Added logging and reference implementation using Log4js

chrisisbeef · chrisisbeef · commit e8712b00140b · 2010-01-16T09:06:58.000Z
diff --git a/dist/esapi.js b/dist/esapi.js
@@ -209,7 +209,8 @@ if ( !IllegalArgumentException ) {
 
 var $ESAPI_Properties = {
     logger: {
-        Level: Log4js.Level.ALL,
+        Implementation: 'org.owasp.esapi.reference.logging.Log4jsLogFactory',
+        Level: Level.WARNING,
         Appenders: [ Log4js.ConsoleAppender ]
     },
 
diff --git a/src/main/javascript/core.js b/src/main/javascript/core.js
@@ -99,6 +99,14 @@ if (!String.prototype.endsWith) {
     };
 }
 
+if (!Object.prototype.implements) {
+    Object.prototype.implements = function( oClazz ) {
+        for ( p in oClazz.prototype ) {
+            eval("if ( !this."+p+" ) { throw new SyntaxError(oClazz.constructor.toString() + ' must implement ' + property.toString() ); }");
+        }
+    };
+}
+
 // Declare Core Exceptions
 if ( !Exception ) {
     var Exception = function( sMsg, oException ) {
diff --git a/src/main/javascript/esapi.properties.js b/src/main/javascript/esapi.properties.js
@@ -12,9 +12,10 @@
  */
 
 var $ESAPI_Properties = {
-    logger: {
-        Level: Log4js.Level.ALL,
-        Appenders: [ Log4js.ConsoleAppender ]
+    logging: {
+        Implementation: 'org.owasp.esapi.reference.logging.Log4JSLogFactory',
+        Level: 'org.owasp.esapi.Logger.ALL',
+        Appenders: [ new Log4js.ConsoleAppender() ]
     },
 
     encoder: {
diff --git a/src/main/javascript/org.owasp.esapi.js b/src/main/javascript/org.owasp.esapi.js
@@ -34,6 +34,19 @@ org.owasp.esapi = {
         };
     },
 
+    HTTPUtilities: function() {
+        return {
+            addCookie: false,
+            getSessionID: false,
+            getCookie: false,
+            killAllCookies: false,
+            killCookie: false,
+            logHTTPRequest: false,
+            sendForward: false,
+            getRequestParameter: false
+        };
+    },
+
     IntrusionException: function(sUserMessage, sLogMessage, oCause) {
         var _super = new org.owasp.esapi.EnterpriseSecurityException(sUserMessage, sLogMessage, oCause);
 
@@ -46,6 +59,53 @@ org.owasp.esapi = {
         };
     },
 
+    LogFactory: function() {
+        return {
+            getLogger: false
+        };
+    },
+
+    Logger: {
+        EventType: function( sName, bNewSuccess ) {
+            var type = sName;
+            var success = bNewSuccess;
+
+            return {
+                isSuccess: function() {
+                    return success;
+                },
+
+                toString: function() {
+                    return type;
+                }
+            };
+        },
+
+        OFF: Number.MAX_VALUE,
+        FATAL: 1000,
+        ERROR: 800,
+        WARNING: 600,
+        INFO: 400,
+        DEBUG: 200,
+        TRACE: 100,
+        ALL: Number.MIN_VALUE,
+
+        prototype: {
+            setLevel: false,
+            fatal: false,
+            error: false,
+            isErrorEnabled: false,
+            warning: false,
+            isWarningEnabled: false,
+            info: false,
+            isInfoEnabled: false,
+            debug: false,
+            isDebugEnabled: false,
+            trace: false,
+            isTraceEnabled: false
+        }
+    },
+
     PreparedString: function(sTemplate, oCodec, sParameterCharacter) {
         // Private Scope
         var parts = [];
@@ -101,11 +161,72 @@ org.owasp.esapi = {
         };
     },
 
