypeCapture.getValue()); @@ -111,49 +112,64 @@ public void testDelegateCtrArgs() throws Exception { } @Test - public void testOmitEventTypeInLogs() throws Exception { + public void testLongContentWithOmitEventTypeInLogs() throws Exception { runTest(ETL_RESULT, EMPTY_RESULT, EMPTY_RESULT, EMPTY_RESULT, true, ""); } @Test - public void testNotOmitEventTypeInLogs() throws Exception { - runTest(ETL_RESULT, EMPTY_RESULT, EMPTY_RESULT, EMPTY_RESULT, NOT_OMIT_EVENT_TYPE, "[EVENT_TYPE]"); + public void testLongContentWithOmitEventTypeInLogsAndUserInfo() throws Exception { + runTest(ETL_RESULT, UIS_RESULT, EMPTY_RESULT, EMPTY_RESULT, true, "[USER_INFO]"); + } + + @Test + public void testLongContentWithOmitEventTypeInLogsAndClientInfo() throws Exception { + runTest(ETL_RESULT, EMPTY_RESULT, CIS_RESULT, EMPTY_RESULT, true, "[CLIENT_INFO]"); + } + + @Test + public void testLongContentWithOmitEventTypeInLogsAndServerInfo() throws Exception { + runTest(ETL_RESULT, EMPTY_RESULT, EMPTY_RESULT, SIS_RESULT, true, "[-> SERVER_INFO]"); + } + + @Test + public void testLongContentWithoutOmitEventTypeInLogs() throws Exception { + runTest(ETL_RESULT, EMPTY_RESULT, EMPTY_RESULT, EMPTY_RESULT, false, "[EVENT_TYPE]"); } @Test public void testLogContentWhenClientInfoEmpty() throws Exception { - runTest(ETL_RESULT, UIS_RESULT, EMPTY_RESULT,SIS_RESULT, NOT_OMIT_EVENT_TYPE, "[EVENT_TYPE USER_INFO -> SERVER_INFO]"); + runTest(ETL_RESULT, UIS_RESULT, EMPTY_RESULT,SIS_RESULT, false, "[EVENT_TYPE USER_INFO -> SERVER_INFO]"); } @Test public void testLogContentWhenUserInfoEmpty() throws Exception { - runTest(ETL_RESULT, EMPTY_RESULT, CIS_RESULT,SIS_RESULT, NOT_OMIT_EVENT_TYPE, "[EVENT_TYPE CLIENT_INFO -> SERVER_INFO]"); + runTest(ETL_RESULT, EMPTY_RESULT, CIS_RESULT,SIS_RESULT, false, "[EVENT_TYPE CLIENT_INFO -> SERVER_INFO]"); } @Test public void testLogContentWhenClientInfoEmptyAndServerInfoEmpty() throws Exception { - runTest(ETL_RESULT, UIS_RESULT, EMPTY_RESULT,EMPTY_RESULT, NOT_OMIT_EVENT_TYPE, "[EVENT_TYPE USER_INFO]"); + runTest(ETL_RESULT, UIS_RESULT, EMPTY_RESULT,EMPTY_RESULT, false, "[EVENT_TYPE USER_INFO]"); } @Test public void testLogContentWhenUserInfoEmptyAndServerInfoEmpty() throws Exception { - runTest(ETL_RESULT, EMPTY_RESULT, CIS_RESULT,EMPTY_RESULT, NOT_OMIT_EVENT_TYPE, "[EVENT_TYPE CLIENT_INFO]"); + runTest(ETL_RESULT, EMPTY_RESULT, CIS_RESULT,EMPTY_RESULT, false, "[EVENT_TYPE CLIENT_INFO]"); } @Test public void testLogContentWhenUserInfoAndClientInfoEmpty() throws Exception { - runTest(ETL_RESULT, EMPTY_RESULT, EMPTY_RESULT, SIS_RESULT, NOT_OMIT_EVENT_TYPE, "[EVENT_TYPE -> SERVER_INFO]"); + runTest(ETL_RESULT, EMPTY_RESULT, EMPTY_RESULT, SIS_RESULT, false, "[EVENT_TYPE -> SERVER_INFO]"); } @Test public void testLogContentWhenServerInfoEmpty() throws Exception { - runTest(ETL_RESULT, UIS_RESULT, CIS_RESULT, EMPTY_RESULT, NOT_OMIT_EVENT_TYPE, "[EVENT_TYPE USER_INFO:CLIENT_INFO]"); + runTest(ETL_RESULT, UIS_RESULT, CIS_RESULT, EMPTY_RESULT, false, "[EVENT_TYPE USER_INFO:CLIENT_INFO]"); } @Test public void testLogContentWhenUserInfoEmptyAndClientInfoEmptyAndServerInfoEmpty() throws Exception { - runTest(ETL_RESULT, EMPTY_RESULT, EMPTY_RESULT, EMPTY_RESULT, NOT_OMIT_EVENT_TYPE, "[EVENT_TYPE]"); + runTest(ETL_RESULT, EMPTY_RESULT, EMPTY_RESULT, EMPTY_RESULT, false, "[EVENT_TYPE]"); } @@ -169,7 +185,11 @@ private void runTest(String typeResult, String userResult, String clientResult, whenNew(ServerInfoSupplier.class).withArguments(testLoggerName).thenReturn(sisSpy); //Since everything is