Adding properties for logging user/client info

jeremiahjstacey · jeremiahjstacey · commit f4921e35d050 · 2019-12-29T03:43:52.000-06:00
Taking property implementation from cristiantm in PR #529 for issue #527. Adding properties for whether to log the username information and/or the client connection information to the DefaultSecurityConfiguration. Applying the default TRUE state to ESAPI.properties in both test and configuration scope.
diff --git a/configuration/esapi/ESAPI.properties b/configuration/esapi/ESAPI.properties
@@ -391,7 +391,10 @@ Logger.LogServerIP=true
 Logger.LogFileName=ESAPI_logging_file
 # MaxLogFileSize, the max size (in bytes) of a single log file before it cuts over to a new one (default is 10,000,000)
 Logger.MaxLogFileSize=10000000
-
+# Determines whether ESAPI should log the user info.
+Logger.UserInfo=true
+# Determines whether ESAPI should log the app info.
+Logger.AppInfo=true
 
 #===========================================================================
 # ESAPI Intrusion Detection
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
@@ -152,6 +152,8 @@ public static SecurityConfiguration getInstance() {
     public static final String LOG_ENCODING_REQUIRED = "Logger.LogEncodingRequired";
     public static final String LOG_APPLICATION_NAME = "Logger.LogApplicationName";
     public static final String LOG_SERVER_IP = "Logger.LogServerIP";
+    public static final String LOG_USER_INFO = "Logger.UserInfo";
+    public static final String LOG_APP_INFO = "Logger.AppInfo";
     public static final String VALIDATION_PROPERTIES = "Validator.ConfigurationFile";
     public static final String VALIDATION_PROPERTIES_MULTIVALUED = "Validator.ConfigurationFile.MultiValued";
     public static final String ACCEPT_LENIENT_DATES = "Validator.AcceptLenientDates";
diff --git a/src/test/resources/esapi/ESAPI.properties b/src/test/resources/esapi/ESAPI.properties
@@ -424,7 +424,10 @@ Logger.LogServerIP=true
 Logger.LogFileName=ESAPI_logging_file
 # MaxLogFileSize, the max size (in bytes) of a single log file before it cuts over to a new one (default is 10,000,000)
 Logger.MaxLogFileSize=10000000
-
+# Determines whether ESAPI should log the user info.
+Logger.UserInfo=true
+# Determines whether ESAPI should log the app info.
+Logger.AppInfo=true
 
 #===========================================================================
 # ESAPI Intrusion Detection
