diff --git a/dependency-check-ant/src/main/java/org/owasp/dependencycheck/ant/logging/AntLoggerAdapter.java b/dependency-check-ant/src/main/java/org/owasp/dependencycheck/ant/logging/AntLoggerAdapter.java new file mode 100644 index 000000000..1eb932070 --- /dev/null +++ b/dependency-check-ant/src/main/java/org/owasp/dependencycheck/ant/logging/AntLoggerAdapter.java @@ -0,0 +1,258 @@ +/* + * This file is part of dependency-check-ant. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Copyright (c) 2013 Jeremy Long. All Rights Reserved. + */ +package org.owasp.dependencycheck.ant.logging; + +import org.apache.tools.ant.Project; +import org.apache.tools.ant.Task; +import org.slf4j.helpers.FormattingTuple; +import org.slf4j.helpers.MarkerIgnoringBase; +import org.slf4j.helpers.MessageFormatter; + +/** + * An instance of {@link org.slf4j.Logger} which simply calls the log method + * on the delegate Ant task + * + * @author colezlaw + */ +public class AntLoggerAdapter extends MarkerIgnoringBase { + private Task task; + + public AntLoggerAdapter(Task task) { + super(); + this.task = task; + } + + public void setTask(Task task) { + this.task = task; + } + + @Override + public boolean isTraceEnabled() { + // Might be a more efficient way to do this, but Ant doesn't enable or disable + // various levels globally - it just fires things at registered Listeners. + return true; + } + + @Override + public void trace(String msg) { + task.log(msg, Project.MSG_VERBOSE); + } + + @Override + public void trace(String format, Object arg) { + if (task != null) { + FormattingTuple tp = MessageFormatter.format(format, arg); + task.log(tp.getMessage(), Project.MSG_VERBOSE); + } + } + + @Override + public void trace(String format, Object arg1, Object arg2) { + if (task != null) { + FormattingTuple tp = MessageFormatter.format(format, arg1, arg2); + task.log(tp.getMessage(), Project.MSG_VERBOSE); + } + } + + @Override + public void trace(String format, Object... arguments) { + if (task != null) { + FormattingTuple tp = MessageFormatter.format(format, arguments); + task.log(tp.getMessage(), Project.MSG_VERBOSE); + } + } + + @Override + public void trace(String msg, Throwable t) { + if (task != null) { + task.log(msg, t, Project.MSG_VERBOSE); + } + } + + @Override + public boolean isDebugEnabled() { + return true; + } + + @Override + public void debug(String msg) { + if (task != null) { + task.log(msg, Project.MSG_DEBUG); + } + } + + @Override + public void debug(String format, Object arg) { + if (task != null) { + FormattingTuple tp = MessageFormatter.format(format, arg); + task.log(tp.getMessage(), Project.MSG_DEBUG); + } + } + + @Override + public void debug(String format, Object arg1, Object arg2) { + if (task != null) { + FormattingTuple tp = MessageFormatter.format(format, arg1, arg2); + task.log(tp.getMessage(), Project.MSG_DEBUG); + } + } + + @Override + public void debug(String format, Object... arguments) { + if (task != null) { + FormattingTuple tp = MessageFormatter.format(format, arguments); + task.log(tp.getMessage(), Project.MSG_DEBUG); + } + } + + @Override + public void debug(String msg, Throwable t) { + if (task != null) { + task.log(msg, t, Project.MSG_DEBUG); + } + } + + @Override + public boolean isInfoEnabled() { + return true; + } + + @Override + public void info(String msg) { + if (task != null) { + task.log(msg, Project.MSG_INFO); + } + } + + @Override + public void info(String format, Object arg) { + if (task != null) { + FormattingTuple tp = MessageFormatter.format(format, arg); + task.log(tp.getMessage(), Project.MSG_INFO); + } + } + + @Override + public void info(String format, Object arg1, Object arg2) { + if (task != null) { + FormattingTuple tp = MessageFormatter.format(format, arg1, arg2); + task.log(tp.getMessage(), Project.MSG_INFO); + } + } + + @Override + public void info(String format, Object... arguments) { + if (task != null) { + FormattingTuple tp = MessageFormatter.format(format, arguments); + task.log(tp.getMessage(), Project.MSG_INFO); + } + } + + @Override + public void info(String msg, Throwable t) { + if (task != null) { + task.log(msg, t, Project.MSG_INFO); + } + } + + @Override + public boolean isWarnEnabled() { + return true; + } + + @Override + public void warn(String msg) { + if (task != null) { + task.log(msg, Project.MSG_WARN); + } + } + + @Override + public void warn(String format, Object arg) { + if (task != null) { + FormattingTuple tp = MessageFormatter.format(format, arg); + task.log(tp.getMessage(), Project.MSG_WARN); + } + } + + @Override + public void warn(String format, Object... arguments) { + if (task != null) { + FormattingTuple tp = MessageFormatter.format(format, arguments); + task.log(tp.getMessage(), Project.MSG_WARN); + } + } + + @Override + public void warn(String format, Object arg1, Object arg2) { + if (task != null) { + FormattingTuple tp = MessageFormatter.format(format, arg1, arg2); + task.log(tp.getMessage(), Project.MSG_WARN); + } + } + + @Override + public void warn(String msg, Throwable t) { + if (task != null) { + task.log(msg, t, Project.MSG_WARN); + } + } + + @Override + public boolean isErrorEnabled() { + return true; + } + + @Override + public void error(String msg) { + if (task != null) { + task.log(msg, Project.MSG_ERR); + } + } + + @Override + public void error(String format, Object arg) { + if (task != null) { + FormattingTuple tp = MessageFormatter.format(format, arg); + task.log(tp.getMessage(), Project.MSG_ERR); + } + } + + @Override + public void error(String format, Object arg1, Object arg2) { + if (task != null) { + FormattingTuple tp = MessageFormatter.format(format, arg1, arg2); + task.log(tp.getMessage(), Project.MSG_ERR); + } + } + + @Override + public void error(String format, Object... arguments) { + if (task != null) { + FormattingTuple tp = MessageFormatter.format(format, arguments); + task.log(tp.getMessage(), Project.MSG_ERR); + } + } + + @Override + public void error(String msg, Throwable t) { + if (task != null) { + task.log(msg, t, Project.MSG_ERR); + } + } +} diff --git a/dependency-check-ant/src/main/java/org/owasp/dependencycheck/ant/logging/AntLoggerFactory.java b/dependency-check-ant/src/main/java/org/owasp/dependencycheck/ant/logging/AntLoggerFactory.java new file mode 100644 index 000000000..f47b2c9c3 --- /dev/null +++ b/dependency-check-ant/src/main/java/org/owasp/dependencycheck/ant/logging/AntLoggerFactory.java @@ -0,0 +1,41 @@ +/* + * This file is part of dependency-check-ant. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Copyright (c) 2013 Jeremy Long. All Rights Reserved. + */ +package org.owasp.dependencycheck.ant.logging; + +import org.apache.tools.ant.Task; +import org.slf4j.ILoggerFactory; +import org.slf4j.Logger; + +/** + * An implementation of {@link org.slf4j.ILoggerFactory} which always returns + * {@link AntLoggerAdapter} instances. + * + * @author colezlaw + */ +public class AntLoggerFactory implements ILoggerFactory { + private AntLoggerAdapter antLoggerAdapter; + + public AntLoggerFactory(Task task) { + super(); + this.antLoggerAdapter = new AntLoggerAdapter(task); + } + + public Logger getLogger(String name) { + return antLoggerAdapter; + } +} diff --git a/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/DependencyCheckTask.java b/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/DependencyCheckTask.java index e2d60f205..b282814dd 100644 --- a/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/DependencyCheckTask.java +++ b/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/DependencyCheckTask.java @@ -21,9 +21,8 @@ import java.io.File; import java.io.IOException; import java.io.InputStream; import java.util.List; -import java.util.logging.Level; -import java.util.logging.Logger; import org.apache.tools.ant.BuildException; +import org.apache.tools.ant.Project; import org.apache.tools.ant.Task; import org.apache.tools.ant.types.EnumeratedAttribute; import org.apache.tools.ant.types.Reference; @@ -40,8 +39,8 @@ import org.owasp.dependencycheck.dependency.Identifier; import org.owasp.dependencycheck.dependency.Vulnerability; import org.owasp.dependencycheck.reporting.ReportGenerator; import org.owasp.dependencycheck.reporting.ReportGenerator.Format; -import org.owasp.dependencycheck.utils.LogUtils; import org.owasp.dependencycheck.utils.Settings; +import org.slf4j.impl.StaticLoggerBinder; /** * An Ant task definition to execute dependency-check during an Ant build. @@ -49,7 +48,6 @@ import org.owasp.dependencycheck.utils.Settings; * @author Jeremy Long */ public class DependencyCheckTask extends Task { - /** * The properties file location. */ @@ -62,16 +60,15 @@ public class DependencyCheckTask extends Task { * System specific new line character. */ private static final String NEW_LINE = System.getProperty("line.separator", "\n").intern(); - /** - * The logger. - */ - private static final Logger LOGGER = Logger.getLogger(DependencyCheckTask.class.getName()); /** * Construct a new DependencyCheckTask. */ public DependencyCheckTask() { super(); + // Call this before Dependency Check Core starts logging anything - this way, all SLF4J messages from + // core end up coming through this tasks logger + StaticLoggerBinder.getSingleton().setTask(this); } //The following code was copied Apache Ant PathConvert //BEGIN COPY from org.apache.tools.ant.taskdefs.PathConvert @@ -349,7 +346,7 @@ public class DependencyCheckTask extends Task { */ @Deprecated public void setProxyUrl(String proxyUrl) { - LOGGER.warning("A deprecated configuration option 'proxyUrl' was detected; use 'proxyServer' instead."); + log("A deprecated configuration option 'proxyUrl' was detected; use 'proxyServer' instead.", Project.MSG_WARN); this.proxyServer = proxyUrl; } /** @@ -925,9 +922,6 @@ public class DependencyCheckTask extends Task { @Override public void execute() throws BuildException { - final InputStream in = DependencyCheckTask.class.getClassLoader().getResourceAsStream(LOG_PROPERTIES_FILE); - LogUtils.prepareLogger(in, logFile); - dealWithReferences(); validateConfiguration(); populateSettings(); @@ -958,7 +952,7 @@ public class DependencyCheckTask extends Task { cve.open(); prop = cve.getDatabaseProperties(); } catch (DatabaseException ex) { - LOGGER.log(Level.FINE, "Unable to retrieve DB Properties", ex); + log("Unable to retrieve DB Properties", ex, Project.MSG_DEBUG); } finally { if (cve != null) { cve.close(); @@ -974,16 +968,15 @@ public class DependencyCheckTask extends Task { showSummary(engine.getDependencies()); } } catch (IOException ex) { - LOGGER.log(Level.FINE, "Unable to generate dependency-check report", ex); + log("Unable to generate dependency-check report", ex, Project.MSG_DEBUG); throw new BuildException("Unable to generate dependency-check report", ex); } catch (Exception ex) { - LOGGER.log(Level.FINE, "An exception occurred; unable to continue task", ex); + log("An exception occurred; unable to continue task", ex, Project.MSG_DEBUG); throw new BuildException("An exception occurred; unable to continue task", ex); } } } catch (DatabaseException ex) { - LOGGER.log(Level.SEVERE, "Unable to connect to the dependency-check database; analysis has stopped"); - LOGGER.log(Level.FINE, "", ex); + log("Unable to connect to the dependency-check database; analysis has stopped", ex, Project.MSG_ERR); } finally { Settings.cleanup(true); if (engine != null) { @@ -1017,14 +1010,13 @@ public class DependencyCheckTask extends Task { taskProperties = this.getClass().getClassLoader().getResourceAsStream(PROPERTIES_FILE); Settings.mergeProperties(taskProperties); } catch (IOException ex) { - LOGGER.log(Level.WARNING, "Unable to load the dependency-check ant task.properties file."); - LOGGER.log(Level.FINE, null, ex); + log("Unable to load the dependency-check ant task.properties file.", ex, Project.MSG_WARN); } finally { if (taskProperties != null) { try { taskProperties.close(); } catch (IOException ex) { - LOGGER.log(Level.FINEST, null, ex); + log("", ex, Project.MSG_DEBUG); } } } @@ -1176,7 +1168,7 @@ public class DependencyCheckTask extends Task { final String msg = String.format("%n%n" + "One or more dependencies were identified with known vulnerabilities:%n%n%s" + "%n%nSee the dependency-check report for more details.