aboutsummaryrefslogtreecommitdiffstats
path: root/utils
diff options
context:
space:
mode:
authoramohamad <a.mohamad@queensu.ca>2020-06-26 12:40:11 -0400
committeramohamad <a.mohamad@queensu.ca>2020-07-29 15:47:42 -0400
commit9ee60949d3ceca3ab1fcf47c9214f7bf6baf89c6 (patch)
tree67bf3fbecf8b3bbd4beaccc1378e3914c5c51ed2 /utils
parent3c54913a795813ead9dd8a50f22a846ad10ee415 (diff)
Upgrade Vulnerable Direct Dependencies [log4j]
Signed-off-by: amohamad <a.mohamad@queensu.ca> Issue-ID: SDC-3051 Upgrade from the vulnerable log4j 1.x to log4j 2.13.1 Add a log4j version property in sdc-main pom.xml Add two maven dependencies to respective child pom.xml Change name of log4j .properties and .xml config files to reflect log4j2 naming Update the configuration files to the totally new log4j 2 config syntax Replace PropertyConfigurator with LoggerContext Remove the abandoned log4j.lf5.util.ResourceUtils Signed-off-by: amohamad <a.mohamad@queensu.ca> Change-Id: Ie0f141eb2e0337ee5b63b61dc1395ccd8040558d
Diffstat (limited to 'utils')
-rw-r--r--utils/webseal-simulator/pom.xml6
-rw-r--r--utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/files/default/log4j.properties26
-rw-r--r--utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/files/default/log4j2.properties36
-rw-r--r--utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_3_logback.rb6
-rw-r--r--utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SdcProxy.java5
5 files changed, 45 insertions, 34 deletions
diff --git a/utils/webseal-simulator/pom.xml b/utils/webseal-simulator/pom.xml
index 00e84a206d..10787cc6b1 100644
--- a/utils/webseal-simulator/pom.xml
+++ b/utils/webseal-simulator/pom.xml
@@ -80,9 +80,9 @@
</dependency>
<dependency>
- <groupId>log4j</groupId>
- <artifactId>log4j</artifactId>
- <version>1.2.17</version>
+ <groupId>org.apache.logging.log4j</groupId>
+ <artifactId>log4j-core</artifactId>
+ <version>${log4j.version}</version>
<scope>compile</scope>
</dependency>
diff --git a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/files/default/log4j.properties b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/files/default/log4j.properties
deleted file mode 100644
index 4bf9084d14..0000000000
--- a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/files/default/log4j.properties
+++ /dev/null
@@ -1,26 +0,0 @@
-# Define the root logger with appender file
-log4j.rootLogger = INFO, FILE, stdout
-
-# Define the file appender
-log4j.appender.FILE=org.apache.log4j.RollingFileAppender
-log4j.appender.FILE.File=logs/ws-log.out
-
-# Define the layout for file appender
-log4j.appender.FILE.layout=org.apache.log4j.PatternLayout
-log4j.appender.FILE.layout.conversionPattern=%d{yyyy-MM-dd HH:mm:ss} %5p [%10c] : %m%n
-
-# Set the maximum file size before rollover
-log4j.appender.FILE.maxFileSize=5MB
-
-# Set the the backup index
-log4j.appender.FILE.maxBackupIndex=10
-
-
-#############################################################
-
-# Direct log messages to stdout
-log4j.appender.stdout=org.apache.log4j.ConsoleAppender
-log4j.appender.stdout.Target=System.out
-log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
-#log4j.appender.stdout.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n
-log4j.appender.stdout.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %5p %10c:%L - %m%n
diff --git a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/files/default/log4j2.properties b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/files/default/log4j2.properties
new file mode 100644
index 0000000000..77acad8915
--- /dev/null
+++ b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/files/default/log4j2.properties
@@ -0,0 +1,36 @@
+status = error
+dest = err
+name = PropertiesConfig
+
+property.filename = logs/ws-log.out
+
+#filter.threshold.type = ThresholdFilter
+#filter.threshold.level = debug
+
+appender.rolling.type = RollingFile
+appender.rolling.name = RollingFile
+appender.rolling.fileName = ${filename}
+appender.rolling.filePattern = logs/ws-%d{MM-dd-yy-HH-mm-ss}-%i.log.gz
+appender.rolling.layout.type = PatternLayout
+appender.rolling.layout.pattern = %d{yyyy-MM-dd HH:mm:ss} %5p [%10c] : %m%n
+appender.rolling.policies.type = Policies
+appender.rolling.policies.size.type = SizeBasedTriggeringPolicy
+appender.rolling.policies.size.size=5MB
+appender.rolling.strategy.type = DefaultRolloverStrategy
+appender.rolling.strategy.max = 10
+
+appender.console.type = Console
+appender.console.name = STDOUT
+appender.console.layout.type = PatternLayout
+appender.console.layout.pattern = %d{yyyy-MM-dd HH:mm:ss} %5p %10c:%L - %m%n
+appender.console.filter.threshold.type = ThresholdFilter
+appender.console.filter.threshold.level = info
+
+logger.rolling.name = RollingAppender
+logger.rolling.level = info
+logger.rolling.additivity = false
+logger.rolling.appenderRef.rolling.ref = RollingFile
+
+rootLogger.level = info
+rootLogger.appenderRef.stdout.ref = STDOUT
+rootLogger.appenderRef.rolling.ref = RollingFile \ No newline at end of file
diff --git a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_3_logback.rb b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_3_logback.rb
index 06151fe1fc..14f83c34de 100644
--- a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_3_logback.rb
+++ b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_3_logback.rb
@@ -1,6 +1,6 @@
-cookbook_file "log4j.properties" do
- path "#{ENV['JETTY_BASE']}/config/sdc-simulator/log4j.properties"
- source "log4j.properties"
+cookbook_file "log4j2.properties" do
+ path "#{ENV['JETTY_BASE']}/config/sdc-simulator/log4j2.properties"
+ source "log4j2.properties"
owner "jetty"
group "jetty"
mode "0755"
diff --git a/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SdcProxy.java b/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SdcProxy.java
index 29babc4b25..014b6c4031 100644
--- a/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SdcProxy.java
+++ b/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SdcProxy.java
@@ -35,7 +35,8 @@ import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.ssl.SSLContextBuilder;
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
import org.openecomp.sdc.webseal.simulator.conf.Conf;
import javax.net.ssl.SSLContext;
@@ -75,7 +76,7 @@ public class SdcProxy extends HttpServlet {
private static final Set<String> RESERVED_HEADERS = Arrays.stream(ReservedHeaders.values()).map(h -> h.getValue()).collect(Collectors.toSet());
- private final static Logger logger = Logger.getLogger(SdcProxy.class);
+ private final static Logger logger = LogManager.getLogger(SdcProxy.class);
public void init(ServletConfig config) throws ServletException {
super.init(config);