Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

LOG4J2-3211 - Remove Messge Lookups #623

Merged
merged 4 commits into from
Dec 13, 2021
Merged

LOG4J2-3211 - Remove Messge Lookups #623

merged 4 commits into from
Dec 13, 2021

Conversation

rgoers
Copy link
Member

@rgoers rgoers commented Dec 13, 2021

No description provided.

Copy link
Contributor

@carterkozak carterkozak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Strongly in favor of this. Thank you for putting it together, Ralph!

@@ -38,7 +38,7 @@ public void testDateLookupInMessage(final LoggerContext context, @Named("List")
final String template = "${date:YYYY-MM-dd}";
context.getLogger(PatternLayoutLookupDateTest.class.getName()).info(template);
final String string = listAppender.getMessages().get(0);
assertFalse(string.contains(template), string);
assertTrue(string.contains(template), string);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This class and log4j-list-lookups.xml could be deleted.

@@ -121,7 +121,7 @@ public void testLookup() {
.setMessage(msg).build();
final StringBuilder sb = new StringBuilder();
converter.format(event, sb);
assertEquals("bar", sb.toString(), "Unexpected result");
assertEquals("${foo}", sb.toString(), "Unexpected result");
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Given the feature is gone, we can probably remove this test as it’s covered elsewhere

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't want to remove any test for this release. Just change them to prove the change was made.

Copy link
Member

@jvz jvz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm down with this idea. I don't believe lookups should be applied to layouts at the message level anyways.

@@ -1497,18 +1497,6 @@ WARN [main]: Message 2</pre>
The call site can look like this:
</p>
<pre class="prettyprint linenums">logger.info("@|KeyStyle {}|@ = @|ValueStyle {}|@", entry.getKey(), entry.getValue());</pre>
<p>
Use <code>{lookups}</code> to log messages like <code>logger.info("Try ${esc.d}{date:YYYY-MM-dd}")</code>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it make sense to put a note here, something like this:

From Log4j 2.16.0, support for lookups in log messages has been removed for security reasons. Both the {lookups} and the {nolookups} options on the %m, %msg and %message pattern are now silently ignored.

@rgoers rgoers changed the title Remove Messge Lookups LOG4J2-3211 - Remove Messge Lookups Dec 13, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants