Merge branch 'develop' of github.com:ESAPI/esapi-java-legacy into develop

Author: kwwall

.snyk

@@ -0,0 +1,7 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.14.0
+ignore:
+   SNYK-JAVA-COMMONSIO-1277109:
+     - commons-io:commons-io:
+       reason: ESAPI cannot upgrade past the current commons-io version and still maintain Java 7 compatibility
+       expires: '2025-12-30T00:00:00.000Z'

pom.xml

@@ -135,7 +135,7 @@
         <version.jmh>1.28</version.jmh>
         <!-- Note: powermock v2.0.8 doesn't exist. v2.0.9+ requires mockito-core v3+, which requires Java 8 -->
         <version.powermock>2.0.7</version.powermock>
-        <version.spotbugs>4.2.2</version.spotbugs>
+        <version.spotbugs>4.2.3</version.spotbugs>
         <version.spotbugs.maven>4.2.2</version.spotbugs.maven>
         <version.surefire>3.0.0-M5</version.surefire>
     </properties>
@@ -237,19 +237,23 @@
         <dependency>
             <groupId>org.owasp.antisamy</groupId>
             <artifactId>antisamy</artifactId>
-            <version>1.6.3</version>
+            <version>1.6.4</version>
             <exclusions>
                 <!-- excluded because we pick up much newer version -->
                 <exclusion>
                     <groupId>commons-io</groupId>
                     <artifactId>commons-io</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>org.slf4j</groupId>
+                    <artifactId>slf4j-api</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
-            <version>1.7.30</version>
+            <version>1.7.32</version>
         </dependency>
         <dependency>
             <groupId>xml-apis</groupId>

src/main/java/org/owasp/esapi/logging/java/JavaLogger.java

@@ -24,7 +24,7 @@ public class JavaLogger implements org.owasp.esapi.Logger {
     /** Handler for translating events from ESAPI context for Java processing.*/
     private final JavaLogBridge logBridge;
     /** Maximum log level that will be forwarded to Java from the ESAPI context.*/
-    private int maxLogLevel;
+    private int loggingLevel;
 
     /**
      * Constructs a new instance. 
@@ -35,7 +35,7 @@ public class JavaLogger implements org.owasp.esapi.Logger {
     public JavaLogger(java.util.logging.Logger JavaLogger, JavaLogBridge bridge, int defaultEsapiLevel) {
         delegate = JavaLogger;
         this.logBridge = bridge;
-        maxLogLevel = defaultEsapiLevel;
+        loggingLevel = defaultEsapiLevel;
     }
 
     private void log(int esapiLevel, EventType type, String message) {
@@ -52,8 +52,7 @@ private void log(int esapiLevel, EventType type, String message, Throwable throw
 
 
     private boolean isEnabled(int esapiLevel) {
-        //Are Logger.OFF and Logger.ALL reversed?  This should be simply the less than or equal to check...
-        return (esapiLevel <= maxLogLevel && maxLogLevel != Logger.OFF) || maxLogLevel == Logger.ALL;
+        return esapiLevel >= loggingLevel;
     }
 
     @Override
@@ -128,7 +127,7 @@ public void fatal(EventType type, String message, Throwable throwable) {
 
     @Override
     public int getESAPILevel() {
-        return maxLogLevel;
+        return loggingLevel;
     }
 
     @Override
@@ -162,7 +161,7 @@ public boolean isFatalEnabled() {
 
     @Override
     public void setLevel(int level) {
-        maxLogLevel = level;
+        loggingLevel = level;
     }
 
 }

src/main/java/org/owasp/esapi/logging/log4j/Log4JLogger.java

@@ -25,7 +25,7 @@ public class Log4JLogger implements org.owasp.esapi.Logger {
     /** Handler for translating events from ESAPI context for SLF4J processing.*/
     private final Log4JLogBridge logBridge;
     /** Maximum log level that will be forwarded to SLF4J from the ESAPI context.*/
-    private int maxLogLevel;
+    private int loggingLevel;
 
     /**
      * Constructs a new instance. 
@@ -36,7 +36,7 @@ public class Log4JLogger implements org.owasp.esapi.Logger {
     public Log4JLogger(org.apache.log4j.Logger slf4JLogger, Log4JLogBridge bridge, int defaultEsapiLevel) {
         delegate = slf4JLogger;
         this.logBridge = bridge;
-        maxLogLevel = defaultEsapiLevel;
+        loggingLevel = defaultEsapiLevel;
     }
 
     private void log(int esapiLevel, EventType type, String message) {
@@ -53,8 +53,7 @@ private void log(int esapiLevel, EventType type, String message, Throwable throw
 
 
     private boolean isEnabled(int esapiLevel) {
-        //Are Logger.OFF and Logger.ALL reversed?  This should be simply the less than or equal to check...
-        return (esapiLevel <= maxLogLevel && maxLogLevel != Logger.OFF) || maxLogLevel == Logger.ALL;
+        return esapiLevel >= loggingLevel;
     }
 
     @Override
@@ -129,7 +128,7 @@ public void fatal(EventType type, String message, Throwable throwable) {
 
     @Override
     public int getESAPILevel() {
-        return maxLogLevel;
+        return loggingLevel;
     }
 