%n%n", summary.toString()); - LOGGER.log(Level.WARNING, msg); + log(msg, Project.MSG_WARN); } } diff --git a/dependency-check-ant/src/main/java/org/slf4j/impl/StaticLoggerBinder.java b/dependency-check-ant/src/main/java/org/slf4j/impl/StaticLoggerBinder.java new file mode 100644 index 000000000..7caff75ee --- /dev/null +++ b/dependency-check-ant/src/main/java/org/slf4j/impl/StaticLoggerBinder.java @@ -0,0 +1,89 @@ +/* + * This file is part of dependency-check-ant. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Copyright (c) 2013 Jeremy Long. All Rights Reserved. + */ +package org.slf4j.impl; + +import org.apache.tools.ant.Task; +import org.owasp.dependencycheck.ant.logging.AntLoggerFactory; +import org.slf4j.ILoggerFactory; +import org.slf4j.spi.LoggerFactoryBinder; + +/** + * The binding of {@link LoggerFactory} class with an actual instance of + * {@link ILoggerFactory} is performed using information returned by this class. + * + * @author colezlaw + */ +public class StaticLoggerBinder implements LoggerFactoryBinder { + /** + * The unique instance of this class + * + */ + private static final StaticLoggerBinder SINGLETON = new StaticLoggerBinder(); + + /** + * Return the singleton of this class. + * + * @return the StaticLoggerBinder singleton + */ + public static final StaticLoggerBinder getSingleton() { + return SINGLETON; + } + + /** + * Ant tasks have the log method we actually want to call. So we hang onto + * the task as a delegate + */ + private Task task; + + /** + * Set the Task which will this is to log through. + * + * @param task the task through which to log + */ + public void setTask(Task task) { + this.task = task; + loggerFactory = new AntLoggerFactory(task); + } + + /** + * Declare the version of the SLF4J API this implementation is compiled + * against. The value of this filed is usually modified with each release. + */ + // to avoid constant folding by the compiler, this field must *not* be final + public static String REQUESTED_API_VERSION = "1.7.12"; // final + + private static final String loggerFactoryClassStr = AntLoggerFactory.class.getName(); + + /** + * The ILoggerFactory instance returned by the {@link #getLoggerFactory} + * method should always be the smae object + */ + private ILoggerFactory loggerFactory; + + private StaticLoggerBinder() { + loggerFactory = new AntLoggerFactory(task); + } + + public ILoggerFactory getLoggerFactory() { + return loggerFactory; + } + + public String getLoggerFactoryClassStr() { + return loggerFactoryClassStr; + } +} diff --git a/dependency-check-cli/pom.xml b/dependency-check-cli/pom.xml index cfd5747dc..5aea7c333 100644 --- a/dependency-check-cli/pom.xml +++ b/dependency-check-cli/pom.xml @@ -321,5 +321,12 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved. dependency-check-utils ${project.parent.version} + + + org.slf4j + slf4j-jdk14 + ${slf4j.version} + compile + diff --git a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java index 181b75bc0..37aa31b47 100644 --- a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java +++ b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java @@ -26,8 +26,6 @@ import java.util.Arrays; import java.util.HashSet; import java.util.List; import java.util.Set; -import java.util.logging.Level; -import java.util.logging.Logger; import org.apache.commons.cli.ParseException; import org.owasp.dependencycheck.data.nvdcve.CveDB; import org.owasp.dependencycheck.data.nvdcve.DatabaseException; @@ -37,6 +35,8 @@ import org.owasp.dependencycheck.org.apache.tools.ant.DirectoryScanner; import org.owasp.dependencycheck.reporting.ReportGenerator; import org.owasp.dependencycheck.utils.LogUtils; import org.owasp.dependencycheck.utils.Settings; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * The command line interface for the DependencyCheck application. @@ -53,7 +53,7 @@ public class App { /** * The logger. */ - private static final Logger LOGGER = Logger.getLogger(App.class.getName()); + private static final Logger LOGGER = LoggerFactory.getLogger(App.class); /** * The main method for the application. @@ -103,7 +103,7 @@ public class App { try { runScan(cli.getReportDirectory(), cli.getReportFormat(), cli.getApplicationName(), cli.getScanFiles(), cli.getExcludeList()); } catch (InvalidScanPathException ex) { - LOGGER.log(Level.SEVERE, "An invalid scan path was detected; unable to scan '//*' paths"); + LOGGER.error("An invalid scan path was detected; unable to scan '//*' paths"); } } else { cli.printHelp(); @@ -189,7 +189,7 @@ public class App { cve.open(); prop = cve.getDatabaseProperties(); } catch (DatabaseException ex) { - LOGGER.log(Level.FINE, "Unable to retrieve DB Properties", ex); + LOGGER.debug("Unable to retrieve DB Properties", ex); } finally { if (cve != null) { cve.close(); @@ -199,15 +199,15 @@ public class App { try { report.generateReports(reportDirectory, outputFormat); } catch (IOException ex) { - LOGGER.log(Level.SEVERE, "There was an IO error while attempting to generate the report."); - LOGGER.log(Level.FINE, null, ex); + LOGGER.error("There was an IO error while attempting to generate the report."); + LOGGER.debug("", ex); } catch (Throwable ex) { - LOGGER.log(Level.SEVERE, "There was an error while attempting to generate the report."); - LOGGER.log(Level.FINE, null, ex); + LOGGER.error("There was an error while attempting to generate the report."); + LOGGER.debug("", ex); } } catch (DatabaseException ex) { - LOGGER.log(Level.SEVERE, "Unable to connect to the dependency-check database; analysis has stopped"); - LOGGER.log(Level.FINE, "", ex); + LOGGER.error("Unable to connect to the dependency-check database; analysis has stopped"); + LOGGER.debug("", ex); } finally { if (engine != null) { engine.cleanup(); @@ -224,8 +224,8 @@ public class App { engine = new Engine(); engine.doUpdates(); } catch (DatabaseException ex) { - LOGGER.log(Level.SEVERE, "Unable to connect to the dependency-check database; analysis has stopped"); - LOGGER.log(Level.FINE, "", ex); + LOGGER.error("Unable to connect to the dependency-check database; analysis has stopped"); + LOGGER.debug("", ex); } finally { if (engine != null) { engine.cleanup(); @@ -271,13 +271,11 @@ public class App { try { Settings.mergeProperties(propertiesFile); } catch (FileNotFoundException ex) { - final String msg = String.format("Unable to load properties file '%s'", propertiesFile.getPath()); - LOGGER.log(Level.SEVERE, msg); - LOGGER.log(Level.FINE, null, ex); + LOGGER.error("Unable to load properties file '{}'", propertiesFile.getPath()); + LOGGER.debug("", ex); } catch (IOException ex) { - final String msg = String.format("Unable to find properties file '%s'", propertiesFile.getPath()); - LOGGER.log(Level.SEVERE, msg); - LOGGER.log(Level.FINE, null, ex); + LOGGER.error("Unable to find properties file '{}'", propertiesFile.getPath()); + LOGGER.debug("", ex); } } // We have to wait until we've merged the properties before attempting to set whether we use diff --git a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java index 4f4da1948..e299dfb4c 100644 --- a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java +++ b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java @@ -19,7 +19,6 @@ package org.owasp.dependencycheck; import java.io.File; import java.io.FileNotFoundException; -import java.util.logging.Logger; import org.apache.commons.cli.CommandLine; import org.apache.commons.cli.CommandLineParser; @@ -33,6 +32,8 @@ import org.apache.commons.cli.PosixParser; import org.owasp.dependencycheck.reporting.ReportGenerator.Format; import org.owasp.dependencycheck.utils.InvalidSettingException; import org.owasp.dependencycheck.utils.Settings; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * A utility to parse command line arguments for the DependencyCheck. @@ -44,7 +45,7 @@ public final class CliParser { /** * The logger. */ - private static final Logger LOGGER = Logger.getLogger(CliParser.class.getName()); + private static final Logger LOGGER = LoggerFactory.getLogger(CliParser.class); /** * The command line. */ @@ -633,7 +634,7 @@ public final class CliParser { if (server == null) { server = line.getOptionValue(ARGUMENT.PROXY_URL); if (server != null) { - LOGGER.warning("An old command line argument 'proxyurl' was detected; use proxyserver instead"); + LOGGER.warn("An old command line argument 'proxyurl' was detected; use proxyserver instead"); } } return server; diff --git a/dependency-check-core/pom.xml b/dependency-check-core/pom.xml index c32422218..c01cdc0d2 100644 --- a/dependency-check-core/pom.xml +++ b/dependency-check-core/pom.xml @@ -361,6 +361,23 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved. + + org.slf4j + slf4j-api + + + + org.slf4j + slf4j-simple + test + + + + org.slf4j + slf4j-ext + ${slf4j.version} + compile + org.owasp dependency-check-utils diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java index 61b5f010f..949c4ce47 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java @@ -24,8 +24,6 @@ import java.util.HashSet; import java.util.Iterator; import java.util.List; import java.util.Set; -import java.util.logging.Level; -import java.util.logging.Logger; import org.owasp.dependencycheck.analyzer.AnalysisPhase; import org.owasp.dependencycheck.analyzer.Analyzer; import org.owasp.dependencycheck.analyzer.AnalyzerService; @@ -42,6 +40,8 @@ import org.owasp.dependencycheck.exception.NoDataException; import org.owasp.dependencycheck.utils.FileUtils; import org.owasp.dependencycheck.utils.InvalidSettingException; import org.owasp.dependencycheck.utils.Settings; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * Scans files, directories, etc. for Dependencies. Analyzers are loaded and used to process the files found by the scan, if a @@ -72,7 +72,7 @@ public class Engine { /** * The Logger for use throughout the class. */ - private static final Logger LOGGER = Logger.getLogger(Engine.class.getName()); + private static final Logger LOGGER = LoggerFactory.getLogger(Engine.class); /** * Creates a new Engine. @@ -313,8 +313,7 @@ public class Engine { */ protected Dependency scanFile(File file) { if (!file.isFile()) { - final String msg = String.format("Path passed to scanFile(File) is not a file: %s. Skipping the file.", file.toString()); - LOGGER.log(Level.FINE, msg); + LOGGER.debug("Path passed to scanFile(File) is not a file: {}. Skipping the file.", file); return null; } final String fileName = file.getName(); @@ -341,7 +340,7 @@ public class Engine { try { autoUpdate = Settings.getBoolean(Settings.KEYS.AUTO_UPDATE); } catch (InvalidSettingException ex) { - LOGGER.log(Level.FINE, "Invalid setting for auto-update; using true."); + LOGGER.debug("Invalid setting for auto-update; using true."); } if (autoUpdate) { doUpdates(); @@ -351,24 +350,18 @@ public class Engine { try { ensureDataExists(); } catch (NoDataException ex) { - final String msg = String.format("%s%n%nUnable to continue dependency-check analysis.", ex.getMessage()); - LOGGER.log(Level.SEVERE, msg); - LOGGER.log(Level.FINE, null, ex); + LOGGER.error("{}\n\nUnable to continue dependency-check analysis.", ex.getMessage()); + LOGGER.debug("", ex); return; } catch (DatabaseException ex) { - final String msg = String.format("%s%n%nUnable to continue dependency-check analysis.", ex.getMessage()); - LOGGER.log(Level.SEVERE, msg); - LOGGER.log(Level.FINE, null, ex); + LOGGER.error("{}\n\nUnable to continue dependency-check analysis.", ex.getMessage()); + LOGGER.debug("", ex); return; } - final String logHeader = String.format("%n" - + "----------------------------------------------------%n" - + "BEGIN ANALYSIS%n" - + "----------------------------------------------------"); - LOGGER.log(Level.FINE, logHeader); - LOGGER.log(Level.INFO, "Analysis Starting"); + LOGGER.debug("\n----------------------------------------------------\nBEGIN ANALYSIS\n----------------------------------------------------"); + LOGGER.info("Analysis Starting"); // analysis phases for (AnalysisPhase phase : AnalysisPhase.values()) { @@ -381,8 +374,7 @@ public class Engine { * analyzers may modify it. This prevents ConcurrentModificationExceptions. * This is okay for adds/deletes because it happens per analyzer. */ - final String msg = String.format("Begin Analyzer '%s'", a.getName()); - LOGGER.log(Level.FINE, msg); + LOGGER.debug("Begin Analyzer '{}'", a.getName()); final Set dependencySet = new HashSet(); dependencySet.addAll(dependencies); for (Dependency d : dependencySet) { @@ -392,19 +384,16 @@ public class Engine { shouldAnalyze = fAnalyzer.supportsExtension(d.getFileExtension()); } if (shouldAnalyze) { - final String msgFile = String.format("Begin Analysis of '%s'", d.getActualFilePath()); - LOGGER.log(Level.FINE, msgFile); + LOGGER.debug("Begin Analysis of '{}'", d.getActualFilePath()); try { a.analyze(d, this); } catch (AnalysisException ex) { - final String exMsg = String.format("An error occurred while analyzing '%s'.", d.getActualFilePath()); - LOGGER.log(Level.WARNING, exMsg); - LOGGER.log(Level.FINE, "", ex); + LOGGER.warn("An error occurred while analyzing '{}'.", d.getActualFilePath()); + LOGGER.debug("", ex); } catch (Throwable ex) { - final String axMsg = String.format("An unexpected error occurred during analysis of '%s'", d.getActualFilePath()); //final AnalysisException ax = new AnalysisException(axMsg, ex); - LOGGER.log(Level.WARNING, axMsg); - LOGGER.log(Level.FINE, "", ex); + LOGGER.warn("An unexpected error occurred during analysis of '{}'", d.getActualFilePath()); + LOGGER.debug("", ex); } } } @@ -418,12 +407,8 @@ public class Engine { } } - final String logFooter = String.format("%n" - + "----------------------------------------------------%n" - + "END ANALYSIS%n" - + "----------------------------------------------------"); - LOGGER.log(Level.FINE, logFooter); - LOGGER.log(Level.INFO, "Analysis Complete"); + LOGGER.debug("\n----------------------------------------------------\nEND ANALYSIS\n----------------------------------------------------"); + LOGGER.info("Analysis Complete"); } /** @@ -434,17 +419,15 @@ public class Engine { */ protected Analyzer initializeAnalyzer(Analyzer analyzer) { try { - final String msg = String.format("Initializing %s", analyzer.getName()); - LOGGER.log(Level.FINE, msg); + LOGGER.debug("Initializing {}", analyzer.getName()); analyzer.initialize(); } catch (Throwable ex) { - final String msg = String.format("Exception occurred initializing %s.", analyzer.getName()); - LOGGER.log(Level.SEVERE, msg); - LOGGER.log(Level.FINE, null, ex); + LOGGER.error("Exception occurred initializing {}.", analyzer.getName()); + LOGGER.debug("", ex); try { analyzer.close(); } catch (Throwable ex1) { - LOGGER.log(Level.FINEST, null, ex1); + LOGGER.trace("", ex1); } } return analyzer; @@ -456,12 +439,11 @@ public class Engine { * @param analyzer the analyzer to close */ protected void closeAnalyzer(Analyzer analyzer) { - final String msg = String.format("Closing Analyzer '%s'", analyzer.getName()); - LOGGER.log(Level.FINE, msg); + LOGGER.debug("Closing Analyzer '{}'", analyzer.getName()); try { analyzer.close(); } catch (Throwable ex) { - LOGGER.log(Level.FINEST, null, ex); + LOGGER.trace("", ex); } } @@ -477,9 +459,9 @@ public class Engine { try { source.update(); } catch (UpdateException ex) { - LOGGER.log(Level.WARNING, + LOGGER.warn( "Unable to update Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities."); - LOGGER.log(Level.FINE, String.format("Unable to update details for %s", source.getClass().getName()), ex); + LOGGER.debug("Unable to update details for {}", source.getClass().getName(), ex); } } LOGGER.info("Check for updates complete"); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/DependencyCheckScanAgent.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/DependencyCheckScanAgent.java index 326bb5e7b..45fc8d050 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/DependencyCheckScanAgent.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/DependencyCheckScanAgent.java @@ -20,8 +20,6 @@ package org.owasp.dependencycheck.agent; import java.io.File; import java.io.IOException; import java.util.List; -import java.util.logging.Level; -import java.util.logging.Logger; import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.data.nvdcve.CveDB; import org.owasp.dependencycheck.data.nvdcve.DatabaseException; @@ -32,6 +30,8 @@ import org.owasp.dependencycheck.dependency.Vulnerability; import org.owasp.dependencycheck.exception.ScanAgentException; import org.owasp.dependencycheck.reporting.ReportGenerator; import org.owasp.dependencycheck.utils.Settings; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * This class provides a way to easily conduct a scan solely based on existing evidence metadata rather than collecting evidence @@ -67,7 +67,7 @@ public class DependencyCheckScanAgent { /** * Logger for use throughout the class. */ - private static final Logger LOGGER = Logger.getLogger(DependencyCheckScanAgent.class.getName()); + private static final Logger LOGGER = LoggerFactory.getLogger(DependencyCheckScanAgent.class); /** * The application name for the report. */ @@ -861,7 +861,7 @@ public class DependencyCheckScanAgent { cve.open(); prop = cve.getDatabaseProperties(); } catch (DatabaseException ex) { - LOGGER.log(Level.FINE, "Unable to retrieve DB Properties", ex); + LOGGER.debug("Unable to retrieve DB Properties", ex); } finally { if (cve != null) { cve.close(); @@ -871,13 +871,13 @@ public class DependencyCheckScanAgent { try { r.generateReports(outDirectory.getCanonicalPath(), this.reportFormat.name()); } catch (IOException ex) { - LOGGER.log(Level.SEVERE, - "Unexpected exception occurred during analysis; please see the verbose error log for more details."); - LOGGER.log(Level.FINE, null, ex); + LOGGER.error( + "Unexpected exception occurred during analysis; please see the verbose error log for more details."); + LOGGER.debug("", ex); } catch (Throwable ex) { - LOGGER.log(Level.SEVERE, + LOGGER.error( "Unexpected exception occurred during analysis; please see the verbose error log for more details."); - LOGGER.log(Level.FINE, null, ex); + LOGGER.debug("", ex); } } @@ -981,9 +981,9 @@ public class DependencyCheckScanAgent { checkForFailure(engine.getDependencies()); } } catch (DatabaseException ex) { - LOGGER.log(Level.SEVERE, + LOGGER.error( "Unable to connect to the dependency-check database; analysis has stopped"); - LOGGER.log(Level.FINE, "", ex); + LOGGER.debug("", ex); } finally { Settings.cleanup(true); if (engine != null) { @@ -1058,10 +1058,8 @@ public class DependencyCheckScanAgent { } } if (summary.length() > 0) { - final String msg = String.format("%n%n" - + "One or more dependencies were identified with known vulnerabilities:%n%n%s" - + "%n%nSee the dependency-check report for more details.%n%n", summary.toString()); - LOGGER.log(Level.WARNING, msg); + LOGGER.warn("\n\nOne or more dependencies were identified with known vulnerabilities:\n\n{}\n\nSee the dependency-check report for more details.\n\n", + summary.toString()); } } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.java index 967b12444..78f1499d2 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.java @@ -20,13 +20,13 @@ package org.owasp.dependencycheck.analyzer; import java.util.Collections; import java.util.HashSet; import java.util.Set; -import java.util.logging.Level; -import java.util.logging.Logger; import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.analyzer.exception.AnalysisException; import org.owasp.dependencycheck.dependency.Dependency; import org.owasp.dependencycheck.utils.InvalidSettingException; import org.owasp.dependencycheck.utils.Settings; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * The base FileTypeAnalyzer that all analyzers that have specific file types they analyze should extend. @@ -49,7 +49,7 @@ public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implemen /** * The logger. */ - private static final Logger LOGGER = Logger.getLogger(AbstractFileTypeAnalyzer.class.getName()); + private static final Logger LOGGER = LoggerFactory.getLogger(AbstractFileTypeAnalyzer.class); /** * Whether the file type analyzer detected any files it needs to analyze. */ @@ -164,11 +164,9 @@ public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implemen try { enabled = Settings.getBoolean(key, true); } catch (InvalidSettingException ex) { - String msg = String.format("Invalid setting for property '%s'", key); - LOGGER.log(Level.WARNING, msg); - LOGGER.log(Level.FINE, "", ex); - msg = String.format("%s has been disabled", getName()); - LOGGER.log(Level.WARNING, msg); + LOGGER.warn("Invalid setting for property '{}'", key); + LOGGER.debug("", ex); + LOGGER.warn("{} has been disabled", getName()); } } @@ -200,9 +198,8 @@ public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implemen } final Set ext = getSupportedExtensions(); if (ext == null) { - final String msg = String.format("The '%s' analyzer is misconfigured and does not have any file extensions;" - + " it will be disabled", getName()); - LOGGER.log(Level.SEVERE, msg); + LOGGER.error("The '{}' analyzer is misconfigured and does not have any file extensions;" + + " it will be disabled", getName()); return false; } else { final boolean match = ext.contains(extension); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractSuppressionAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractSuppressionAnalyzer.java index cc3ac27c1..a730acf7e 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractSuppressionAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractSuppressionAnalyzer.java @@ -24,8 +24,6 @@ import java.net.MalformedURLException; import java.net.URL; import java.util.List; import java.util.Set; -import java.util.logging.Level; -import java.util.logging.Logger; import java.util.regex.Pattern; import org.owasp.dependencycheck.suppression.SuppressionParseException; import org.owasp.dependencycheck.suppression.SuppressionParser; @@ -34,6 +32,8 @@ import org.owasp.dependencycheck.utils.DownloadFailedException; import org.owasp.dependencycheck.utils.Downloader; import org.owasp.dependencycheck.utils.FileUtils; import org.owasp.dependencycheck.utils.Settings; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * Abstract base suppression analyzer that contains methods for parsing the suppression xml file. @@ -45,7 +45,7 @@ public abstract class AbstractSuppressionAnalyzer extends AbstractAnalyzer { /** * The Logger for use throughout the class */ - private static final Logger LOGGER = Logger.getLogger(AbstractSuppressionAnalyzer.class.getName()); + private static final Logger LOGGER = LoggerFactory.getLogger(AbstractSuppressionAnalyzer.class); // /** @@ -103,7 +103,7 @@ public abstract class AbstractSuppressionAnalyzer extends AbstractAnalyzer { try { rules = parser.parseSuppressionRules(this.getClass().getClassLoader().getResourceAsStream("dependencycheck-base-suppression.xml")); } catch (SuppressionParseException ex) { - LOGGER.log(Level.FINE, "Unable to parse the base suppression data file", ex); + LOGGER.debug("Unable to parse the base suppression data file", ex); } final String suppressionFilePath = Settings.getString(Settings.KEYS.SUPPRESSION_FILE); if (suppressionFilePath == null) { @@ -141,12 +141,11 @@ public abstract class AbstractSuppressionAnalyzer extends AbstractAnalyzer { try { //rules = parser.parseSuppressionRules(file); rules.addAll(parser.parseSuppressionRules(file)); - LOGGER.log(Level.FINE, rules.size() + " suppression rules were loaded."); + LOGGER.debug("{} suppression rules were loaded.", rules.size()); } catch (SuppressionParseException ex) { - final String msg = String.format("Unable to parse suppression xml file '%s'", file.getPath()); - LOGGER.log(Level.WARNING, msg); - LOGGER.log(Level.WARNING, ex.getMessage()); - LOGGER.log(Level.FINE, "", ex); + LOGGER.warn("Unable to parse suppression xml file '{}'", file.getPath()); + LOGGER.warn(ex.getMessage()); + LOGGER.debug("", ex); throw ex; } } @@ -171,8 +170,8 @@ public abstract class AbstractSuppressionAnalyzer extends AbstractAnalyzer { * @throws SuppressionParseException throws the generated SuppressionParseException */ private void throwSuppressionParseException(String message, Exception exception) throws SuppressionParseException { - LOGGER.log(Level.WARNING, message); - LOGGER.log(Level.FINE, "", exception); + LOGGER.warn(message); + LOGGER.debug("", exception); throw new SuppressionParseException(message, exception); } } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java index f874cceae..28cd78a2a 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java @@ -31,8 +31,6 @@ import java.util.Enumeration; import java.util.HashSet; import java.util.List; import java.util.Set; -import java.util.logging.Level; -import java.util.logging.Logger; import org.apache.commons.compress.archivers.ArchiveEntry; import org.apache.commons.compress.archivers.ArchiveInputStream; import org.apache.commons.compress.archivers.tar.TarArchiveInputStream; @@ -48,6 +46,8 @@ import org.owasp.dependencycheck.analyzer.exception.ArchiveExtractionException; import org.owasp.dependencycheck.dependency.Dependency; import org.owasp.dependencycheck.utils.FileUtils; import org.owasp.dependencycheck.utils.Settings; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** *

