augustd · augustd · Mar 21, 2018 · Mar 21, 2018 · Mar 21, 2018 · Mar 21, 2018
diff --git a/owasp-security-logging-common/pom.xml b/owasp-security-logging-common/pom.xml
@@ -4,7 +4,7 @@
   <parent>
     <artifactId>security-logging</artifactId>
     <groupId>org.owasp</groupId>
-    <version>1.1.5</version>
+    <version>1.1.6</version>
     <relativePath>../pom.xml</relativePath>
   </parent>
   <artifactId>security-logging-common</artifactId>

diff --git a/owasp-security-logging-log4j/pom.xml b/owasp-security-logging-log4j/pom.xml
@@ -4,7 +4,7 @@
   <parent>
     <artifactId>security-logging</artifactId>
     <groupId>org.owasp</groupId>
-    <version>1.1.5</version>
+    <version>1.1.6</version>
     <relativePath>../pom.xml</relativePath>
   </parent>
   <artifactId>security-logging-log4j</artifactId>
@@ -31,7 +31,7 @@
     <url>https://github.com/javabeanz/owasp-security-logging</url>
   </scm>
   <properties>
-    <log4j.version>2.2</log4j.version>
+    <log4j.version>2.8.2</log4j.version>
   </properties>
   <dependencies>
     <dependency>

diff --git a/...ty-logging-log4j/src/main/java/org/owasp/security/logging/log4j/Log4JMarkerConverter.java b/...ty-logging-log4j/src/main/java/org/owasp/security/logging/log4j/Log4JMarkerConverter.java
@@ -0,0 +1,39 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.owasp.security.logging.log4j;
+
+import java.util.Iterator;
+import org.apache.logging.log4j.Marker;
+import org.apache.logging.log4j.MarkerManager;
+
+/**
+ *
+ * @author August Detlefsen [augustd@codemagi.com]
+ */
+public class Log4JMarkerConverter {
+
+	public static Marker convertMarker(org.slf4j.Marker input) {
+		Marker output = MarkerManager.getMarker(input.getName());
+
+		if (input.hasReferences()) {
+			Iterator i = input.iterator();
+			while (i.hasNext()) {
+				org.slf4j.Marker ref = (org.slf4j.Marker)i.next();
+				output.addParents(convertMarker(ref));
+			}
+		}
+		return output;
+	}
+
+}
diff --git a/...gging-log4j/src/main/java/org/owasp/security/logging/log4j/mask/MaskingRewritePolicy.java b/...gging-log4j/src/main/java/org/owasp/security/logging/log4j/mask/MaskingRewritePolicy.java
@@ -32,56 +32,60 @@
 public class MaskingRewritePolicy implements RewritePolicy {
 
 	public static final Object MASKED_PASSWORD = "********";
-        
-    @PluginFactory
-    public static MaskingRewritePolicy createPolicy() {
-        return new MaskingRewritePolicy();
-    }
+
+	@PluginFactory
+	public static MaskingRewritePolicy createPolicy() {
+		return new MaskingRewritePolicy();
+	}
 
 	/**
 	 * Rewrite the event.
-	 * 
-	 * @param source
-	 *            a logging event that may be returned or used to create a new
-	 *            logging event.
+	 *
+	 * @param source a logging event that may be returned or used to create a
+	 * new logging event.
 	 * @return The LogEvent after rewriting.
 	 */
-        @Override
+	@Override
 	public LogEvent rewrite(LogEvent source) {
 		// get the markers for the log event. If no markers, nothing can be
 		// tagged confidential and we can return
 		Marker sourceMarker = source.getMarker();
-		if (sourceMarker == null)
+		if (sourceMarker == null) {
 			return source;
+		}
 
 		// get the message. If no message we can return
 		final Message msg = source.getMessage();
-		if (msg == null || !(msg instanceof ParameterizedMessage))
+		if (msg == null || !(msg instanceof ParameterizedMessage)) {
 			return source;
+		}
 
 		// get the parameters. If no params we can return
 		Object[] params = msg.getParameters();
-		if (params == null || params.length == 0)
+		if (params == null || params.length == 0) {
 			return source;
+		}
 
 		// check if this event is actually marked as confidential. If not,
 		// return
 		Log4jMarker eventMarker = new Log4jMarker(sourceMarker);
-		if (!eventMarker.contains(SecurityMarkers.CONFIDENTIAL))
+		if (!eventMarker.contains(SecurityMarkers.CONFIDENTIAL)) {
 			return source;
+		}
 
 		// we have a message, parameters, a marker, and it is confidential.
 		// Process
 		for (int i = 0; i < params.length; i++) {
 			params[i] = MASKED_PASSWORD;
 		}
+
+		// create new message
 		Message outMessage = new ParameterizedMessage(msg.getFormat(), params,
 				msg.getThrowable());
-		LogEvent output = new Log4jLogEvent(source.getLoggerName(),
-				source.getMarker(), source.getLoggerFqcn(), source.getLevel(),
-				outMessage, source.getThrown(), source.getContextMap(),
-				source.getContextStack(), source.getThreadName(),
-				source.getSource(), source.getTimeMillis());
+
+		// build new log event for output
+		LogEvent output = new Log4jLogEvent.Builder(source)
+				.setMessage(outMessage).build();
 
