org.apache.log4j.SecurePatternLayout Maven / Gradle / Ivy
Show all versions of server-logging Show documentation
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.log4j;
import org.apache.log4j.helpers.PatternConverter;
import org.apache.log4j.helpers.PatternParser;
import org.apache.log4j.spi.LoggingEvent;
// Contributors: Nelson Minar
// Anders Kristensen
/**
This is a modified version of the default PatternLayout that attempts to
prevent malicious injection of content into the log by appending a marker
(\u00D9 by default - ASCII code 174) to the end of each log message. That
marker will be escaped (by \u00AA by default - ASCII code 170) if the message
contains it. Occurrences of the escape character will be replaced by two escape
characters. The stack trace will always be included inside the log message,
and the message will always be followed by the platform specific newline after
the record separator. If the pattern specifies a newline (%n) at the end of the
message that will be ignored. The remainder of this class, documentation, and
behavior remains the same.
----- Original documentation:
A flexible layout configurable with pattern string.
This code is known to have synchronization and other issues
which are not present in org.apache.log4j.EnhancedPatternLayout.
EnhancedPatternLayout should be used in preference to PatternLayout.
EnhancedPatternLayout is distributed in the log4j extras companion.
The goal of this class is to {@link #format format} a {@link
org.apache.log4j.spi.LoggingEvent} and return the results as a String. The results
depend on the conversion pattern.
The conversion pattern is closely related to the conversion
pattern of the printf function in C. A conversion pattern is
composed of literal text and format control expressions called
conversion specifiers.
You are free to insert any literal text within the conversion
pattern.
Each conversion specifier starts with a percent sign (%) and is
followed by optional format modifiers and a conversion
character. The conversion character specifies the type of
data, e.g. category, priority, date, thread name. The format
modifiers control such things as field width, padding, left and
right justification. The following is a simple example.
Let the conversion pattern be "%-5p [%t]: %m%n" and assume
that the log4j environment was set to use a PatternLayout. Then the
statements
Category root = Category.getRoot();
root.debug("Message 1");
root.warn("Message 2");
would yield the output
DEBUG [main]: Message 1
WARN [main]: Message 2
Note that there is no explicit separator between text and
conversion specifiers. The pattern parser knows when it has reached
the end of a conversion specifier when it reads a conversion
character. In the example above the conversion specifier
%-5p means the priority of the logging event should be left
justified to a width of five characters.
The recognized conversion characters are
Conversion Character
Effect
c
Used to output the category of the logging event. The
category conversion specifier can be optionally followed by
precision specifier, that is a decimal constant in
brackets.
If a precision specifier is given, then only the corresponding
number of right most components of the category name will be
printed. By default the category name is printed in full.
For example, for the category name "a.b.c" the pattern
%c{2} will output "b.c".
C
Used to output the fully qualified class name of the caller
issuing the logging request. This conversion specifier
can be optionally followed by precision specifier, that
is a decimal constant in brackets.
If a precision specifier is given, then only the corresponding
number of right most components of the class name will be
printed. By default the class name is output in fully qualified form.
For example, for the class name "org.apache.xyz.SomeClass", the
pattern %C{1} will output "SomeClass".
WARNING Generating the caller class information is
slow. Thus, use should be avoided unless execution speed is
not an issue.
d Used to output the date of
the logging event. The date conversion specifier may be
followed by a date format specifier enclosed between
braces. For example, %d{HH:mm:ss,SSS} or
%d{dd MMM yyyy HH:mm:ss,SSS}. If no
date format specifier is given then ISO8601 format is
assumed.
The date format specifier admits the same syntax as the
time pattern string of the {@link
java.text.SimpleDateFormat}. Although part of the standard
JDK, the performance of SimpleDateFormat is
quite poor.
For better results it is recommended to use the log4j date
formatters. These can be specified using one of the strings
"ABSOLUTE", "DATE" and "ISO8601" for specifying {@link
org.apache.log4j.helpers.AbsoluteTimeDateFormat
AbsoluteTimeDateFormat}, {@link
org.apache.log4j.helpers.DateTimeDateFormat DateTimeDateFormat}
and respectively {@link
org.apache.log4j.helpers.ISO8601DateFormat
ISO8601DateFormat}. For example, %d{ISO8601} or
%d{ABSOLUTE}.
These dedicated date formatters perform significantly
better than {@link java.text.SimpleDateFormat}.
F
Used to output the file name where the logging request was
issued.
WARNING Generating caller location information is
extremely slow and should be avoided unless execution speed
is not an issue.
l
Used to output location information of the caller which generated
the logging event.