     @Override
@@ -163,7 +162,7 @@ public boolean isFatalEnabled() {
 
     @Override
     public void setLevel(int level) {
-        maxLogLevel = level;
+        loggingLevel = level;
     }
 
 }

src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogger.java

@@ -24,7 +24,7 @@ public class Slf4JLogger implements org.owasp.esapi.Logger {
     /** Handler for translating events from ESAPI context for SLF4J processing.*/
     private final Slf4JLogBridge logBridge;
     /** Maximum log level that will be forwarded to SLF4J from the ESAPI context.*/
-    private int maxLogLevel;
+    private int loggingLevel;
 
     /**
      * Constructs a new instance. 
@@ -35,7 +35,7 @@ public class Slf4JLogger implements org.owasp.esapi.Logger {
     public Slf4JLogger(org.slf4j.Logger slf4JLogger, Slf4JLogBridge bridge, int defaultEsapiLevel) {
         delegate = slf4JLogger;
         this.logBridge = bridge;
-        maxLogLevel = defaultEsapiLevel;
+        loggingLevel = defaultEsapiLevel;
     }
 
     private void log(int esapiLevel, EventType type, String message) {
@@ -52,8 +52,7 @@ private void log(int esapiLevel, EventType type, String message, Throwable throw
 
 
     private boolean isEnabled(int esapiLevel) {
-        //Are Logger.OFF and Logger.ALL reversed?  This should be simply the less than or equal to check...
-        return (esapiLevel <= maxLogLevel && maxLogLevel != Logger.OFF) || maxLogLevel == Logger.ALL;
+       return esapiLevel >= loggingLevel;
     }
 
     @Override
@@ -128,7 +127,7 @@ public void fatal(EventType type, String message, Throwable throwable) {
 
     @Override
     public int getESAPILevel() {
-        return maxLogLevel;
+        return loggingLevel;
     }
 
     @Override
@@ -162,7 +161,7 @@ public boolean isFatalEnabled() {
 
     @Override
     public void setLevel(int level) {
-       maxLogLevel = level;
+       loggingLevel = level;
     }
 
 }

src/test/java/org/owasp/esapi/logging/java/JavaLoggerTest.java

@@ -46,12 +46,12 @@ public void setup() {
     public void testLevelEnablement() {
         testLogger.setLevel(Logger.INFO);
 
-        Assert.assertFalse(testLogger.isFatalEnabled());
-        Assert.assertFalse(testLogger.isErrorEnabled());
-        Assert.assertFalse(testLogger.isWarningEnabled());
+        Assert.assertTrue(testLogger.isFatalEnabled());
+        Assert.assertTrue(testLogger.isErrorEnabled());
+        Assert.assertTrue(testLogger.isWarningEnabled());
         Assert.assertTrue(testLogger.isInfoEnabled());
-        Assert.assertTrue(testLogger.isDebugEnabled());
-        Assert.assertTrue(testLogger.isTraceEnabled());
+        Assert.assertFalse(testLogger.isDebugEnabled());
+        Assert.assertFalse(testLogger.isTraceEnabled());
 
         Assert.assertEquals(Logger.INFO, testLogger.getESAPILevel());
     }

src/test/java/org/owasp/esapi/logging/log4j/Log4JLoggerTest.java

@@ -36,12 +36,12 @@ public class Log4JLoggerTest {
     public void testLevelEnablement() {
         testLogger.setLevel(Logger.INFO);
 
-        Assert.assertFalse(testLogger.isFatalEnabled());
-        Assert.assertFalse(testLogger.isErrorEnabled());
-        Assert.assertFalse(testLogger.isWarningEnabled());
+        Assert.assertTrue(testLogger.isFatalEnabled());
+        Assert.assertTrue(testLogger.isErrorEnabled());
+        Assert.assertTrue(testLogger.isWarningEnabled());
         Assert.assertTrue(testLogger.isInfoEnabled());
-        Assert.assertTrue(testLogger.isDebugEnabled());
-        Assert.assertTrue(testLogger.isTraceEnabled());
+        Assert.assertFalse(testLogger.isDebugEnabled());
+        Assert.assertFalse(testLogger.isTraceEnabled());
 
         Assert.assertEquals(Logger.INFO, testLogger.getESAPILevel());
     }

src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLoggerTest.java

@@ -34,12 +34,12 @@ public class Slf4JLoggerTest {
     public void testLevelEnablement() {
         testLogger.setLevel(Logger.INFO);
 
-        Assert.assertFalse(testLogger.isFatalEnabled());
-        Assert.assertFalse(testLogger.isErrorEnabled());
-        Assert.assertFalse(testLogger.isWarningEnabled());
+        Assert.assertTrue(testLogger.isFatalEnabled());
+        Assert.assertTrue(testLogger.isErrorEnabled());
+        Assert.assertTrue(testLogger.isWarningEnabled());
         Assert.assertTrue(testLogger.isInfoEnabled());
-        Assert.assertTrue(testLogger.isDebugEnabled());
-        Assert.assertTrue(testLogger.isTraceEnabled());
+        Assert.assertFalse(testLogger.isDebugEnabled());
+        Assert.assertFalse(testLogger.isTraceEnabled());
 
         Assert.assertEquals(Logger.INFO, testLogger.getESAPILevel());
     }