mocked these booleans don't much matter aside from the later verifies - LogPrefixAppender lpa = new LogPrefixAppender(false, false, false, false, null, omitEventTypeInLogs); + LogPrefixAppender lpa = new LogPrefixAppender(false, false, false, false, null); + + // Using reflection API to set omitEventTypeInLogs field in LogPrefixAppender. + setOmitEventTypeInLogsFieldUsingReflection(lpa, omitEventTypeInLogs); + String actualResult = lpa.appendTo(testLoggerName, testEventType, testLogMessage); StringBuilder expectedResult = new StringBuilder(); @@ -182,4 +202,10 @@ private void runTest(String typeResult, String userResult, String clientResult, assertEquals(expectedResult.toString() , actualResult); } + + private static void setOmitEventTypeInLogsFieldUsingReflection(LogPrefixAppender lpa, boolean omitEventTypeInLogs) throws NoSuchFieldException, IllegalAccessException { + Field omitEventTypeInLogsField = lpa.getClass().getDeclaredField("omitEventTypeInLogs"); + omitEventTypeInLogsField.setAccessible(true); + omitEventTypeInLogsField.setBoolean(lpa,omitEventTypeInLogs); + } } diff --git a/src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java b/src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java index b0a035b92..523660304 100644 --- a/src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java +++ b/src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java @@ -171,17 +171,16 @@ public void checkScrubberWithoutEncoding() throws Exception { */ @Test public void checkPassthroughAppenderConstruct() throws Exception { - LogPrefixAppender stubAppender = new LogPrefixAppender(true, true, true, true, "", false); + LogPrefixAppender stubAppender = new LogPrefixAppender(true, true, true, true, ""); ArgumentCaptor userInfoCapture = ArgumentCaptor.forClass(Boolean.class); ArgumentCaptor clientInfoCapture = ArgumentCaptor.forClass(Boolean.class); ArgumentCaptor serverInfoCapture = ArgumentCaptor.forClass(Boolean.class); ArgumentCaptor logAppNameCapture = ArgumentCaptor.forClass(Boolean.class); ArgumentCaptor appNameCapture = ArgumentCaptor.forClass(String.class); - ArgumentCaptor omitEventTypeInLogsCapture = ArgumentCaptor.forClass(Boolean.class); - PowerMockito.whenNew(LogPrefixAppender.class).withArguments(userInfoCapture.capture(), clientInfoCapture.capture(), serverInfoCapture.capture(), logAppNameCapture.capture(), appNameCapture.capture(), omitEventTypeInLogsCapture.capture()).thenReturn(stubAppender); + PowerMockito.whenNew(LogPrefixAppender.class).withArguments(userInfoCapture.capture(), clientInfoCapture.capture(), serverInfoCapture.capture(), logAppNameCapture.capture(), appNameCapture.capture()).thenReturn(stubAppender); - LogAppender appender = JavaLogFactory.createLogAppender(true, true, false, true, testName.getMethodName(), false); + LogAppender appender = JavaLogFactory.createLogAppender(true, true, false, true, testName.getMethodName()); Assert.assertEquals(stubAppender, appender); Assert.assertTrue(userInfoCapture.getValue()); @@ -189,7 +188,6 @@ public void checkPassthroughAppenderConstruct() throws Exception { Assert.assertFalse(serverInfoCapture.getValue()); Assert.assertTrue(logAppNameCapture.getValue()); Assert.assertEquals(testName.getMethodName(), appNameCapture.getValue()); - Assert.assertEquals(omitEventTypeInLogsCapture.getValue(), false); } diff --git a/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactoryTest.java b/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactoryTest.java index c833710a1..12a16af4c 100644 --- a/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactoryTest.java +++ b/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactoryTest.java @@ -85,17 +85,16 @@ public void checkScrubberWithoutEncoding() throws Exception { */ @Test public void checkPassthroughAppenderConstruct() throws Exception { - LogPrefixAppender stubAppender = new LogPrefixAppender(true, true, true, true, "", false); + LogPrefixAppender stubAppender = new LogPrefixAppender(true, true, true, true, ""); ArgumentCaptor userInfoCapture = ArgumentCaptor.forClass(Boolean.class); ArgumentCaptor clientInfoCapture = ArgumentCaptor.forClass(Boolean.class); ArgumentCaptor serverInfoCapture = ArgumentCaptor.forClass(Boolean.class); ArgumentCaptor logAppNameCapture = ArgumentCaptor.forClass(Boolean.class); ArgumentCaptor appNameCapture = ArgumentCaptor.forClass(String.class); - ArgumentCaptor omitEventTypeInLogsCapture = ArgumentCaptor.forClass(Boolean.class); - PowerMockito.whenNew(LogPrefixAppender.class).withArguments(userInfoCapture.capture(), clientInfoCapture.capture(), serverInfoCapture.capture(), logAppNameCapture.capture(), appNameCapture.capture(), omitEventTypeInLogsCapture.capture()).thenReturn(stubAppender); + PowerMockito.whenNew(LogPrefixAppender.class).withArguments(userInfoCapture.capture(), clientInfoCapture.capture(), serverInfoCapture.capture(), logAppNameCapture.capture(), appNameCapture.capture()).thenReturn(stubAppender); - LogAppender appender = Slf4JLogFactory.createLogAppender(true, true, false, true, testName.getMethodName(), false); + LogAppender appender = Slf4JLogFactory.createLogAppender(true, true, false, true, testName.getMethodName()); Assert.assertEquals(stubAppender, appender); Assert.assertTrue(userInfoCapture.getValue()); @@ -103,7 +102,6 @@ public void checkPassthroughAppenderConstruct() throws Exception { Assert.assertFalse(serverInfoCapture.getValue()); Assert.assertTrue(logAppNameCapture.getValue()); Assert.assertEquals(testName.getMethodName(), appNameCapture.getValue()); - Assert.assertEquals(omitEventTypeInLogsCapture.getValue(), false); } diff --git a/src/test/resources/esapi/ESAPI.properties b/src/test/resources/esapi/ESAPI.properties index cf38c7633..9ab844622 100644 --- a/src/test/resources/esapi/ESAPI.properties +++ b/src/test/resources/esapi/ESAPI.properties @@ -431,8 +431,6 @@ Logger.LogServerIP=true Logger.UserInfo=true # Determines whether ESAPI should log the session id and client IP. Logger.ClientInfo=true -# Determines whether ESAPI should log the event type or not -Logger.OmitEventTypeInLogs=false #=========================================================================== # ESAPI Intrusion Detection From 49e2e8ee0737bdf56ad997032fdf47465bdc16c7 Mon Sep 17 00:00:00 2001 From: Rodolfo Ferreira Date: Thu, 23 Nov 2023 20:55:48 -0300 Subject: [PATCH 3/4] Update LogPrefixAppender, added the omitEventTypeInLogs property to properties test file --- .../logging/appender/LogPrefixAppender.java | 8 +- ...PrefixAppenderOmitEventTypeInLogsTest.java | 130 ++++++++++++++++++ .../appender/LogPrefixAppenderTest.java | 68 ++------- src/test/resources/esapi/ESAPI.properties | 2 + 4 files changed, 149 insertions(+), 59 deletions(-) create mode 100644 src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderOmitEventTypeInLogsTest.java diff --git a/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java b/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java index 1e5ad249b..02f1962b7 100644 --- a/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java +++ b/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java @@ -107,11 +107,7 @@ public String appendTo(String logName, EventType eventType, String message) { } } - if (logPrefix.toString().trim().isEmpty()) { - // if there isn't any log prefix we just send back the message without touching it - return message; - } - - return String.format(RESULT_FORMAT, logPrefix.toString().trim(), message); + String prefix = logPrefix.toString().trim(); + return prefix.isEmpty() ? message : String.format(RESULT_FORMAT, prefix, message); } } diff --git a/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderOmitEventTypeInLogsTest.java b/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderOmitEventTypeInLogsTest.java new file mode 100644 index 000000000..abd13875a --- /dev/null +++ b/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderOmitEventTypeInLogsTest.java @@ -0,0 +1,130 @@ +package org.owasp.esapi.logging.appender; + +import org.junit.After; +import org.junit.Before; +import org.junit.Rule; +import org.junit.Test; +import org.junit.rules.TestName; +import org.junit.runner.RunWith; +import org.mockito.ArgumentCaptor; +import org.owasp.esapi.ESAPI; +import org.owasp.esapi.Logger; +import org.owasp.esapi.Logger.EventType; +import org.owasp.esapi.SecurityConfiguration; +import org.owasp.esapi.SecurityConfigurationWrapper; +import org.powermock.core.classloader.annotations.PrepareForTest; +import org.powermock.modules.junit4.PowerMockRunner; + +import java.lang.reflect.Field; + +import static org.junit.Assert.assertEquals; +import static org.mockito.Mockito.spy; +import static org.mockito.Mockito.times; +import static org.mockito.Mockito.verify; +import static org.mockito.Mockito.when; +import static org.owasp.esapi.PropNames.OMIT_EVENT_TYPE_IN_LOGS; +import static org.powermock.api.mockito.PowerMockito.whenNew; + +@RunWith(PowerMockRunner.class) +@PrepareForTest(LogPrefixAppender.class) +public class LogPrefixAppenderOmitEventTypeInLogsTest { + private static final String EMPTY_RESULT = " "; + private static final String ETL_RESULT = "EVENT_TYPE"; + private static final String CIS_RESULT = "CLIENT_INFO"; + private static final String UIS_RESULT = "USER_INFO"; + private static final String SIS_RESULT = "SERVER_INFO"; + + @Rule + public TestName testName = new TestName(); + + private String testLoggerName = testName.getMethodName() + "-LOGGER"; + private String testLogMessage = testName.getMethodName() + "-MESSAGE"; + private String testApplicationName = testName.getMethodName() + "-APPLICATION_NAME"; + private EventType testEventType = Logger.EVENT_UNSPECIFIED; + + private EventTypeLogSupplier etlsSpy; + private ClientInfoSupplier cisSpy; + private UserInfoSupplier uisSpy; + private ServerInfoSupplier sisSpy; + + private static class ConfOverride extends SecurityConfigurationWrapper { + private final boolean desiredReturn; + + ConfOverride(SecurityConfiguration orig, boolean desiredReturn) { + super(orig); + this.desiredReturn = desiredReturn; + } + + @Override + public Boolean getBooleanProp(String propName) { + // Would it be better making this file a static import? + if (propName.equals(OMIT_EVENT_TYPE_IN_LOGS)) { + return desiredReturn; + } else { + return false; + } + } + } + + @Before + public void buildSupplierSpies() { + etlsSpy = spy(new EventTypeLogSupplier(Logger.EVENT_UNSPECIFIED)); + uisSpy = spy(new UserInfoSupplier()); + cisSpy = spy(new ClientInfoSupplier()); + sisSpy = spy(new ServerInfoSupplier(testName.getMethodName())); + + testLoggerName = testName.getMethodName() + "-LOGGER"; + testLogMessage = testName.getMethodName() + "-MESSAGE"; + testApplicationName = testName.getMethodName() + "-APPLICATION_NAME"; + + ESAPI.override( + new LogPrefixAppenderOmitEventTypeInLogsTest.ConfOverride(ESAPI.securityConfiguration(), true) + ); + } + @Test + public void testLongContentWithOmitEventTypeInLogs() throws Exception { + runTest(ETL_RESULT, EMPTY_RESULT, EMPTY_RESULT, EMPTY_RESULT, ""); + } + + @Test + public void testLongContentWithOmitEventTypeInLogsAndUserInfo() throws Exception { + runTest(ETL_RESULT, UIS_RESULT, EMPTY_RESULT, EMPTY_RESULT, "[USER_INFO]"); + } + + @Test + public void testLongContentWithOmitEventTypeInLogsAndClientInfo() throws Exception { + runTest(ETL_RESULT, EMPTY_RESULT, CIS_RESULT, EMPTY_RESULT, "[CLIENT_INFO]"); + } + + @Test + public void testLongContentWithOmitEventTypeInLogsAndServerInfo() throws Exception { + runTest(ETL_RESULT, EMPTY_RESULT, EMPTY_RESULT, SIS_RESULT, "[-> SERVER_INFO]"); + } + + private void runTest(String typeResult, String userResult, String clientResult, String serverResult, String exResult) throws Exception{ + when(etlsSpy.get()).thenReturn(typeResult); + when(uisSpy.get()).thenReturn(userResult); + when(cisSpy.get()).thenReturn(clientResult); + when(sisSpy.get()).thenReturn(serverResult); + + whenNew(EventTypeLogSupplier.class).withArguments(testEventType).thenReturn(etlsSpy); + whenNew(UserInfoSupplier.class).withNoArguments().thenReturn(uisSpy); + whenNew(ClientInfoSupplier.class).withNoArguments().thenReturn(cisSpy); + whenNew(ServerInfoSupplier.class).withArguments(testLoggerName).thenReturn(sisSpy); + + //Since everything is mocked these booleans don't much matter aside from the later verifies + LogPrefixAppender lpa = new LogPrefixAppender(false, false, false, false, null); + + String actualResult = lpa.appendTo(testLoggerName, testEventType, testLogMessage); + + StringBuilder expectedResult = new StringBuilder(); + if (!exResult.isEmpty()) { + expectedResult.append(exResult); + expectedResult.append(" "); + } + expectedResult.append(testName.getMethodName()); + expectedResult.append("-MESSAGE"); + + assertEquals(expectedResult.toString() , actualResult); + } +} diff --git a/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderTest.java b/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderTest.java index 8c4bfdb29..395175439 100644 --- a/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderTest.java +++ b/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderTest.java @@ -18,8 +18,6 @@ import org.powermock.core.classloader.annotations.PrepareForTest; import org.powermock.modules.junit4.PowerMockRunner; -import java.lang.reflect.Field; - @RunWith(PowerMockRunner.class) @PrepareForTest(LogPrefixAppender.class) public class LogPrefixAppenderTest { @@ -111,69 +109,51 @@ public void testDelegateCtrArgs() throws Exception { assertEquals(testLoggerName, logNameCapture.getValue()); } - @Test - public void testLongContentWithOmitEventTypeInLogs() throws Exception { - runTest(ETL_RESULT, EMPTY_RESULT, EMPTY_RESULT, EMPTY_RESULT, true, ""); - } - - @Test - public void testLongContentWithOmitEventTypeInLogsAndUserInfo() throws Exception { - runTest(ETL_RESULT, UIS_RESULT, EMPTY_RESULT, EMPTY_RESULT, true, "[USER_INFO]"); - } - - @Test - public void testLongContentWithOmitEventTypeInLogsAndClientInfo() throws Exception { - runTest(ETL_RESULT, EMPTY_RESULT, CIS_RESULT, EMPTY_RESULT, true, "[CLIENT_INFO]"); - } - - @Test - public void testLongContentWithOmitEventTypeInLogsAndServerInfo() throws