The location information depends on the JVM implementation but
usually consists of the fully qualified name of the calling
method followed by the callers source the file name and line
number between parentheses.
The location information can be very useful. However, its
generation is extremely slow and should be avoided
unless execution speed is not an issue.
L
Used to output the line number from where the logging request
was issued.
WARNING Generating caller location information is
extremely slow and should be avoided unless execution speed
is not an issue.
m
Used to output the application supplied message associated with
the logging event.
M
Used to output the method name where the logging request was
issued.
WARNING Generating caller location information is
extremely slow and should be avoided unless execution speed
is not an issue.
n
Outputs the platform dependent line separator character or
characters.
This conversion character offers practically the same
performance as using non-portable line separator strings such as
"\n", or "\r\n". Thus, it is the preferred way of specifying a
line separator.
p
Used to output the priority of the logging event.
r
Used to output the number of milliseconds elapsed from the construction
of the layout until the creation of the logging event.
t
Used to output the name of the thread that generated the
logging event.
x
Used to output the NDC (nested diagnostic context) associated
with the thread that generated the logging event.
X
Used to output the MDC (mapped diagnostic context) associated
with the thread that generated the logging event. The X
conversion character must be followed by the key for the
map placed between braces, as in %X{clientNumber} where
clientNumber is the key. The value in the MDC
corresponding to the key will be output.
See {@link org.apache.log4j.MDC} class for more details.
%
The sequence %% outputs a single percent sign.
By default the relevant information is output as is. However,
with the aid of format modifiers it is possible to change the
minimum field width, the maximum field width and justification.
The optional format modifier is placed between the percent sign
and the conversion character.
The first optional format modifier is the left justification
flag which is just the minus (-) character. Then comes the
optional minimum field width modifier. This is a decimal
constant that represents the minimum number of characters to
output. If the data item requires fewer characters, it is padded on
either the left or the right until the minimum width is
reached. The default is to pad on the left (right justify) but you
can specify right padding with the left justification flag. The
padding character is space. If the data item is larger than the
minimum field width, the field is expanded to accommodate the
data. The value is never truncated.
This behavior can be changed using the maximum field
width modifier which is designated by a period followed by a
decimal constant. If the data item is longer than the maximum
field, then the extra characters are removed from the
beginning of the data item and not from the end. For
example, it the maximum field width is eight and the data item is
ten characters long, then the first two characters of the data item
are dropped. This behavior deviates from the printf function in C
where truncation is done from the end.
Below are various format modifier examples for the category
conversion specifier.
Format modifier
left justify
minimum width
maximum width
comment
%20c
false
20
none
Left pad with spaces if the category name is less than 20
characters long.
%-20c true 20 none Right pad with
spaces if the category name is less than 20 characters long.
%.30c
NA
none
30
Truncate from the beginning if the category name is longer than 30
characters.
%20.30c
false
20
30
Left pad with spaces if the category name is shorter than 20
characters. However, if category name is longer than 30 characters,
then truncate from the beginning.
%-20.30c
true
20
30
Right pad with spaces if the category name is shorter than 20
characters. However, if category name is longer than 30 characters,
then truncate from the beginning.
Below are some examples of conversion patterns.
- %r [%t] %-5p %c %x - %m%n
- This is essentially the TTCC layout.
- %-6r [%15.15t] %-5p %30.30c %x - %m%n
- Similar to the TTCC layout except that the relative time is
right padded if less than 6 digits, thread name is right padded if
less than 15 characters and truncated if longer and the category
name is left padded if shorter than 30 characters and truncated if
longer.
The above text is largely inspired from Peter A. Darnell and
Philip E. Margolis' highly recommended book "C -- a Software
Engineering Approach", ISBN 0-387-97389-3.
@author James P. Cakalic
@author Ceki Gülcü
@since 0.8.2 */
public class SecurePatternLayout extends Layout {
/**
* Default character to use to mark boundaries between log messages.
*/
private static final String DEFAULT_RECORD_SEPARATOR = "\u00AE";
/**
* Default character to use to escape occurrences of the record separator
* withing messages. If this escape character occurs it will be duplicated
* (one escape character is replaced with two escape characters).
*/
private static final String DEFAULT_ESCAPE_CHARACTER = DEFAULT_RECORD_SEPARATOR;
/** Default pattern string for log output. Currently set to the
string "%m%n" which just prints the application supplied
message. */
public final static String DEFAULT_CONVERSION_PATTERN ="%m%n";
/** A conversion pattern equivalent to the TTCCCLayout.