@@ -61,7 +61,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { /** * The logger. */ - private static final Logger LOGGER = Logger.getLogger(ArchiveAnalyzer.class.getName()); + private static final Logger LOGGER = LoggerFactory.getLogger(ArchiveAnalyzer.class); /** * The buffer size to use when extracting files from the archive. */ @@ -184,10 +184,10 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { @Override public void close() throws Exception { if (tempFileLocation != null && tempFileLocation.exists()) { - LOGGER.log(Level.FINE, "Attempting to delete temporary files"); + LOGGER.debug("Attempting to delete temporary files"); final boolean success = FileUtils.delete(tempFileLocation); if (!success && tempFileLocation != null && tempFileLocation.exists() && tempFileLocation.list().length > 0) { - LOGGER.log(Level.WARNING, "Failed to delete some temporary files, see the log for more details"); + LOGGER.warn("Failed to delete some temporary files, see the log for more details"); } } } @@ -264,8 +264,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { } } } catch (IOException ex) { - final String msg = String.format("Unable to perform deep copy on '%s'", dependency.getActualFile().getPath()); - LOGGER.log(Level.FINE, msg, ex); + LOGGER.debug("Unable to perform deep copy on '{}'", dependency.getActualFile().getPath(), ex); } } engine.getDependencies().remove(dependency); @@ -310,7 +309,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { try { fis = new FileInputStream(archive); } catch (FileNotFoundException ex) { - LOGGER.log(Level.FINE, null, ex); + LOGGER.debug("", ex); throw new AnalysisException("Archive file was not found.", ex); } final String archiveExt = FileUtils.getFileExtension(archive.getName()).toLowerCase(); @@ -327,18 +326,16 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { } } } catch (ArchiveExtractionException ex) { - final String msg = String.format("Exception extracting archive '%s'.", archive.getName()); - LOGGER.log(Level.WARNING, msg); - LOGGER.log(Level.FINE, null, ex); + LOGGER.warn("Exception extracting archive '{}'.", archive.getName()); + LOGGER.debug("", ex); } catch (IOException ex) { - final String msg = String.format("Exception reading archive '%s'.", archive.getName()); - LOGGER.log(Level.WARNING, msg); - LOGGER.log(Level.FINE, null, ex); + LOGGER.warn("Exception reading archive '{}'.", archive.getName()); + LOGGER.debug("", ex); } finally { try { fis.close(); } catch (IOException ex) { - LOGGER.log(Level.FINE, null, ex); + LOGGER.debug("", ex); } } } @@ -367,8 +364,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { final File file = new File(destination, entry.getName()); final String ext = FileUtils.getFileExtension(file.getName()); if (engine.supportsExtension(ext)) { - final String extracting = String.format("Extracting '%s'", file.getPath()); - LOGGER.fine(extracting); + LOGGER.debug("Extracting '{}'", file.getPath()); BufferedOutputStream bos = null; FileOutputStream fos = null; try { @@ -388,11 +384,11 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { } bos.flush(); } catch (FileNotFoundException ex) { - LOGGER.log(Level.FINE, null, ex); + LOGGER.debug("", ex); final String msg = String.format("Unable to find file '%s'.", file.getName()); throw new AnalysisException(msg, ex); } catch (IOException ex) { - LOGGER.log(Level.FINE, null, ex); + LOGGER.debug("", ex); final String msg = String.format("IO Exception while parsing file '%s'.", file.getName()); throw new AnalysisException(msg, ex); } finally { @@ -400,14 +396,14 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { try { bos.close(); } catch (IOException ex) { - LOGGER.log(Level.FINEST, null, ex); + LOGGER.trace("", ex); } } if (fos != null) { try { fos.close(); } catch (IOException ex) { - LOGGER.log(Level.FINEST, null, ex); + LOGGER.trace("", ex); } } } @@ -423,7 +419,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { try { input.close(); } catch (IOException ex) { - LOGGER.log(Level.FINEST, null, ex); + LOGGER.trace("", ex); } } } @@ -437,8 +433,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { * @throws ArchiveExtractionException thrown if there is an exception decompressing the file */ private void decompressFile(CompressorInputStream inputStream, File outputFile) throws ArchiveExtractionException { - final String msg = String.format("Decompressing '%s'", outputFile.getPath()); - LOGGER.fine(msg); + LOGGER.debug("Decompressing '{}'", outputFile.getPath()); FileOutputStream out = null; try { out = new FileOutputStream(outputFile); @@ -448,17 +443,17 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { out.write(buffer, 0, n); } } catch (FileNotFoundException ex) { - LOGGER.log(Level.FINE, null, ex); + LOGGER.debug("", ex); throw new ArchiveExtractionException(ex); } catch (IOException ex) { - LOGGER.log(Level.FINE, null, ex); + LOGGER.debug("", ex); throw new ArchiveExtractionException(ex); } finally { if (out != null) { try { out.close(); } catch (IOException ex) { - LOGGER.log(Level.FINEST, null, ex); + LOGGER.trace("", ex); } } } @@ -490,7 +485,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { } } } catch (IOException ex) { - LOGGER.log(Level.FINE, String.format("Unable to unzip zip file '%s'", dependency.getFilePath()), ex); + LOGGER.debug("Unable to unzip zip file '{}'", dependency.getFilePath(), ex); } finally { ZipFile.closeQuietly(zip); } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java index f8417d0d7..054adde34 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java @@ -25,20 +25,26 @@ import java.io.InputStream; import java.io.InputStreamReader; import java.util.ArrayList; import java.util.List; +import java.util.Locale; import java.util.Set; -import java.util.logging.Level; -import java.util.logging.Logger; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.xpath.XPath; import javax.xml.xpath.XPathExpressionException; import javax.xml.xpath.XPathFactory; + +import ch.qos.cal10n.IMessageConveyor; +import ch.qos.cal10n.MessageConveyor; import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.analyzer.exception.AnalysisException; import org.owasp.dependencycheck.dependency.Confidence; import org.owasp.dependencycheck.dependency.Dependency; import org.owasp.dependencycheck.dependency.Evidence; +import org.owasp.dependencycheck.utils.DCResources; import org.owasp.dependencycheck.utils.Settings; +import org.slf4j.Logger; +import org.slf4j.cal10n.LocLogger; +import org.slf4j.cal10n.LocLoggerFactory; import org.w3c.dom.Document; import org.xml.sax.SAXException; @@ -70,10 +76,18 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer { * The DocumentBuilder for parsing the XML */ private DocumentBuilder builder; + /** + * Message Conveyer + */ + private IMessageConveyor messageConveyer = new MessageConveyor(Locale.getDefault()); + /** + * LocLoggerFactory for localized logger + */ + private LocLoggerFactory llFactory = new LocLoggerFactory(messageConveyer); /** * Logger */ - private static final Logger LOGGER = Logger.getLogger(AssemblyAnalyzer.class.getName(), "dependencycheck-resources"); + private LocLogger LOGGER = llFactory.getLocLogger(AssemblyAnalyzer.class); /** * Builds the beginnings of a List for ProcessBuilder @@ -106,7 +120,7 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer { public void analyzeFileType(Dependency dependency, Engine engine) throws AnalysisException { if (grokAssemblyExe == null) { - LOGGER.warning("analyzer.AssemblyAnalyzer.notdeployed"); + LOGGER.warn(DCResources.NOTDEPLOYED); return; } @@ -122,7 +136,7 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer { String line = null; // CHECKSTYLE:OFF while (rdr.ready() && (line = rdr.readLine()) != null) { - LOGGER.log(Level.WARNING, "analyzer.AssemblyAnalyzer.grokassembly.stderr", line); + LOGGER.warn(DCResources.GROKERROR, line); } // CHECKSTYLE:ON int rc = 0; @@ -134,10 +148,10 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer { return; } if (rc == 3) { - LOGGER.log(Level.FINE, "analyzer.AssemblyAnalyzer.notassembly", dependency.getActualFilePath()); + LOGGER.debug(DCResources.NOTASSEMBLY, dependency.getActualFilePath()); return; } else if (rc != 0) { - LOGGER.log(Level.WARNING, "analyzer.AssemblyAnalyzer.grokassembly.rc", rc); + LOGGER.warn(DCResources.GROKRC, rc); } final XPath xpath = XPathFactory.newInstance().newXPath(); @@ -178,7 +192,7 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer { try { rdr.close(); } catch (IOException ex) { - LOGGER.log(Level.FINEST, "ignore", ex); + LOGGER.debug("ignore", ex); } } } @@ -205,24 +219,24 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer { grokAssemblyExe = tempFile; // Set the temp file to get deleted when we're done grokAssemblyExe.deleteOnExit(); - LOGGER.log(Level.FINE, "analyzer.AssemblyAnalyzer.grokassembly.deployed", grokAssemblyExe.getPath()); + LOGGER.debug(DCResources.GROKDEPLOYED, grokAssemblyExe.getPath()); } catch (IOException ioe) { this.setEnabled(false); - LOGGER.log(Level.WARNING, "analyzer.AssemblyAnalyzer.grokassembly.notdeployed", ioe.getMessage()); + LOGGER.warn(DCResources.GROKNOTDEPLOYED, ioe.getMessage()); throw new AnalysisException("Could not extract GrokAssembly.exe", ioe); } finally { if (fos != null) { try { fos.close(); } catch (Throwable e) { - LOGGER.fine("Error closing output stream"); + LOGGER.debug("Error closing output stream"); } } if (is != null) { try { is.close(); } catch (Throwable e) { - LOGGER.fine("Error closing input stream"); + LOGGER.debug("Error closing input stream"); } } } @@ -244,8 +258,8 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer { final XPath xpath = XPathFactory.newInstance().newXPath(); final String error = xpath.evaluate("/assembly/error", doc); if (p.waitFor() != 1 || error == null || "".equals(error)) { - LOGGER.warning("An error occurred with the .NET AssemblyAnalyzer, please see the log for more details."); - LOGGER.fine("GrokAssembly.exe is not working properly"); + LOGGER.warn("An error occurred with the .NET AssemblyAnalyzer, please see the log for more details."); + LOGGER.debug("GrokAssembly.exe is not working properly"); grokAssemblyExe = null; this.setEnabled(false); throw new AnalysisException("Could not execute .NET AssemblyAnalyzer"); @@ -254,8 +268,8 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer { if (e instanceof AnalysisException) { throw (AnalysisException) e; } else { - LOGGER.warning("analyzer.AssemblyAnalyzer.grokassembly.initialization.failed"); - LOGGER.log(Level.FINE, "analyzer.AssemblyAnalyzer.grokassembly.initialization.message", e.getMessage()); + LOGGER.warn(DCResources.GROKINITFAIL); + LOGGER.debug(DCResources.GROKINITMSG, e.getMessage()); this.setEnabled(false); throw new AnalysisException("An error occured with the .NET AssemblyAnalyzer", e); } @@ -264,7 +278,7 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer { try { rdr.close(); } catch (IOException ex) { - LOGGER.log(Level.FINEST, "ignore", ex); + LOGGER.trace("ignore", ex); } } } @@ -279,7 +293,7 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer { grokAssemblyExe.deleteOnExit(); } } catch (SecurityException se) { - LOGGER.fine("analyzer.AssemblyAnalyzer.grokassembly.notdeleted"); + LOGGER.debug(DCResources.GROKNOTDELETED); } } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java index 0b78ab908..4d0470f8e 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java @@ -25,8 +25,6 @@ import java.util.Collections; import java.util.List; import java.util.Set; import java.util.StringTokenizer; -import java.util.logging.Level; -import java.util.logging.Logger; import org.apache.lucene.document.Document; import org.apache.lucene.index.CorruptIndexException; import org.apache.lucene.queryparser.classic.ParseException; @@ -49,6 +47,8 @@ import org.owasp.dependencycheck.dependency.Identifier; import org.owasp.dependencycheck.dependency.VulnerableSoftware; import org.owasp.dependencycheck.utils.DependencyVersion; import org.owasp.dependencycheck.utils.DependencyVersionUtil; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * CPEAnalyzer is a utility class that takes a project dependency and attempts to discern if there is an associated CPE. It uses @@ -61,7 +61,7 @@ public class CPEAnalyzer implements Analyzer { /** * The Logger. */ - private static final Logger LOGGER = Logger.getLogger(CPEAnalyzer.class.getName()); + private static final Logger LOGGER = LoggerFactory.getLogger(CPEAnalyzer.class); /** * The maximum number of query results to return. */ @@ -134,15 +134,15 @@ public class CPEAnalyzer implements Analyzer { * process. */ public void open() throws IOException, DatabaseException { - LOGGER.log(Level.FINE, "Opening the CVE Database"); + LOGGER.debug("Opening the CVE Database"); cve = new CveDB(); cve.open(); - LOGGER.log(Level.FINE, "Creating the Lucene CPE Index"); + LOGGER.debug("Creating the Lucene CPE Index"); cpe = CpeMemoryIndex.getInstance(); try { cpe.open(cve); } catch (IndexException ex) { - LOGGER.log(Level.FINE, "IndexException", ex); + LOGGER.debug("IndexException", ex); throw new DatabaseException(ex); } } @@ -180,11 +180,11 @@ public class CPEAnalyzer implements Analyzer { for (Confidence confidence : Confidence.values()) { if (dependency.getVendorEvidence().contains(confidence)) { vendors = addEvidenceWithoutDuplicateTerms(vendors, dependency.getVendorEvidence(), confidence); - LOGGER.fine(String.format("vendor search: %s", vendors)); + LOGGER.debug("vendor search: {}", vendors); } if (dependency.getProductEvidence().contains(confidence)) { products = addEvidenceWithoutDuplicateTerms(products, dependency.getProductEvidence(), confidence); - LOGGER.fine(String.format("product search: %s", products)); + LOGGER.debug("product search: {}", products); } if (!vendors.isEmpty() && !products.isEmpty()) { final List entries = searchCPE(vendors, products, dependency.getProductEvidence().getWeighting(), @@ -194,11 +194,11 @@ public class CPEAnalyzer implements Analyzer { } boolean identifierAdded = false; for (IndexEntry e : entries) { - LOGGER.fine(String.format("Verifying entry: %s", e.toString())); + LOGGER.debug("Verifying entry: {}", e); if (verifyEntry(e, dependency)) { final String vendor = e.getVendor(); final String product = e.getProduct(); - LOGGER.fine(String.format("identified vendor/product: %s/%s", vendor, product)); + LOGGER.debug("identified vendor/product: {}/{}", vendor, product); identifierAdded |= determineIdentifiers(dependency, vendor, product, confidence); } } @@ -281,13 +281,11 @@ public class CPEAnalyzer implements Analyzer { } return ret; } catch (ParseException ex) { - final String msg = String.format("Unable to parse: %s", searchString); - LOGGER.log(Level.WARNING, "An error occured querying the CPE data. See the log for more details."); - LOGGER.log(Level.INFO, msg, ex); + LOGGER.warn("An error occured querying the CPE data. See the log for more details."); + LOGGER.info("Unable to parse: {}", searchString, ex); } catch (IOException ex) { - final String msg = String.format("IO Error with search string: %s", searchString); - LOGGER.log(Level.WARNING, "An error occured reading CPE data. See the log for more details."); - LOGGER.log(Level.INFO, msg, ex); + LOGGER.warn("An error occured reading CPE data. See the log for more details."); + LOGGER.info("IO Error with search string: {}", searchString, ex); } return null; } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java index 4654145f2..94074deb7 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java @@ -23,8 +23,6 @@ import java.io.IOException; import java.net.URL; import java.util.List; import java.util.Set; -import java.util.logging.Level; -import java.util.logging.Logger; import org.apache.commons.io.FileUtils; import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.analyzer.exception.AnalysisException; @@ -38,6 +36,8 @@ import org.owasp.dependencycheck.utils.DownloadFailedException; import org.owasp.dependencycheck.utils.Downloader; import org.owasp.dependencycheck.utils.InvalidSettingException; import org.owasp.dependencycheck.utils.Settings; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * Analyzer which will attempt to locate a dependency, and the GAV information, by querying Central for the dependency's SHA-1 @@ -50,7 +50,7 @@ public class CentralAnalyzer extends AbstractFileTypeAnalyzer { /** * The logger. */ - private static final Logger LOGGER = Logger.getLogger(CentralAnalyzer.class.getName()); + private static final Logger LOGGER = LoggerFactory.getLogger(CentralAnalyzer.class); /** * The name of the analyzer. @@ -103,7 +103,7 @@ public class CentralAnalyzer extends AbstractFileTypeAnalyzer { if (Settings.getBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED)) { if (!Settings.getBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED) || NexusAnalyzer.DEFAULT_URL.equals(Settings.getString(Settings.KEYS.ANALYZER_NEXUS_URL))) { - LOGGER.fine("Enabling the Central analyzer"); + LOGGER.debug("Enabling the Central analyzer"); retval = true; } else { LOGGER.info("Nexus analyzer is enabled, disabling the Central Analyzer"); @@ -112,7 +112,7 @@ public class CentralAnalyzer extends AbstractFileTypeAnalyzer { LOGGER.info("Central analyzer disabled"); } } catch (InvalidSettingException ise) { - LOGGER.warning("Invalid setting. Disabling the Central analyzer"); + LOGGER.warn("Invalid setting. Disabling the Central analyzer"); } return retval; } @@ -124,11 +124,11 @@ public class CentralAnalyzer extends AbstractFileTypeAnalyzer { */ @Override public void initializeFileTypeAnalyzer() throws Exception { - LOGGER.fine("Initializing Central analyzer"); - LOGGER.fine(String.format("Central analyzer enabled: %s", isEnabled())); + LOGGER.debug("Initializing Central analyzer"); + LOGGER.debug("Central analyzer enabled: {}", isEnabled()); if (isEnabled()) { final String searchUrl = Settings.getString(Settings.KEYS.ANALYZER_CENTRAL_URL); - LOGGER.fine(String.format("Central Analyzer URL: %s", searchUrl)); + LOGGER.debug("Central Analyzer URL: {}", searchUrl); searcher = new CentralSearch(new URL(searchUrl)); } } @@ -190,7 +190,7 @@ public class CentralAnalyzer extends AbstractFileTypeAnalyzer { final List mas = searcher.searchSha1(dependency.getSha1sum()); final Confidence confidence = mas.size() > 1 ? Confidence.HIGH : Confidence.HIGHEST; for (MavenArtifact ma : mas) { - LOGGER.fine(String.format("Central analyzer found artifact (%s) for dependency (%s)", ma.toString(), dependency.getFileName())); + LOGGER.debug("Central analyzer found artifact ({}) for dependency ({})", ma.toString(), dependency.getFileName()); dependency.addAsEvidence("central", ma, confidence); boolean pomAnalyzed = false; for (Evidence e : dependency.getVendorEvidence()) { @@ -205,19 +205,17 @@ public class CentralAnalyzer extends AbstractFileTypeAnalyzer { final File baseDir = Settings.getTempDirectory(); pomFile = File.createTempFile("pom", ".xml", baseDir); if (!pomFile.delete()) { - final String msg = String.format("Unable to fetch pom.xml for %s from Central; " - + "this could result in undetected CPE/CVEs.", dependency.getFileName()); - LOGGER.warning(msg); - LOGGER.fine("Unable to delete temp file"); + LOGGER.warn("Unable to fetch pom.xml for {} from Central; " + + "this could result in undetected CPE/CVEs.", dependency.getFileName()); + LOGGER.debug("Unable to delete temp file"); } - LOGGER.fine(String.format("Downloading %s", ma.getPomUrl())); + LOGGER.debug("Downloading {}", ma.getPomUrl()); Downloader.fetchFile(new URL(ma.getPomUrl()), pomFile); PomUtils.analyzePOM(dependency, pomFile); } catch (DownloadFailedException ex) { - final String msg = String.format("Unable to download pom.xml for %s from Central; " - + "this could result in undetected CPE/CVEs.", dependency.getFileName()); - LOGGER.warning(msg); + LOGGER.warn("Unable to download pom.xml for {} from Central; " + + "this could result in undetected CPE/CVEs.", dependency.getFileName()); } finally { if (pomFile != null && !FileUtils.deleteQuietly(pomFile)) { pomFile.deleteOnExit(); @@ -227,11 +225,11 @@ public class CentralAnalyzer extends AbstractFileTypeAnalyzer { } } catch (IllegalArgumentException iae) { - LOGGER.info(String.format("invalid sha1-hash on %s", dependency.getFileName())); + LOGGER.info("invalid sha1-hash on {}", dependency.getFileName()); } catch (FileNotFoundException fnfe) { - LOGGER.fine(String.format("Artifact not found in repository: '%s", dependency.getFileName())); + LOGGER.debug("Artifact not found in repository: '{}", dependency.getFileName()); } catch (IOException ioe) { - LOGGER.log(Level.FINE, "Could not connect to Central search", ioe); + LOGGER.debug("Could not connect to Central search", ioe); errorFlag = true; } } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java index 835547220..9517df123 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java @@ -22,8 +22,6 @@ import java.util.HashSet; import java.util.Iterator; import java.util.ListIterator; import java.util.Set; -import java.util.logging.Level; -import java.util.logging.Logger; import java.util.regex.Matcher; import java.util.regex.Pattern; import org.owasp.dependencycheck.Engine; @@ -33,6 +31,8 @@ import org.owasp.dependencycheck.dependency.Identifier; import org.owasp.dependencycheck.utils.DependencyVersion; import org.owasp.dependencycheck.utils.DependencyVersionUtil; import org.owasp.dependencycheck.utils.LogUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** *

@@ -49,7 +49,7 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal /** * The Logger. */ - private static final Logger LOGGER = Logger.getLogger(DependencyBundlingAnalyzer.class.getName()); + private static final Logger LOGGER = LoggerFactory.getLogger(DependencyBundlingAnalyzer.class); // /** @@ -264,8 +264,7 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal } } if (LogUtils.isVerboseLoggingEnabled()) { - final String msg = String.format("IdentifiersMatch=%s (%s, %s)", matches, dependency1.getFileName(), dependency2.getFileName()); - LOGGER.log(Level.FINE, msg); + LOGGER.debug("IdentifiersMatch={} ({}, {})", matches, dependency1.getFileName(), dependency2.getFileName()); } return matches; } @@ -345,8 +344,7 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal returnVal = leftName.length() <= rightName.length(); } if (LogUtils.isVerboseLoggingEnabled()) { - final String msg = String.format("IsCore=%s (%s, %s)", returnVal, left.getFileName(), right.getFileName()); - LOGGER.log(Level.FINE, msg); + LOGGER.debug("IsCore={} ({}, {})", returnVal, left.getFileName(), right.getFileName()); } return returnVal; } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java index 0cf9004ac..b4d41ae37 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java @@ -25,8 +25,6 @@ import java.util.Iterator; import java.util.List; import java.util.ListIterator; import java.util.Set; -import java.util.logging.Level; -import java.util.logging.Logger; import java.util.regex.Matcher; import java.util.regex.Pattern; import org.owasp.dependencycheck.Engine; @@ -34,6 +32,8 @@ import org.owasp.dependencycheck.analyzer.exception.AnalysisException; import org.owasp.dependencycheck.dependency.Dependency; import org.owasp.dependencycheck.dependency.Identifier; import org.owasp.dependencycheck.dependency.VulnerableSoftware; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * This analyzer attempts to remove some well known false positives - specifically regarding the java runtime. @@ -45,7 +45,7 @@ public class FalsePositiveAnalyzer extends AbstractAnalyzer { /** * The Logger. */ - private static final Logger LOGGER = Logger.getLogger(FalsePositiveAnalyzer.class.getName()); + private static final Logger LOGGER = LoggerFactory.getLogger(FalsePositiveAnalyzer.class); // /** * The name of the analyzer. @@ -171,7 +171,7 @@ public class FalsePositiveAnalyzer extends AbstractAnalyzer { final String nextVersion = nextCpe.getVersion(); if (currentVersion == null && nextVersion == null) { //how did we get here? - LOGGER.log(Level.FINE, "currentVersion and nextVersion are both null?"); + LOGGER.debug("currentVersion and nextVersion are both null?"); } else if (currentVersion == null && nextVersion != null) { dependency.getIdentifiers().remove(currentId); } else if (nextVersion == null && currentVersion != null) { @@ -248,7 +248,7 @@ public class FalsePositiveAnalyzer extends AbstractAnalyzer { try { cpe.parseName(value); } catch (UnsupportedEncodingException ex) { - LOGGER.log(Level.FINEST, null, ex); + LOGGER.trace("", ex); return null; } return cpe; @@ -397,7 +397,7 @@ public class FalsePositiveAnalyzer extends AbstractAnalyzer { newCpe4, String.format(CPEAnalyzer.NVD_SEARCH_URL, URLEncoder.encode(newCpe4, "UTF-8"))); } catch (UnsupportedEncodingException ex) { - LOGGER.log(Level.FINE, null, ex); + LOGGER.debug("", ex); } } } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java index a424d1d79..f22b52fda 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java @@ -39,8 +39,6 @@ import java.util.jar.Attributes; import java.util.jar.JarEntry; import java.util.jar.JarFile; import java.util.jar.Manifest; -import java.util.logging.Level; -import java.util.logging.Logger; import java.util.regex.Pattern; import java.util.zip.ZipEntry; import org.jsoup.Jsoup; @@ -54,6 +52,8 @@ import org.owasp.dependencycheck.xml.pom.PomUtils; import org.owasp.dependencycheck.xml.pom.Model; import org.owasp.dependencycheck.utils.FileUtils; import org.owasp.dependencycheck.utils.Settings; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * Used to load a JAR file and collect information that can be used to determine the associated CPE. @@ -66,7 +66,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { /** * The logger. */ - private static final Logger LOGGER = Logger.getLogger(JarAnalyzer.class.getName()); + private static final Logger LOGGER = LoggerFactory.getLogger(JarAnalyzer.class); /** * The buffer size to use when extracting files from the archive. */ @@ -249,20 +249,16 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { try { jar = new JarFile(dependency.getActualFilePath()); } catch (IOException ex) { - final String msg = String.format("Unable to read JarFile '%s'.", dependency.getActualFilePath()); - //final AnalysisException ax = new AnalysisException(msg, ex); - LOGGER.log(Level.WARNING, msg); - LOGGER.log(Level.FINE, "", ex); + LOGGER.warn("Unable to read JarFile '{}'.", dependency.getActualFilePath()); + LOGGER.trace("", ex); return false; } List pomEntries; try { pomEntries = retrievePomListing(jar); } catch (IOException ex) { - final String msg = String.format("Unable to read Jar file entries in '%s'.", dependency.getActualFilePath()); - //final AnalysisException ax = new AnalysisException(msg, ex); - LOGGER.log(Level.WARNING, msg); - LOGGER.log(Level.FINE, msg, ex); + LOGGER.warn("Unable to read Jar file entries in '{}'.", dependency.getActualFilePath()); + LOGGER.trace("", ex); return false; } File externalPom = null; @@ -277,14 +273,14 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { } } for (String path : pomEntries) { - LOGGER.fine(String.format("Reading pom entry: %s", path)); + LOGGER.debug("Reading pom entry: {}", path); Properties pomProperties = null; try { if (externalPom == null) { pomProperties = retrievePomProperties(path, jar); } } catch (IOException ex) { - LOGGER.log(Level.FINEST, "ignore this, failed reading a non-existent pom.properties", ex); + LOGGER.trace("ignore this, failed reading a non-existent pom.properties", ex); } Model pom = null; try { @@ -318,9 +314,8 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { foundSomething |= setPomEvidence(dependency, pom, classes); } } catch (AnalysisException ex) { - final String msg = String.format("An error occured while analyzing '%s'.", dependency.getActualFilePath()); - LOGGER.log(Level.WARNING, msg); - LOGGER.log(Level.FINE, "", ex); + LOGGER.warn("An error occured while analyzing '{}'.", dependency.getActualFilePath()); + LOGGER.trace("", ex); } } return foundSomething; @@ -344,13 +339,13 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { reader = new InputStreamReader(jar.getInputStream(propEntry), "UTF-8"); pomProperties = new Properties(); pomProperties.load(reader); - LOGGER.fine(String.format("Read pom.properties: %s", propPath)); + LOGGER.debug("Read pom.properties: {}", propPath); } finally { if (reader != null) { try { reader.close(); } catch (IOException ex) { - LOGGER.log(Level.FINEST, "close error", ex); + LOGGER.trace("close error", ex); } } } @@ -372,7 +367,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { final JarEntry entry = entries.nextElement(); final String entryName = (new File(entry.getName())).getName().toLowerCase(); if (!entry.isDirectory() && "pom.xml".equals(entryName)) { - LOGGER.fine(String.format("POM Entry found: %s", entry.getName())); + LOGGER.trace("POM Entry found: {}", entry.getName()); pomEntries.add(entry.getName()); } } @@ -408,9 +403,8 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { bos.flush(); dependency.setActualFilePath(file.getAbsolutePath()); } catch (IOException ex) { - final String msg = String.format("An error occurred reading '%s' from '%s'.", path, dependency.getFilePath()); - LOGGER.warning(msg); - LOGGER.log(Level.SEVERE, "", ex); + LOGGER.warn("An error occurred reading '{}' from '{}'.", path, dependency.getFilePath()); + LOGGER.error("", ex); } finally { closeStream(bos); closeStream(fos); @@ -429,7 +423,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { try { stream.close(); } catch (IOException ex) { - LOGGER.log(Level.FINEST, null, ex); + LOGGER.trace("", ex); } } } @@ -444,7 +438,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { try { stream.close(); } catch (IOException ex) { - LOGGER.log(Level.FINEST, null, ex); + LOGGER.trace("", ex); } } } @@ -644,9 +638,8 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { && !dependency.getFileName().toLowerCase().endsWith("-javadoc.jar") && !dependency.getFileName().toLowerCase().endsWith("-src.jar") && !dependency.getFileName().toLowerCase().endsWith("-doc.jar")) { - LOGGER.log(Level.FINE, - String.format("Jar file '%s' does not contain a manifest.", - dependency.getFileName())); + LOGGER.debug("Jar file '{}' does not contain a manifest.", + dependency.getFileName()); } return false; } @@ -892,11 +885,10 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { @Override public void close() { if (tempFileLocation != null && tempFileLocation.exists()) { - LOGGER.log(Level.FINE, "Attempting to delete temporary files"); + LOGGER.debug("Attempting to delete temporary files"); final boolean success = FileUtils.delete(tempFileLocation); if (!success) { - LOGGER.log(Level.WARNING, - "Failed to delete some temporary files, see the log for more details"); + LOGGER.warn("Failed to delete some temporary files, see the log for more details"); } } } @@ -937,15 +929,14 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { } } } catch (IOException ex) { - final String msg = String.format("Unable to open jar file '%s'.", dependency.getFileName()); - LOGGER.log(Level.WARNING, msg); - LOGGER.log(Level.FINE, null, ex); + LOGGER.warn("Unable to open jar file '{}'.", dependency.getFileName()); + LOGGER.debug("", ex); } finally { if (jar != null) { try { jar.close(); } catch (IOException ex) { - LOGGER.log(Level.FINEST, null, ex); + LOGGER.trace("", ex); } } } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzer.java index 5b72fff84..077a6d667 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzer.java @@ -23,13 +23,13 @@ import java.io.FileNotFoundException; import java.io.FileReader; import java.io.IOException; import java.util.Set; -import java.util.logging.Level; -import java.util.logging.Logger; import java.util.regex.Pattern; import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.analyzer.exception.AnalysisException; import org.owasp.dependencycheck.dependency.Dependency; import org.owasp.dependencycheck.utils.Settings; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * @@ -42,7 +42,7 @@ public class JavaScriptAnalyzer extends AbstractFileTypeAnalyzer { /** * The logger. */ - private static final Logger LOGGER = Logger.getLogger(JavaScriptAnalyzer.class.getName()); + private static final Logger LOGGER = LoggerFactory.getLogger(JavaScriptAnalyzer.class); // /** @@ -122,13 +122,13 @@ public class JavaScriptAnalyzer extends AbstractFileTypeAnalyzer { final String msg = String.format("Dependency file not found: '%s'", dependency.getActualFilePath()); throw new AnalysisException(msg, ex); } catch (IOException ex) { - LOGGER.log(Level.SEVERE, null, ex); + LOGGER.error("", ex); } finally { if (fin != null) { try { fin.close(); } catch (IOException ex) { - LOGGER.log(Level.FINEST, null, ex); + LOGGER.trace("", ex); } } } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java index e2f2fa107..101163745 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java @@ -23,8 +23,6 @@ import java.io.IOException; import java.net.MalformedURLException; import java.net.URL; import java.util.Set; -import java.util.logging.Level; -import java.util.logging.Logger; import org.apache.commons.io.FileUtils; import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.analyzer.exception.AnalysisException; @@ -38,6 +36,8 @@ import org.owasp.dependencycheck.utils.InvalidSettingException; import org.owasp.dependencycheck.utils.DownloadFailedException; import org.owasp.dependencycheck.utils.Downloader; import org.owasp.dependencycheck.utils.Settings; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * Analyzer which will attempt to locate a dependency on a Nexus service by SHA-1 digest of the dependency. @@ -63,7 +63,7 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer { /** * The logger. */ - private static final Logger LOGGER = Logger.getLogger(NexusAnalyzer.class.getName()); + private static final Logger LOGGER = LoggerFactory.getLogger(NexusAnalyzer.class); /** * The name of the analyzer. @@ -107,10 +107,10 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer { LOGGER.info("Enabling Nexus analyzer"); retval = true; } else { - LOGGER.fine("Nexus analyzer disabled, using Central instead"); + LOGGER.debug("Nexus analyzer disabled, using Central instead"); } } catch (InvalidSettingException ise) { - LOGGER.warning("Invalid setting. Disabling Nexus analyzer"); + LOGGER.warn("Invalid setting. Disabling Nexus analyzer"); } return retval; @@ -133,21 +133,21 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer { */ @Override public void initializeFileTypeAnalyzer() throws Exception { - LOGGER.fine("Initializing Nexus Analyzer"); - LOGGER.fine(String.format("Nexus Analyzer enabled: %s", isEnabled())); + LOGGER.debug("Initializing Nexus Analyzer"); + LOGGER.debug("Nexus Analyzer enabled: {}", isEnabled()); if (isEnabled()) { final String searchUrl = Settings.getString(Settings.KEYS.ANALYZER_NEXUS_URL); - LOGGER.fine(String.format("Nexus Analyzer URL: %s", searchUrl)); + LOGGER.debug("Nexus Analyzer URL: {}", searchUrl); try { searcher = new NexusSearch(new URL(searchUrl)); if (!searcher.preflightRequest()) { - LOGGER.warning("There was an issue getting Nexus status. Disabling analyzer."); + LOGGER.warn("There was an issue getting Nexus status. Disabling analyzer."); setEnabled(false); } } catch (MalformedURLException mue) { // I know that initialize can throw an exception, but we'll // just disable the analyzer if the URL isn't valid - LOGGER.warning(String.format("Property %s not a valid URL. Nexus Analyzer disabled", searchUrl)); + LOGGER.warn("Property {} not a valid URL. Nexus Analyzer disabled", searchUrl); setEnabled(false); } } @@ -209,7 +209,7 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer { final MavenArtifact ma = searcher.searchSha1(dependency.getSha1sum()); dependency.addAsEvidence("nexus", ma, Confidence.HIGH); boolean pomAnalyzed = false; - LOGGER.fine("POM URL " + ma.getPomUrl()); + LOGGER.debug("POM URL {}", ma.getPomUrl()); for (Evidence e : dependency.getVendorEvidence()) { if ("pom".equals(e.getSource())) { pomAnalyzed = true; @@ -222,18 +222,16 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer { final File baseDir = Settings.getTempDirectory(); pomFile = File.createTempFile("pom", ".xml", baseDir); if (!pomFile.delete()) { - final String msg = String.format("Unable to fetch pom.xml for %s from Nexus repository; " - + "this could result in undetected CPE/CVEs.", dependency.getFileName()); - LOGGER.warning(msg); - LOGGER.fine("Unable to delete temp file"); + LOGGER.warn("Unable to fetch pom.xml for {} from Nexus repository; " + + "this could result in undetected