 		return output;
 	}

diff --git a/...g4j/src/test/java/org/owasp/security/logging/log4j/ExcludeClassifiedMarkerFilterTest.java b/...g4j/src/test/java/org/owasp/security/logging/log4j/ExcludeClassifiedMarkerFilterTest.java
@@ -18,7 +18,7 @@
 
 import org.apache.logging.log4j.core.Filter;
 import org.apache.logging.log4j.core.LogEvent;
-import org.apache.logging.log4j.junit.InitialLoggerContext;
+import org.apache.logging.log4j.junit.LoggerContextRule;
 import org.apache.logging.log4j.test.appender.ListAppender;
 import org.junit.After;
 import org.junit.Before;
@@ -40,8 +40,7 @@ public class ExcludeClassifiedMarkerFilterTest {
 			.getLogger(ExcludeClassifiedMarkerFilterTest.class);
 
 	@ClassRule
-	public static InitialLoggerContext context = new InitialLoggerContext(
-			CONFIG);
+	public static LoggerContextRule context = new LoggerContextRule(CONFIG);
 
 	ListAppender appender;
 

diff --git a/...-security-logging-log4j/src/test/java/org/owasp/security/logging/log4j/PureLog4jTest.java b/...-security-logging-log4j/src/test/java/org/owasp/security/logging/log4j/PureLog4jTest.java
@@ -13,19 +13,12 @@
  */
 package org.owasp.security.logging.log4j;
 
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
-
-import org.apache.logging.log4j.core.Filter;
-import org.apache.logging.log4j.core.LogEvent;
-import org.apache.logging.log4j.junit.InitialLoggerContext;
+import org.apache.logging.log4j.junit.LoggerContextRule;
 import org.apache.logging.log4j.test.appender.ListAppender;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.ClassRule;
 import org.junit.Test;
-import org.owasp.security.logging.SecurityMarkers;
-import org.owasp.security.logging.log4j.filter.ExcludeClassifiedMarkerFilter;
 
 /**
  *
@@ -39,8 +32,7 @@ public class PureLog4jTest {
 			.getLogger(PureLog4jTest.class);
 
 	@ClassRule
-	public static InitialLoggerContext context = new InitialLoggerContext(
-			CONFIG);
+	public static LoggerContextRule context = new LoggerContextRule(CONFIG);
 
 	ListAppender appender;
 
@@ -63,7 +55,7 @@ public void test() {
 		LOGGER.error("Monster!");
 	}
 
-        /*
+	/*
 	@Test
 	public void testRaw() {
 		// create a new marker filter
@@ -134,6 +126,6 @@ public void testRaw() {
 		LogEvent multiSecurityEvent = appender.getEvents().get(9);
 		assertEquals(Filter.Result.DENY, mkt.filter(multiSecurityEvent));
 	}
-        */
+	 */
 
 }
diff --git a/...ogging-log4j/src/test/java/org/owasp/security/logging/log4j/SecurityMarkerFilterTest.java b/...ogging-log4j/src/test/java/org/owasp/security/logging/log4j/SecurityMarkerFilterTest.java
@@ -19,7 +19,7 @@
 
 import org.apache.logging.log4j.core.Filter;
 import org.apache.logging.log4j.core.LogEvent;
-import org.apache.logging.log4j.junit.InitialLoggerContext;
+import org.apache.logging.log4j.junit.LoggerContextRule;
 import org.apache.logging.log4j.test.appender.ListAppender;
 import org.junit.After;
 import org.junit.Before;
@@ -42,8 +42,7 @@ public class SecurityMarkerFilterTest {
 			.getLogger(SecurityMarkerFilterTest.class);
 
 	@ClassRule
-	public static InitialLoggerContext context = new InitialLoggerContext(
-			CONFIG);
+	public static LoggerContextRule context = new LoggerContextRule(CONFIG);
 
 	ListAppender appender;
 

diff --git a/...-logging-log4j/src/test/java/org/owasp/security/logging/log4j/mask/CRLFConverterTest.java b/...-logging-log4j/src/test/java/org/owasp/security/logging/log4j/mask/CRLFConverterTest.java
@@ -17,7 +17,7 @@
 
 import org.apache.logging.log4j.core.LogEvent;
 import org.apache.logging.log4j.core.pattern.EncodingPatternConverter;
-import org.apache.logging.log4j.junit.InitialLoggerContext;
+import org.apache.logging.log4j.junit.LoggerContextRule;
 import org.apache.logging.log4j.test.appender.ListAppender;
 import org.junit.After;
 import org.junit.Before;
@@ -30,7 +30,7 @@
 /**
  * Log4j already includes a converter to escape carriage returns and line feeds.
  * This test just verifies that it works as expected.
- * 
+ *
  * @author August Detlefsen [augustd@codemagi.com]
  */
 @RunWith(MockitoJUnitRunner.class)
@@ -39,8 +39,7 @@ public class CRLFConverterTest {
 	private static final String CONFIG = "log4j2.xml";
 
 	@ClassRule
-	public static InitialLoggerContext context = new InitialLoggerContext(
-			CONFIG);
+	public static final LoggerContextRule context = new LoggerContextRule(CONFIG);
 
 	private static final org.slf4j.Logger LOGGER = LoggerFactory
 			.getLogger(CRLFConverterTest.class);