+    ValidationErrorList: function() {
+        var errorList = Array();
+
+        return {
+            addError: function( sContext, oValidationException ) {
+                if ( sContext == null ) throw new RuntimeException( "Context cannot be null: " + oValidationException.getLogMessage(), oValidationException );
+                if ( oValidationException == null ) throw new RuntimeException( "Context (" + sContext + ") - Error cannot be null" );
+                if ( errorList[sContext] ) throw new RuntimeException( "Context (" + sContext + ") already exists. must be unique." );
+                errorList[sContext] = oValidationException;
+            },
+
+            errors: function() {
+                return errorList;
+            },
+
+            isEmpty: function() {
+                return errorList.length == 0;
+            },
+
+            size: function() {
+                return errorList.length;
+            }
+        };
+    },
+
+    ValidationRule: function() {
+        return {
+            getValid: false,
+            setAllowNull: false,
+            getTypeName: false,
+            setTypeName: false,
+            setEncoder: false,
+            assertValid: false,
+            getValid: false,
+            getSafe: false,
+            isValid: false,
+            whitelist: false
+        };
+    },
+
+    Validator: function() {
+        return {
+            addRule: false,
+            getRule: false,
+            getValidInput: false,
+            isValidDate: false,
+            getValidDate: false,
+            isValidSafeHTML: false,
+            getValidSafeHTML: false,
+            isValidCreditCard: false,
+            getValidCreditCard: false,
+            isValidFilename: false,
+            getValidFilename: false,
+            isValidNumber: false,
+            getValidNumber: false,
+            isValidPrintable: false,
+            getValidPrintable: false
+        };
+    },
+
     ESAPI: function() {
         var _properties = $ESAPI_Properties;
 
         var _encoder = null;
         var _validator = null;
+        var _logFactory = null;
 
         return {
             properties: _properties,
@@ -118,13 +239,16 @@ org.owasp.esapi = {
                 return _encoder;
             },
 
-            logger: function(sModuleName) {
-                var _logger = Log4js.getLogger(sModuleName);
-                _logger.setLevel(_properties.logger.level);
-                for (var i = 0; i < _properties.logger.appenders.length; i++) {
-                    _logger.addAppender(new _properties.logger.appenders[i]());
+            logFactory: function() {
+                eval('$require('+_properties.logging.Implementation+');');
+                if ( !_logFactory ) {
+                    eval("_logFactory = new " + _properties.logging.Implementation + "();" );
                 }
-                return _logger;
+                return _logFactory;
+            },
+
+            logger: function(sModuleName) {
+                return this.logFactory().getLogger(sModuleName);
             },
 