CPE/CVEs.", dependency.getFileName()); + LOGGER.debug("Unable to delete temp file"); } - LOGGER.fine(String.format("Downloading %s", ma.getPomUrl())); + LOGGER.debug("Downloading {}", ma.getPomUrl()); Downloader.fetchFile(new URL(ma.getPomUrl()), pomFile); PomUtils.analyzePOM(dependency, pomFile); } catch (DownloadFailedException ex) { - final String msg = String.format("Unable to download pom.xml for %s from Nexus repository; " - + "this could result in undetected CPE/CVEs.", dependency.getFileName()); - LOGGER.warning(msg); + LOGGER.warn("Unable to download pom.xml for {} from Nexus repository; " + + "this could result in undetected CPE/CVEs.", dependency.getFileName()); } finally { if (pomFile != null && !FileUtils.deleteQuietly(pomFile)) { pomFile.deleteOnExit(); @@ -245,11 +243,11 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer { LOGGER.info(String.format("invalid sha-1 hash on %s", dependency.getFileName())); } catch (FileNotFoundException fnfe) { //dependency.addAnalysisException(new AnalysisException("Artifact not found on repository")); - LOGGER.fine(String.format("Artifact not found in repository '%s'", dependency.getFileName())); - LOGGER.log(Level.FINE, fnfe.getMessage(), fnfe); + LOGGER.debug("Artifact not found in repository '{}'", dependency.getFileName()); + LOGGER.debug(fnfe.getMessage(), fnfe); } catch (IOException ioe) { //dependency.addAnalysisException(new AnalysisException("Could not connect to repository", ioe)); - LOGGER.log(Level.FINE, "Could not connect to nexus repository", ioe); + LOGGER.debug("Could not connect to nexus repository", ioe); } } } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java index 14109dede..237b349ae 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java @@ -21,8 +21,6 @@ import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; import java.util.Set; -import java.util.logging.Level; -import java.util.logging.Logger; import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.analyzer.exception.AnalysisException; import org.owasp.dependencycheck.data.nuget.NugetPackage; @@ -32,6 +30,8 @@ import org.owasp.dependencycheck.data.nuget.XPathNuspecParser; import org.owasp.dependencycheck.dependency.Confidence; import org.owasp.dependencycheck.dependency.Dependency; import org.owasp.dependencycheck.utils.Settings; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * Analyzer which will parse a Nuspec file to gather module information. @@ -43,7 +43,7 @@ public class NuspecAnalyzer extends AbstractFileTypeAnalyzer { /** * The logger. */ - private static final Logger LOGGER = Logger.getLogger(NuspecAnalyzer.class.getName()); + private static final Logger LOGGER = LoggerFactory.getLogger(NuspecAnalyzer.class); /** * The name of the analyzer. @@ -118,7 +118,7 @@ public class NuspecAnalyzer extends AbstractFileTypeAnalyzer { */ @Override public void analyzeFileType(Dependency dependency, Engine engine) throws AnalysisException { - LOGGER.log(Level.FINE, "Checking Nuspec file {0}", dependency.toString()); + LOGGER.debug("Checking Nuspec file {}", dependency.toString()); try { final NuspecParser parser = new XPathNuspecParser(); NugetPackage np = null; @@ -135,7 +135,7 @@ public class NuspecAnalyzer extends AbstractFileTypeAnalyzer { try { fis.close(); } catch (IOException e) { - LOGGER.fine("Error closing input stream"); + LOGGER.debug("Error closing input stream"); } } } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.java index aa0628e81..6b31c6973 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.java @@ -23,8 +23,6 @@ import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.FilenameFilter; import java.util.Set; -import java.util.logging.Level; -import java.util.logging.Logger; import java.util.regex.Pattern; import javax.mail.MessagingException; @@ -44,6 +42,8 @@ import org.owasp.dependencycheck.utils.ExtractionUtil; import org.owasp.dependencycheck.utils.FileUtils; import org.owasp.dependencycheck.utils.Settings; import org.owasp.dependencycheck.utils.UrlStringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * Used to analyze a Wheel or egg distribution files, or their contents in unzipped form, and collect information that can be used @@ -66,8 +66,8 @@ public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer { /** * The logger. */ - private static final Logger LOGGER = Logger - .getLogger(PythonDistributionAnalyzer.class.getName()); + private static final Logger LOGGER = LoggerFactory + .getLogger(PythonDistributionAnalyzer.class); /** * The count of directories created during analysis. This is used for creating temporary directories. @@ -203,7 +203,7 @@ public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer { FilenameFilter folderFilter, FilenameFilter metadataFilter) throws AnalysisException { final File temp = getNextTempDirectory(); - LOGGER.fine(String.format("%s exists? %b", temp, temp.exists())); + LOGGER.debug("{} exists? {}", temp, temp.exists()); try { ExtractionUtil.extractFilesUsingFilter( new File(dependency.getActualFilePath()), temp, @@ -247,10 +247,10 @@ public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer { @Override public void close() { if (tempFileLocation != null && tempFileLocation.exists()) { - LOGGER.log(Level.FINE, "Attempting to delete temporary files"); + LOGGER.debug("Attempting to delete temporary files"); final boolean success = FileUtils.delete(tempFileLocation); if (!success) { - LOGGER.log(Level.WARNING, + LOGGER.warn( "Failed to delete some temporary files, see the log for more details"); } } @@ -298,7 +298,7 @@ public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer { private static void addPropertyToEvidence(InternetHeaders headers, EvidenceCollection evidence, String property, Confidence confidence) { final String value = headers.getHeader(property, null); - LOGGER.fine(String.format("Property: %s, Value: %s", property, value)); + LOGGER.debug("Property: {}, Value: {}", property, value); if (StringUtils.isNotBlank(value)) { evidence.addEvidence(METADATA, property, value, confidence); } @@ -329,15 +329,15 @@ public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer { private static InternetHeaders getManifestProperties(File manifest) { final InternetHeaders result = new InternetHeaders(); if (null == manifest) { - LOGGER.fine("Manifest file not found."); + LOGGER.debug("Manifest file not found."); } else { try { result.load(new AutoCloseInputStream(new BufferedInputStream( new FileInputStream(manifest)))); } catch (MessagingException e) { - LOGGER.log(Level.WARNING, e.getMessage(), e); + LOGGER.warn(e.getMessage(), e); } catch (FileNotFoundException e) { - LOGGER.log(Level.WARNING, e.getMessage(), e); + LOGGER.warn(e.getMessage(), e); } } return result; diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzer.java index 4895a8134..a2080792f 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzer.java @@ -25,7 +25,6 @@ import java.util.ArrayList; import java.util.Collections; import java.util.List; import java.util.Set; -import java.util.logging.Logger; import java.util.regex.Matcher; import java.util.regex.Pattern; @@ -39,6 +38,8 @@ import org.owasp.dependencycheck.dependency.Dependency; import org.owasp.dependencycheck.dependency.EvidenceCollection; import org.owasp.dependencycheck.utils.Settings; import org.owasp.dependencycheck.utils.UrlStringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * Used to analyze a Python package, and collect information that can be used to determine the associated CPE. @@ -56,8 +57,8 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer { /** * The logger. */ - private static final Logger LOGGER = Logger - .getLogger(PythonPackageAnalyzer.class.getName()); + private static final Logger LOGGER = LoggerFactory + .getLogger(PythonPackageAnalyzer.class); /** * Filename extensions for files to be analyzed. @@ -240,7 +241,7 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer { found |= gatherHomePageEvidence(HOMEPAGE_PATTERN, vendorEvidence, source, "HomePage", contents); } catch (MalformedURLException e) { - LOGGER.warning(e.getMessage()); + LOGGER.warn(e.getMessage()); } } return found; diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/central/CentralSearch.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/central/CentralSearch.java index 2905990ce..53bdd37d5 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/central/CentralSearch.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/central/CentralSearch.java @@ -23,7 +23,6 @@ import java.net.HttpURLConnection; import java.net.URL; import java.util.ArrayList; import java.util.List; -import java.util.logging.Logger; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.xpath.XPath; @@ -32,6 +31,8 @@ import javax.xml.xpath.XPathFactory; import org.owasp.dependencycheck.data.nexus.MavenArtifact; import org.owasp.dependencycheck.utils.Settings; import org.owasp.dependencycheck.utils.URLConnectionFactory; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.w3c.dom.Document; import org.w3c.dom.NodeList; @@ -55,7 +56,7 @@ public class CentralSearch { /** * Used for logging. */ - private static final Logger LOGGER = Logger.getLogger(CentralSearch.class.getName()); + private static final Logger LOGGER = LoggerFactory.getLogger(CentralSearch.class); /** * Creates a NexusSearch for the given repository URL. @@ -67,10 +68,10 @@ public class CentralSearch { this.rootURL = rootURL; if (null != Settings.getString(Settings.KEYS.PROXY_SERVER)) { useProxy = true; - LOGGER.fine("Using proxy"); + LOGGER.debug("Using proxy"); } else { useProxy = false; - LOGGER.fine("Not using proxy"); + LOGGER.debug("Not using proxy"); } } @@ -89,7 +90,7 @@ public class CentralSearch { final URL url = new URL(rootURL + String.format("?q=1:\"%s\"&wt=xml", sha1)); - LOGGER.fine(String.format("Searching Central url %s", url.toString())); + LOGGER.debug("Searching Central url {}", url.toString()); // Determine if we need to use a proxy. The rules: // 1) If the proxy is set, AND the setting is set to true, use the proxy @@ -119,9 +120,9 @@ public class CentralSearch { final NodeList docs = (NodeList) xpath.evaluate("/response/result/doc", doc, XPathConstants.NODESET); for (int i = 0; i < docs.getLength(); i++) { final String g = xpath.evaluate("./str[@name='g']", docs.item(i)); - LOGGER.finest(String.format("GroupId: %s", g)); + LOGGER.trace("GroupId: {}", g); final String a = xpath.evaluate("./str[@name='a']", docs.item(i)); - LOGGER.finest(String.format("ArtifactId: %s", a)); + LOGGER.trace("ArtifactId: {}", a); final String v = xpath.evaluate("./str[@name='v']", docs.item(i)); NodeList atts = (NodeList) xpath.evaluate("./arr[@name='ec']/str", docs.item(i), XPathConstants.NODESET); boolean pomAvailable = false; @@ -144,7 +145,7 @@ public class CentralSearch { } } - LOGGER.finest(String.format("Version: %s", v)); + LOGGER.trace("Version: {}", v); result.add(new MavenArtifact(g, a, v, jarAvailable, pomAvailable, useHTTPS)); } @@ -160,10 +161,9 @@ public class CentralSearch { throw new FileNotFoundException("Artifact not found in Central"); } } else { - final String msg = String.format("Could not connect to Central received response code: %d %s", - conn.getResponseCode(), conn.getResponseMessage()); - LOGGER.fine(msg); - throw new IOException(msg); + LOGGER.debug("Could not connect to Central received response code: {} {}", + conn.getResponseCode(), conn.getResponseMessage()); + throw new IOException("Could not connect to Central"); } return null; diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/CpeMemoryIndex.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/CpeMemoryIndex.java index e0389c99d..3f80b2d8f 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/CpeMemoryIndex.