Current value is %r [%t] %p %c %x - %m%n. */
public final static String TTCC_CONVERSION_PATTERN
= "%r [%t] %p %c %x - %m%n";
protected final int BUF_SIZE = 256;
protected final int MAX_CAPACITY = 1024;
// output buffer appended to when format() is invoked
private StringBuffer sbuf = new StringBuffer(BUF_SIZE);
private String pattern;
private PatternConverter head;
private String recordSeparator = DEFAULT_RECORD_SEPARATOR;
private String escapeCharacter = DEFAULT_ESCAPE_CHARACTER;
/**
Constructs a PatternLayout using the DEFAULT_LAYOUT_PATTERN.
The default pattern just produces the application supplied message.
*/
public SecurePatternLayout() {
this(DEFAULT_CONVERSION_PATTERN);
}
/**
Constructs a PatternLayout using the supplied conversion pattern.
*/
public SecurePatternLayout(String pattern) {
this.pattern = pattern;
head = createPatternParser((pattern == null) ? DEFAULT_CONVERSION_PATTERN :
pattern).parse();
}
/**
Set the ConversionPattern option. This is the string which
controls formatting and consists of a mix of literal content and
conversion specifiers.
*/
public
void setConversionPattern(String conversionPattern) {
pattern = conversionPattern;
head = createPatternParser(conversionPattern).parse();
}
/**
Returns the value of the ConversionPattern option.
*/
public
String getConversionPattern() {
return pattern;
}
/**
* Set the RecordSeparator option. This is a string which indicates
* the boundary between log messages. If any part of a log message contains
* this string it will be escaped using the {@link #setEscapeCharacter(String)}.
* The default value is {@link #DEFAULT_RECORD_SEPARATOR}.
*/
public void setRecordSeparator(String recordSeparator) {
this.recordSeparator = recordSeparator;
}
public String getRecordSeparator() {
return recordSeparator;
}
/**
* Set the EscapeCharacter option. This is a string which will be used
* to escape occurrences of the {@link #setRecordSeparator(String)} within the
* log message. Occurrences of this character within the log message will be
* replaces by a sequence of two of these characters. The default value is
* {@link #DEFAULT_ESCAPE_CHARACTER}, which is the same as the default record
* separator. If the record separator and escape character are the same, then
* occurrences within the message will be escaped only once.
*/
public void setEscapeCharacter(String escapeCharacter) {
this.escapeCharacter = escapeCharacter;
}
public String getEscapeCharacter() {
return escapeCharacter;
}
/**
Does not do anything as options become effective
*/
public
void activateOptions() {
// nothing to do.
}
/**
* This modified version does handle the throwable so it will be included inside
* the escaped content, so this method now returns false.
*
* @since 0.8.4
*/
public
boolean ignoresThrowable() {
return false;
}
/**
Returns PatternParser used to parse the conversion string. Subclasses
may override this to return a subclass of PatternParser which recognize
custom conversion characters.
@since 0.9.0
*/
protected PatternParser createPatternParser(String pattern) {
return new PatternParser(pattern);
}
/**
Produces a formatted string as specified by the conversion pattern.
*/
public String format(LoggingEvent event) {
// Reset working stringbuffer
if(sbuf.capacity() > MAX_CAPACITY) {
sbuf = new StringBuffer(BUF_SIZE);
} else {
sbuf.setLength(0);
}
PatternConverter c = head;
while(c != null) {
c.format(sbuf, event);
c = c.next;
}
// Include the throwable, if any, so it will be properly escaped and wrapped
String[] s = event.getThrowableStrRep();
if (s != null) {
int len = s.length;
for(int i = 0; i < len; i++) {
sbuf.append(s[i]);
sbuf.append(Layout.LINE_SEP);
}
}
// Escape any occurences of the escape character in the content
int offset = 0;
int nextOccurence;
while ((nextOccurence = sbuf.indexOf(escapeCharacter, offset)) != -1) {
sbuf.insert(nextOccurence, escapeCharacter);
offset = nextOccurence + 2;
}
// Escape any occurences of the record separator in the content
if (!recordSeparator.equals(escapeCharacter)) {
offset = 0;
while ((nextOccurence = sbuf.indexOf(recordSeparator, offset)) != -1) {
sbuf.insert(nextOccurence, escapeCharacter);
offset = nextOccurence + 2;
}
}
// Add the end mark, adjusting the line separator, if any
if (sbuf.lastIndexOf(Layout.LINE_SEP) == sbuf.length() - Layout.LINE_SEP_LEN) {
sbuf.insert(sbuf.length() - Layout.LINE_SEP_LEN, recordSeparator);
} else {
sbuf.append(recordSeparator);
sbuf.append(Layout.LINE_SEP);
}
return sbuf.toString();
}
}