Exception { - runTest(ETL_RESULT, EMPTY_RESULT, EMPTY_RESULT, SIS_RESULT, true, "[-> SERVER_INFO]"); - } - @Test - public void testLongContentWithoutOmitEventTypeInLogs() throws Exception { - runTest(ETL_RESULT, EMPTY_RESULT, EMPTY_RESULT, EMPTY_RESULT, false, "[EVENT_TYPE]"); - } @Test public void testLogContentWhenClientInfoEmpty() throws Exception { - runTest(ETL_RESULT, UIS_RESULT, EMPTY_RESULT,SIS_RESULT, false, "[EVENT_TYPE USER_INFO -> SERVER_INFO]"); + runTest(ETL_RESULT, UIS_RESULT, EMPTY_RESULT,SIS_RESULT, "[EVENT_TYPE USER_INFO -> SERVER_INFO]"); } @Test public void testLogContentWhenUserInfoEmpty() throws Exception { - runTest(ETL_RESULT, EMPTY_RESULT, CIS_RESULT,SIS_RESULT, false, "[EVENT_TYPE CLIENT_INFO -> SERVER_INFO]"); + runTest(ETL_RESULT, EMPTY_RESULT, CIS_RESULT,SIS_RESULT, "[EVENT_TYPE CLIENT_INFO -> SERVER_INFO]"); } @Test public void testLogContentWhenClientInfoEmptyAndServerInfoEmpty() throws Exception { - runTest(ETL_RESULT, UIS_RESULT, EMPTY_RESULT,EMPTY_RESULT, false, "[EVENT_TYPE USER_INFO]"); + runTest(ETL_RESULT, UIS_RESULT, EMPTY_RESULT,EMPTY_RESULT, "[EVENT_TYPE USER_INFO]"); } @Test public void testLogContentWhenUserInfoEmptyAndServerInfoEmpty() throws Exception { - runTest(ETL_RESULT, EMPTY_RESULT, CIS_RESULT,EMPTY_RESULT, false, "[EVENT_TYPE CLIENT_INFO]"); + runTest(ETL_RESULT, EMPTY_RESULT, CIS_RESULT,EMPTY_RESULT, "[EVENT_TYPE CLIENT_INFO]"); } @Test public void testLogContentWhenUserInfoAndClientInfoEmpty() throws Exception { - runTest(ETL_RESULT, EMPTY_RESULT, EMPTY_RESULT, SIS_RESULT, false, "[EVENT_TYPE -> SERVER_INFO]"); + runTest(ETL_RESULT, EMPTY_RESULT, EMPTY_RESULT, SIS_RESULT, "[EVENT_TYPE -> SERVER_INFO]"); } @Test public void testLogContentWhenServerInfoEmpty() throws Exception { - runTest(ETL_RESULT, UIS_RESULT, CIS_RESULT, EMPTY_RESULT, false, "[EVENT_TYPE USER_INFO:CLIENT_INFO]"); + runTest(ETL_RESULT, UIS_RESULT, CIS_RESULT, EMPTY_RESULT, "[EVENT_TYPE USER_INFO:CLIENT_INFO]"); } @Test public void testLogContentWhenUserInfoEmptyAndClientInfoEmptyAndServerInfoEmpty() throws Exception { - runTest(ETL_RESULT, EMPTY_RESULT, EMPTY_RESULT, EMPTY_RESULT, false, "[EVENT_TYPE]"); + runTest(ETL_RESULT, EMPTY_RESULT, EMPTY_RESULT, EMPTY_RESULT, "[EVENT_TYPE]"); + } + + @Test + public void testLongContentWithoutOmitEventTypeInLogs() throws Exception { + runTest(ETL_RESULT, EMPTY_RESULT, EMPTY_RESULT, EMPTY_RESULT, "[EVENT_TYPE]"); } - private void runTest(String typeResult, String userResult, String clientResult, String serverResult, boolean omitEventTypeInLogs, String exResult) throws Exception{ + private void runTest(String typeResult, String userResult, String clientResult, String serverResult, String exResult) throws Exception{ when(etlsSpy.get()).thenReturn(typeResult); when(uisSpy.get()).thenReturn(userResult); when(cisSpy.get()).thenReturn(clientResult); @@ -186,26 +166,8 @@ private void runTest(String typeResult, String userResult, String clientResult, //Since everything is mocked these booleans don't much matter aside from the later verifies LogPrefixAppender lpa = new LogPrefixAppender(false, false, false, false, null); + String result = lpa.appendTo(testLoggerName, testEventType, testLogMessage); - // Using reflection API to set omitEventTypeInLogs field in LogPrefixAppender. - setOmitEventTypeInLogsFieldUsingReflection(lpa, omitEventTypeInLogs); - - String actualResult = lpa.appendTo(testLoggerName, testEventType, testLogMessage); - - StringBuilder expectedResult = new StringBuilder(); - if (!exResult.isEmpty()) { - expectedResult.append(exResult); - expectedResult.append(" "); - } - expectedResult.append(testName.getMethodName()); - expectedResult.append("-MESSAGE"); - - assertEquals(expectedResult.toString() , actualResult); - } - - private static void setOmitEventTypeInLogsFieldUsingReflection(LogPrefixAppender lpa, boolean omitEventTypeInLogs) throws NoSuchFieldException, IllegalAccessException { - Field omitEventTypeInLogsField = lpa.getClass().getDeclaredField("omitEventTypeInLogs"); - omitEventTypeInLogsField.setAccessible(true); - omitEventTypeInLogsField.setBoolean(lpa,omitEventTypeInLogs); + assertEquals(exResult + " " + testName.getMethodName() + "-MESSAGE", result); } } diff --git a/src/test/resources/esapi/ESAPI.properties b/src/test/resources/esapi/ESAPI.properties index 9ab844622..cf38c7633 100644 --- a/src/test/resources/esapi/ESAPI.properties +++ b/src/test/resources/esapi/ESAPI.properties @@ -431,6 +431,8 @@ Logger.LogServerIP=true Logger.UserInfo=true # Determines whether ESAPI should log the session id and client IP. Logger.ClientInfo=true +# Determines whether ESAPI should log the event type or not +Logger.OmitEventTypeInLogs=false #=========================================================================== # ESAPI Intrusion Detection From 29db8c7e0dd3400652cf812bc642bbe4b67c6f98 Mon Sep 17 00:00:00 2001 From: Rodolfo Ferreira Date: Thu, 23 Nov 2023 20:57:45 -0300 Subject: [PATCH 4/4] Remove of unused imports --- .../appender/LogPrefixAppenderOmitEventTypeInLogsTest.java | 6 ------ .../owasp/esapi/logging/appender/LogPrefixAppenderTest.java | 2 -- 2 files changed, 8 deletions(-) diff --git a/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderOmitEventTypeInLogsTest.java b/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderOmitEventTypeInLogsTest.java index abd13875a..b3b79fb63 100644 --- a/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderOmitEventTypeInLogsTest.java +++ b/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderOmitEventTypeInLogsTest.java @@ -1,12 +1,10 @@ package org.owasp.esapi.logging.appender; -import org.junit.After; import org.junit.Before; import org.junit.Rule; import org.junit.Test; import org.junit.rules.TestName; import org.junit.runner.RunWith; -import org.mockito.ArgumentCaptor; import org.owasp.esapi.ESAPI; import org.owasp.esapi.Logger; import org.owasp.esapi.Logger.EventType; @@ -15,12 +13,8 @@ import org.powermock.core.classloader.annotations.PrepareForTest; import org.powermock.modules.junit4.PowerMockRunner; -import java.lang.reflect.Field; - import static org.junit.Assert.assertEquals; import static org.mockito.Mockito.spy; -import static org.mockito.Mockito.times; -import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; import static org.owasp.esapi.PropNames.OMIT_EVENT_TYPE_IN_LOGS; import static org.powermock.api.mockito.PowerMockito.whenNew; diff --git a/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderTest.java b/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderTest.java index 395175439..4e188e9fc 100644 --- a/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderTest.java +++ b/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderTest.java @@ -109,8 +109,6 @@ public void testDelegateCtrArgs() throws Exception { assertEquals(testLoggerName, logNameCapture.getValue()); } - - @Test public void testLogContentWhenClientInfoEmpty() throws Exception { runTest(ETL_RESULT, UIS_RESULT, EMPTY_RESULT,SIS_RESULT, "[EVENT_TYPE USER_INFO -> SERVER_INFO]");