View Javadoc
1   /*
2    * To change this license header, choose License Headers in Project Properties.
3    * To change this template file, choose Tools | Templates
4    * and open the template in the editor.
5    */
6   package org.miloss.fgsms.common;
7   
8   import java.util.Enumeration;
9   import java.util.ResourceBundle;
10  import org.apache.log4j.Appender;
11  import org.apache.log4j.Category;
12  import org.apache.log4j.Level;
13  import org.apache.log4j.Priority;
14  import org.apache.log4j.spi.LoggerFactory;
15  import org.apache.log4j.spi.LoggingEvent;
16  
17  /**
18   * Mirrors Apache Log4j and acts as a wrapper. Modeled after the OWASP
19   * Enterprise Security API ESAPI
20   *
21   * Primary function, protect against log forging
22   *
23   * @author alex.oree
24   */
25  public class Logger {
26  
27      final static String CHAR_WHITELIST = "[^A-Za-z0-9 \\?\\\\\\!@#\\$%\\^&\\*\\(\\)\\;\\:/\\.,\\+\\<\\>\\-_\\=\\{\\}\\|'\"\\[\\]]";
28      /**
29       * this is the method that provides log forging prevention, basically, 
30       * remove new lines from the log message, stack traces are excluded
31       * @param message
32       * @return 
33       */
34      private static String protect(Object message) {
35          if (message == null) {
36              return null;
37          }
38          String content = message.toString();
39          if (content != null) {
40              return content.replaceAll(CHAR_WHITELIST,"");//('\n', '_').replace('\r', '_');
41          } else {
42              return null;
43          }
44      }
45  
46      final org.apache.log4j.Logger parent;
47  
48      protected Logger(String name) {
49          parent = org.apache.log4j.Logger.getLogger(name);
50      }
51  
52      public static Logger getLogger(String name) {
53          return new Logger(name);
54      }
55  
56      public static Logger getLogger(Class clazz) {
57          return new Logger(clazz.getName());
58      }
59  
60      public static Logger getRootLogger() {
61          return new Logger("");
62      }
63  
64      public static Logger getLogger(String name, LoggerFactory factory) {
65          return new Logger(name);
66      }
67  
68      public void trace(Object message) {
69          parent.trace(message);
70      }
71  
72      public void trace(Object message, Throwable t) {
73          parent.trace(message, t);
74      }
75  
76      public boolean isTraceEnabled() {
77          return parent.isTraceEnabled();
78      }
79  
80      public synchronized void addAppender(Appender newAppender) {
81          parent.addAppender(newAppender);
82      }
83  
84      public void assertLog(boolean assertion, String msg) {
85          parent.assertLog(assertion, msg);
86      }
87  
88      public void callAppenders(LoggingEvent event) {
89          parent.callAppenders(event);
90      }
91  
92      public void debug(Object message) {
93          parent.debug(protect(message));
94      }
95  
96      public void debug(Object message, Throwable t) {
97          parent.debug(protect(message), t);
98      }
99  
100     public void error(Object message) {
101         parent.error(protect(message));
102     }
103 
104     public void error(Object message, Throwable t) {
105         parent.error(protect(message), t);
106     }
107 
108     public void fatal(Object message) {
109         parent.fatal(protect(message));
110     }
111 
112     public void fatal(Object message, Throwable t) {
113         parent.fatal(protect(message), t);
114     }
115 
116     public boolean getAdditivity() {
117         return parent.getAdditivity();
118     }
119 
120     public synchronized Enumeration getAllAppenders() {
121         return parent.getAllAppenders();
122     }
123 
124     public synchronized Appender getAppender(String name) {
125         return parent.getAppender(name);
126     }
127 
128     public Level getEffectiveLevel() {
129         return parent.getEffectiveLevel();
130     }
131 
132     public Priority getChainedPriority() {
133         return parent.getChainedPriority();
134     }
135 
136  
137     public final String getName() {
138         return parent.getName();
139     }
140 
141     public final Category getParent() {
142         return parent.getParent();
143     }
144 
145     public final Level getLevel() {
146         return parent.getLevel();
147     }
148 
149     public final Level getPriority() {
150         return parent.getPriority();
151     }
152 
153     public ResourceBundle getResourceBundle() {
154         return parent.getResourceBundle();
155     }
156 
157     public void info(Object message) {
158         parent.info(protect(message));
159     }
160 
161     public void info(Object message, Throwable t) {
162         parent.info(protect(message), t);
163     }
164 
165     public boolean isAttached(Appender appender) {
166         return parent.isAttached(appender);
167     }
168 
169     public boolean isDebugEnabled() {
170         return parent.isDebugEnabled();
171     }
172 
173     public boolean isEnabledFor(Priority level) {
174         return parent.isEnabledFor(level);
175     }
176 
177     public boolean isInfoEnabled() {
178         return parent.isInfoEnabled();
179     }
180 
181     public void l7dlog(Priority priority, String key, Throwable t) {
182         parent.l7dlog(priority, key, t);
183     }
184 
185     public void l7dlog(Priority priority, String key, Object[] params, Throwable t) {
186         parent.l7dlog(priority, key, params, t);
187     }
188 
189     public void log(Priority priority, Object message, Throwable t) {
190         parent.log(priority, protect(message), t);
191     }
192 
193     public void log(Priority priority, Object message) {
194         parent.log(priority, protect(message));
195     }
196 
197     public void log(String callerFQCN, Priority level, Object message, Throwable t) {
198         parent.log(callerFQCN, level, protect(message), t);
199     }
200 
201     public synchronized void removeAllAppenders() {
202         parent.removeAllAppenders();
203     }
204 
205     public synchronized void removeAppender(Appender appender) {
206         parent.removeAppender(appender);
207     }
208 
209     public synchronized void removeAppender(String name) {
210         parent.removeAppender(name);
211     }
212 
213     public void setAdditivity(boolean additive) {
214         parent.setAdditivity(additive);
215     }
216 
217     public void setLevel(Level level) {
218         parent.setLevel(level);
219     }
220 
221     public void setPriority(Priority priority) {
222         parent.setPriority(priority);
223     }
224 
225     public void setResourceBundle(ResourceBundle bundle) {
226         parent.setResourceBundle(bundle);
227     }
228 
229     public static void shutdown() {
230         org.apache.log4j.Logger.shutdown();
231     }
232 
233     public void warn(Object message) {
234         parent.warn(protect(message));
235     }
236 
237     public void warn(Object message, Throwable t) {
238         parent.warn(protect(message), t);
239     }
240 }