             validator: function() {
diff --git a/src/main/javascript/org.owasp.esapi.reference.logging.js b/src/main/javascript/org.owasp.esapi.reference.logging.js
@@ -0,0 +1,142 @@
+/*
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2008 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ */
+
+$namespace('org.owasp.esapi.reference.logging');
+
+org.owasp.esapi.reference.logging = {
+    Log4JSLogFactory: function() {
+        var loggersMap = Array();
+
+        var Log4JSLogger = function( sModuleName ) {
+            var jsLogger = null;
+            var moduleName = null;
+            var Level = Log4js.Level;
+
+            jsLogger = Log4js.getLogger( moduleName );
+
+            var convertESAPILevel = function( nLevel ) {
+                var Logger = org.owasp.esapi.Logger;
+                switch (nLevel) {
+                    case Logger.OFF:        return Log4js.Level.OFF;
+                    case Logger.FATAL:      return Log4js.Level.FATAL;
+                    case Logger.ERROR:      return Log4js.Level.ERROR;
+                    case Logger.WARNING:    return Log4js.Level.WARN;
+                    case Logger.INFO:       return Log4js.Level.INFO;
+                    case Logger.DEBUG:      return Log4js.Level.DEBUG;
+                    case Logger.TRACE:      return Log4js.Level.TRACE;
+                    case Logger.ALL:        return Log4js.Level.ALL;
+                }
+            };
+
+            return {
+                setLevel: function( nLevel ) {
+                    try {
+                        jsLogger.setLevel( convertESAPILevel( nLevel ) );
+                    } catch (e) {
+                        this.error( org.owasp.esapi.Logger.SECURITY_FAILURE, "", e );
+                    }
+                },
+
+                trace: function( oEventType, sMessage, oException ) {
+                    this.log( Level.TRACE, oEventType, sMessage, oException );
+                },
+
+                debug: function( oEventType, sMessage, oException ) {
+                    this.log( Level.DEBUG, oEventType, sMessage, oException );
+                },
+
+                info: function( oEventType, sMessage, oException ) {
+                    this.log( Level.INFO, oEventType, sMessage, oException );
+                },
+
+                warning: function( oEventType, sMessage, oException ) {
+                    this.log( Level.WARN, oEventType, sMessage, oException );
+                },
+
+                error: function( oEventType, sMessage, oException ) {
+                    this.log( Level.ERROR, oEventType, sMessage, oException );
+                },
+
+                fatal: function( oEventType, sMessage, oException ) {
+                    this.log( Level.FATAL, oEventType, sMessage, oException );
+                },
+
+                log: function( oLevel, oEventType, sMessage, oException ) {
+                    switch(oLevel) {
+                        case Level.TRACE:       if ( !jsLogger.isTraceEnabled() ) { return; } break;
+                        case Level.DEBUG:       if ( !jsLogger.isDebugEnabled() ) { return; } break;
+                        case Level.INFO:        if ( !jsLogger.isInfoEnabled()  ) { return; } break;
+                        case Level.WARNING:     if ( !jsLogger.isWarnEnabled()  ) { return; } break;
+                        case Level.ERROR:       if ( !jsLogger.isErrorEnabled() ) { return; } break;
+                        case Level.FATAL:       if ( !jsLogger.isFatalEnabled() ) { return; } break;
+                    }
+
+                    if ( !sMessage ) {
+                        sMessage = "";
+                    }
+
+                    var clean = sMessage.replace("\n","_").replace("\r","_");
+                    if ( $ESAPI.properties.logging.EncodingRequired ) {
+                        clean = $ESAPI.encoder().encodeForHTML(clean);
+                        if ( clean != sMessage) {
+                            clean += " [Encoded]";
+                        }
+                    }
+
+                    var appInfo =   ( $ESAPI.properties.logging.LogUrl ? window.location.href : "" ) +
+                                    ( $ESAPI.properties.logging.LogApplicationName ? "/" + $ESAPI.properties.logging.ApplicationName : "" );
+
+                    jsLogger.log( oLevel, appInfo != "" ? "[" + appInfo + "] " : "" + clean, oException );
+                },
+
+                addAppender: function( oAppender ) {
+                    jsLogger.addAppender( oAppender );
+                },
+
+                isDebugEnabled: function()   { return jsLogger.isDebugEnabled(); },
+                isErrorEnabled: function()   { return jsLogger.isErrorEnabled(); },
+                isFatalEnabled: function()   { return jsLogger.isFatalEnabled(); },
+                isInfoEnabled: function()    { return jsLogger.isInfoEnabled(); },
+                isTraceEnabled: function()   { return jsLogger.isTraceEnabled(); },
+                isWarningEnabled: function() { return jsLogger.isWarnEnabled(); }
+            };
+        };
+
+        return {
+            getLogger: function ( moduleName ) {
+                var key = ( typeof moduleName == 'string' ) ? moduleName : moduleName.constructor.toString();
+                var logger = loggersMap[key];
+                if ( !logger ) {
+                    logger = new Log4JSLogger(key);
+
+                    if ( Log4js.config && Log4js.config[moduleName] ) {
+                        logger.setLevel( Log4js.config[moduleName].level?Log4js.config[moduleName].level:eval($ESAPI.properties.logging.Level));
+                        if ( Log4js.config[moduleName].appenders ) {
+                            Log4js.config[moduleName].appenders.each(function(e){
+                                logger.addAppender(e);
+                            });
+                        }
+                    } else {
+                        eval('logger.setLevel( '+$ESAPI.properties.logging.Level+' );');
+                        $ESAPI.properties.logging.Appenders.each(function(e){
+                            logger.addAppender(e);
+                        });
+                    }
+
+                    loggersMap[key] = logger;
+                }
+                return logger;
+            }
+        };
+    }
+};
diff --git a/src/main/javascript/org.owasp.esapi.reference.validation.js b/src/main/javascript/org.owasp.esapi.reference.validation.js
@@ -0,0 +1,15 @@
+/*
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2008 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ */
+
+$namespace('org.owasp.esapi.reference.validation');
+
diff --git a/src/test/javascript/TestCore.js b/src/test/javascript/TestCore.js
diff --git a/src/test/javascript/testCore.html b/src/test/javascript/testCore.html
