diff options
author | amohamad <a.mohamad@queensu.ca> | 2020-06-26 12:40:11 -0400 |
---|---|---|
committer | amohamad <a.mohamad@queensu.ca> | 2020-07-29 15:47:42 -0400 |
commit | 9ee60949d3ceca3ab1fcf47c9214f7bf6baf89c6 (patch) | |
tree | 67bf3fbecf8b3bbd4beaccc1378e3914c5c51ed2 /utils | |
parent | 3c54913a795813ead9dd8a50f22a846ad10ee415 (diff) |
Upgrade Vulnerable Direct Dependencies [log4j]
Signed-off-by: amohamad <a.mohamad@queensu.ca>
Issue-ID: SDC-3051
Upgrade from the vulnerable log4j 1.x to log4j 2.13.1
Add a log4j version property in sdc-main pom.xml
Add two maven dependencies to respective child pom.xml
Change name of log4j .properties and .xml config files
to reflect log4j2 naming
Update the configuration files to the totally new
log4j 2 config syntax
Replace PropertyConfigurator with LoggerContext
Remove the abandoned log4j.lf5.util.ResourceUtils
Signed-off-by: amohamad <a.mohamad@queensu.ca>
Change-Id: Ie0f141eb2e0337ee5b63b61dc1395ccd8040558d
Diffstat (limited to 'utils')
5 files changed, 45 insertions, 34 deletions
diff --git a/utils/webseal-simulator/pom.xml b/utils/webseal-simulator/pom.xml index 00e84a206d..10787cc6b1 100644 --- a/utils/webseal-simulator/pom.xml +++ b/utils/webseal-simulator/pom.xml @@ -80,9 +80,9 @@ </dependency> <dependency> - <groupId>log4j</groupId> - <artifactId>log4j</artifactId> - <version>1.2.17</version> + <groupId>org.apache.logging.log4j</groupId> + <artifactId>log4j-core</artifactId> + <version>${log4j.version}</version> <scope>compile</scope> </dependency> diff --git a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/files/default/log4j.properties b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/files/default/log4j.properties deleted file mode 100644 index 4bf9084d14..0000000000 --- a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/files/default/log4j.properties +++ /dev/null @@ -1,26 +0,0 @@ -# Define the root logger with appender file -log4j.rootLogger = INFO, FILE, stdout - -# Define the file appender -log4j.appender.FILE=org.apache.log4j.RollingFileAppender -log4j.appender.FILE.File=logs/ws-log.out - -# Define the layout for file appender -log4j.appender.FILE.layout=org.apache.log4j.PatternLayout -log4j.appender.FILE.layout.conversionPattern=%d{yyyy-MM-dd HH:mm:ss} %5p [%10c] : %m%n - -# Set the maximum file size before rollover -log4j.appender.FILE.maxFileSize=5MB - -# Set the the backup index -log4j.appender.FILE.maxBackupIndex=10 - - -############################################################# - -# Direct log messages to stdout -log4j.appender.stdout=org.apache.log4j.ConsoleAppender -log4j.appender.stdout.Target=System.out -log4j.appender.stdout.layout=org.apache.log4j.PatternLayout -#log4j.appender.stdout.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n -log4j.appender.stdout.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %5p %10c:%L - %m%n diff --git a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/files/default/log4j2.properties b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/files/default/log4j2.properties new file mode 100644 index 0000000000..77acad8915 --- /dev/null +++ b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/files/default/log4j2.properties @@ -0,0 +1,36 @@ +status = error +dest = err +name = PropertiesConfig + +property.filename = logs/ws-log.out + +#filter.threshold.type = ThresholdFilter +#filter.threshold.level = debug + +appender.rolling.type = RollingFile +appender.rolling.name = RollingFile +appender.rolling.fileName = ${filename} +appender.rolling.filePattern = logs/ws-%d{MM-dd-yy-HH-mm-ss}-%i.log.gz +appender.rolling.layout.type = PatternLayout +appender.rolling.layout.pattern = %d{yyyy-MM-dd HH:mm:ss} %5p [%10c] : %m%n +appender.rolling.policies.type = Policies +appender.rolling.policies.size.type = SizeBasedTriggeringPolicy +appender.rolling.policies.size.size=5MB +appender.rolling.strategy.type = DefaultRolloverStrategy +appender.rolling.strategy.max = 10 + +appender.console.type = Console +appender.console.name = STDOUT +appender.console.layout.type = PatternLayout +appender.console.layout.pattern = %d{yyyy-MM-dd HH:mm:ss} %5p %10c:%L - %m%n +appender.console.filter.threshold.type = ThresholdFilter +appender.console.filter.threshold.level = info + +logger.rolling.name = RollingAppender +logger.rolling.level = info +logger.rolling.additivity = false +logger.rolling.appenderRef.rolling.ref = RollingFile + +rootLogger.level = info +rootLogger.appenderRef.stdout.ref = STDOUT +rootLogger.appenderRef.rolling.ref = RollingFile
\ No newline at end of file diff --git a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_3_logback.rb b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_3_logback.rb index 06151fe1fc..14f83c34de 100644 --- a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_3_logback.rb +++ b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_3_logback.rb @@ -1,6 +1,6 @@ -cookbook_file "log4j.properties" do - path "#{ENV['JETTY_BASE']}/config/sdc-simulator/log4j.properties" - source "log4j.properties" +cookbook_file "log4j2.properties" do + path "#{ENV['JETTY_BASE']}/config/sdc-simulator/log4j2.properties" + source "log4j2.properties" owner "jetty" group "jetty" mode "0755" diff --git a/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SdcProxy.java b/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SdcProxy.java index 29babc4b25..014b6c4031 100644 --- a/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SdcProxy.java +++ b/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SdcProxy.java @@ -35,7 +35,8 @@ import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClients; import org.apache.http.impl.conn.PoolingHttpClientConnectionManager; import org.apache.http.ssl.SSLContextBuilder; -import org.apache.log4j.Logger; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; import org.openecomp.sdc.webseal.simulator.conf.Conf; import javax.net.ssl.SSLContext; @@ -75,7 +76,7 @@ public class SdcProxy extends HttpServlet { private static final Set<String> RESERVED_HEADERS = Arrays.stream(ReservedHeaders.values()).map(h -> h.getValue()).collect(Collectors.toSet()); - private final static Logger logger = Logger.getLogger(SdcProxy.class); + private final static Logger logger = LogManager.getLogger(SdcProxy.class); public void init(ServletConfig config) throws ServletException { super.init(config); |