Defaulting ESAPI to Java Logger

jeremiahjstacey · jeremiahjstacey · commit 16f7ee1f0a5a · 2019-12-08T17:57:42.000-06:00
Updating ESAPI.properties to use the Java Logger.

Providing a test-scope property file to improve the log content and format
for the java implementation.

Updating the JavaLogFactory to read and apply the properties file.
diff --git a/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java b/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java
@@ -14,10 +14,15 @@
  */
 package org.owasp.esapi.logging.java;
 
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.io.PrintStream;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.logging.LogManager;
 
 import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.LogFactory;
@@ -67,6 +72,29 @@ public class JavaLogFactory implements LogFactory {
         //LEVEL.OFF not used.  If it's off why would we try to log it?
         
         LOG_BRIDGE = new JavaLogBridgeImpl(JAVA_LOG_APPENDER, JAVA_LOG_SCRUBBER, levelLookup);
+        
+        /*
+         * This will load the logging properties file to control the format of the output for Java logs.
+         */
+        try (InputStream stream = JavaLogFactory.class.getClassLoader().
+        		getResourceAsStream("esapi-java-logging.properties")) {
+        	LogManager.getLogManager().readConfiguration(stream);
+        } catch (IOException ioe) {
+        	ioe.printStackTrace();
+        }
+        
+        /*
+         * This is a convenience for me -- turns off all System.out.println cruft in the terminal so I can view the logs.
+         * FIXME:  Probably need to remove this before the end of the effort.
+         */
+        /*
+        System.setOut(new PrintStream(new OutputStream() {
+            public void write(int b) {
+                //DO NOTHING
+            }
+        }));
+        
+        */
     }
     
     /**
diff --git a/src/test/resources/esapi-java-logging.properties b/src/test/resources/esapi-java-logging.properties
@@ -0,0 +1,6 @@
+handlers= java.util.logging.ConsoleHandler
+.level= INFO
+java.util.logging.ConsoleHandler.level = INFO
+java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
+java.util.logging.SimpleFormatter.format=[%1$tF %1$tT] [%3$-7s] %5$s %n
+#https://www.logicbig.com/tutorials/core-java-tutorial/logging/customizing-default-format.html
diff --git a/src/test/resources/esapi/ESAPI.properties b/src/test/resources/esapi/ESAPI.properties
@@ -97,7 +97,7 @@ ESAPI.Executor=org.owasp.esapi.reference.DefaultExecutor
 ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities
 ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
 # Log4JFactory Requires log4j.xml or log4j.properties in classpath - http://www.laliluna.de/log4j-tutorial.html
-ESAPI.Logger=org.owasp.esapi.reference.Log4JLogFactory
+ESAPI.Logger=org.owasp.esapi.logging.java.JavaLogFactory
 #ESAPI.Logger=org.owasp.esapi.reference.JavaLogFactory
 #ESAPI.Logger=org.owasp.esapi.reference.ExampleExtendedLog4JLogFactory
 # To use the new SLF4J logger in ESAPI (see GitHub issue #129), set