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/CpeMemoryIndex.java @@ -21,8 +21,6 @@ import java.io.IOException; import java.util.HashMap; import java.util.Map; import java.util.Set; -import java.util.logging.Level; -import java.util.logging.Logger; import org.apache.lucene.analysis.Analyzer; import org.apache.lucene.analysis.core.KeywordAnalyzer; import org.apache.lucene.analysis.miscellaneous.PerFieldAnalyzerWrapper; @@ -46,6 +44,8 @@ import org.owasp.dependencycheck.data.lucene.SearchFieldAnalyzer; import org.owasp.dependencycheck.data.nvdcve.CveDB; import org.owasp.dependencycheck.data.nvdcve.DatabaseException; import org.owasp.dependencycheck.utils.Pair; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * An in memory lucene index that contains the vendor/product combinations from the CPE (application) identifiers within the NVD @@ -58,7 +58,7 @@ public final class CpeMemoryIndex { /** * The logger. */ - private static final Logger LOGGER = Logger.getLogger(CpeMemoryIndex.class.getName()); + private static final Logger LOGGER = LoggerFactory.getLogger(CpeMemoryIndex.class); /** * singleton instance. */ @@ -203,7 +203,7 @@ public final class CpeMemoryIndex { try { indexReader.close(); } catch (IOException ex) { - LOGGER.log(Level.FINEST, null, ex); + LOGGER.trace("", ex); } indexReader = null; } @@ -235,7 +235,7 @@ public final class CpeMemoryIndex { saveEntry(pair.getLeft(), pair.getRight(), indexWriter); } } catch (DatabaseException ex) { - LOGGER.log(Level.FINE, null, ex); + LOGGER.debug("", ex); throw new IndexException("Error reading CPE data", ex); } } catch (CorruptIndexException ex) { diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cwe/CweDB.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cwe/CweDB.java index 106de1a50..b17e3ca7d 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cwe/CweDB.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cwe/CweDB.java @@ -17,12 +17,13 @@ */ package org.owasp.dependencycheck.data.cwe; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + import java.io.IOException; import java.io.InputStream; import java.io.ObjectInputStream; import java.util.HashMap; -import java.util.logging.Level; -import java.util.logging.Logger; /** * @@ -33,7 +34,7 @@ public final class CweDB { /** * The Logger. */ - private static final Logger LOGGER = Logger.getLogger(CweDB.class.getName()); + private static final Logger LOGGER = LoggerFactory.getLogger(CweDB.class); /** * Empty private constructor as this is a utility class. @@ -61,17 +62,17 @@ public final class CweDB { final HashMap ret = (HashMap) oin.readObject(); return ret; } catch (ClassNotFoundException ex) { - LOGGER.log(Level.WARNING, "Unable to load CWE data. This should not be an issue."); - LOGGER.log(Level.FINE, null, ex); + LOGGER.warn("Unable to load CWE data. This should not be an issue."); + LOGGER.debug("", ex); } catch (IOException ex) { - LOGGER.log(Level.WARNING, "Unable to load CWE data due to an IO Error. This should not be an issue."); - LOGGER.log(Level.FINE, null, ex); + LOGGER.warn("Unable to load CWE data due to an IO Error. This should not be an issue."); + LOGGER.debug("", ex); } finally { if (oin != null) { try { oin.close(); } catch (IOException ex) { - LOGGER.log(Level.FINEST, null, ex); + LOGGER.trace("", ex); } } } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/UrlTokenizingFilter.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/UrlTokenizingFilter.java index 41cd19f09..dd310f05e 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/UrlTokenizingFilter.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/UrlTokenizingFilter.java @@ -21,11 +21,11 @@ import java.io.IOException; import java.net.MalformedURLException; import java.util.LinkedList; import java.util.List; -import java.util.logging.Level; -import java.util.logging.Logger; import org.apache.lucene.analysis.TokenStream; import org.apache.lucene.analysis.tokenattributes.CharTermAttribute; import org.owasp.dependencycheck.utils.UrlStringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** *

@@ -39,7 +39,7 @@ public final class UrlTokenizingFilter extends AbstractTokenizingFilter { /** * The logger. */ - private static final Logger LOGGER = Logger.getLogger(UrlTokenizingFilter.class.getName()); + private static final Logger LOGGER = LoggerFactory.getLogger(UrlTokenizingFilter.class); /** * Constructs a new VersionTokenizingFilter. * @@ -70,7 +70,7 @@ public final class UrlTokenizingFilter extends AbstractTokenizingFilter { final List data = UrlStringUtils.extractImportantUrlData(part); tokens.addAll(data); } catch (MalformedURLException ex) { - LOGGER.log(Level.FINE, "error parsing " + part, ex); + LOGGER.debug("error parsing {}", part, ex); tokens.add(part); } } else { diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nexus/NexusSearch.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nexus/NexusSearch.java index 21ade08c3..996826ba5 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nexus/NexusSearch.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nexus/NexusSearch.java @@ -21,8 +21,6 @@ import java.io.FileNotFoundException; import java.io.IOException; import java.net.HttpURLConnection; import java.net.URL; -import java.util.logging.Level; -import java.util.logging.Logger; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.xpath.XPath; @@ -30,6 +28,8 @@ import javax.xml.xpath.XPathFactory; import org.owasp.dependencycheck.utils.InvalidSettingException; import org.owasp.dependencycheck.utils.Settings; import org.owasp.dependencycheck.utils.URLConnectionFactory; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.w3c.dom.Document; /** @@ -59,7 +59,7 @@ public class NexusSearch { /** * Used for logging. */ - private static final Logger LOGGER = Logger.getLogger(NexusSearch.class.getName()); + private static final Logger LOGGER = LoggerFactory.getLogger(NexusSearch.class); /** * Creates a NexusSearch for the given repository URL. @@ -73,10 +73,10 @@ public class NexusSearch { if (null != Settings.getString(Settings.KEYS.PROXY_SERVER) && Settings.getBoolean(Settings.KEYS.ANALYZER_NEXUS_PROXY)) { useProxy = true; - LOGGER.fine("Using proxy"); + LOGGER.debug("Using proxy"); } else { useProxy = false; - LOGGER.fine("Not using proxy"); + LOGGER.debug("Not using proxy"); } } catch (InvalidSettingException ise) { useProxy = false; @@ -99,7 +99,7 @@ public class NexusSearch { final URL url = new URL(rootURL, String.format("identify/sha1/%s", sha1.toLowerCase())); - LOGGER.fine(String.format("Searching Nexus url %s", url.toString())); + LOGGER.debug("Searching Nexus url {}", url); // Determine if we need to use a proxy. The rules: // 1) If the proxy is set, AND the setting is set to true, use the proxy @@ -155,10 +155,9 @@ public class NexusSearch { } else if (conn.getResponseCode() == 404) { throw new FileNotFoundException("Artifact not found in Nexus"); } else { - final String msg = String.format("Could not connect to Nexus received response code: %d %s", - conn.getResponseCode(), conn.getResponseMessage()); - LOGGER.fine(msg); - throw new IOException(msg); + LOGGER.debug("Could not connect to Nexus received response code: {} {}", + conn.getResponseCode(), conn.getResponseMessage()); + throw new IOException("Could not connect to Nexus"); } } @@ -175,13 +174,13 @@ public class NexusSearch { conn.addRequestProperty("Accept", "application/xml"); conn.connect(); if (conn.getResponseCode() != 200) { - LOGGER.log(Level.WARNING, "Expected 200 result from Nexus, got {0}", conn.getResponseCode()); + LOGGER.warn("Expected 200 result from Nexus, got {}", conn.getResponseCode()); return false; } final DocumentBuilder builder = DocumentBuilderFactory.newInstance().newDocumentBuilder(); final Document doc = builder.parse(conn.getInputStream()); if (!"status".equals(doc.getDocumentElement().getNodeName())) { - LOGGER.log(Level.WARNING, "Expected root node name of status, got {0}", doc.getDocumentElement().getNodeName()); + LOGGER.warn("Expected root node name of status, got {}", doc.getDocumentElement().getNodeName()); return false; } } catch (Throwable e) { diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java index e29c28e55..a2c05f2b2 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java @@ -29,10 +29,10 @@ import java.sql.DriverManager; import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Statement; -import java.util.logging.Level; -import java.util.logging.Logger; import org.owasp.dependencycheck.utils.DBUtils; import org.owasp.dependencycheck.utils.Settings; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * Loads the configured database driver and returns the database connection. If the embedded H2 database is used @@ -46,7 +46,7 @@ public final class ConnectionFactory { /** * The Logger. */ - private static final Logger LOGGER = Logger.getLogger(ConnectionFactory.class.getName()); + private static final Logger LOGGER = LoggerFactory.getLogger(ConnectionFactory.class); /** * The version of the current DB Schema. */ @@ -94,17 +94,17 @@ public final class ConnectionFactory { //load the driver if necessary final String driverName = Settings.getString(Settings.KEYS.DB_DRIVER_NAME, ""); if (!driverName.isEmpty()) { //likely need to load the correct driver - LOGGER.log(Level.FINE, "Loading driver: {0}", driverName); + LOGGER.debug("Loading driver: {}", driverName); final String driverPath = Settings.getString(Settings.KEYS.DB_DRIVER_PATH, ""); try { if (!driverPath.isEmpty()) { - LOGGER.log(Level.FINE, "Loading driver from: {0}", driverPath); + LOGGER.debug("Loading driver from: {}", driverPath); driver = DriverLoader.load(driverName, driverPath); } else { driver = DriverLoader.load(driverName); } } catch (DriverLoadException ex) { - LOGGER.log(Level.FINE, "Unable to load database driver", ex); + LOGGER.debug("Unable to load database driver", ex); throw new DatabaseException("Unable to load database driver"); } } @@ -117,7 +117,7 @@ public final class ConnectionFactory { Settings.KEYS.DB_FILE_NAME, Settings.KEYS.DB_VERSION); } catch (IOException ex) { - LOGGER.log(Level.FINE, + LOGGER.debug( "Unable to retrieve the database connection string", ex); throw new DatabaseException("Unable to retrieve the database connection string"); } @@ -125,15 +125,15 @@ public final class ConnectionFactory { try { if (connectionString.startsWith("jdbc:h2:file:")) { //H2 shouldCreateSchema = !h2DataFileExists(); - LOGGER.log(Level.FINE, "Need to create DB Structure: {0}", shouldCreateSchema); + LOGGER.debug("Need to create DB Structure: {}", shouldCreateSchema); } } catch (IOException ioex) { - LOGGER.log(Level.FINE, "Unable to verify database exists", ioex); + LOGGER.debug("Unable to verify database exists", ioex); throw new DatabaseException("Unable to verify database exists"); } - LOGGER.log(Level.FINE, "Loading database connection"); - LOGGER.log(Level.FINE, "Connection String: {0}", connectionString); - LOGGER.log(Level.FINE, "Database User: {0}", userName); + LOGGER.debug("Loading database connection"); + LOGGER.debug("Connection String: {}", connectionString); + LOGGER.debug("Database User: {}", userName); try { conn = DriverManager.getConnection(connectionString, userName, password); @@ -143,14 +143,14 @@ public final class ConnectionFactory { try { conn = DriverManager.getConnection(connectionString, userName, password); Settings.setString(Settings.KEYS.DB_CONNECTION_STRING, connectionString); - LOGGER.log(Level.FINE, + LOGGER.debug( "Unable to start the database in server mode; reverting to single user mode"); } catch (SQLException sqlex) { - LOGGER.log(Level.FINE, "Unable to connect to the database", ex); + LOGGER.debug("Unable to connect to the database", ex); throw new DatabaseException("Unable to connect to the database"); } } else { - LOGGER.log(Level.FINE, "Unable to connect to the database", ex); + LOGGER.debug("Unable to connect to the database", ex); throw new DatabaseException("Unable to connect to the database"); } } @@ -159,14 +159,14 @@ public final class ConnectionFactory { try { createTables(conn); } catch (DatabaseException dex) { - LOGGER.log(Level.FINE, null, dex); + LOGGER.debug("", dex); throw new DatabaseException("Unable to create the database structure"); } } else { try { ensureSchemaVersion(conn); } catch (DatabaseException dex) { - LOGGER.log(Level.FINE, null, dex); + LOGGER.debug("", dex); throw new DatabaseException("Database schema does not match this version of dependency-check"); } } @@ -175,7 +175,7 @@ public final class ConnectionFactory { try { conn.close(); } catch (SQLException ex) { - LOGGER.log(Level.FINE, "An error occurred closing the connection", ex); + LOGGER.debug("An error occurred closing the connection", ex); } } } @@ -191,9 +191,9 @@ public final class ConnectionFactory { try { DriverManager.deregisterDriver(driver); } catch (SQLException ex) { - LOGGER.log(Level.FINE, "An error occurred unloading the database driver", ex); + LOGGER.debug("An error occurred unloading the database driver", ex); } catch (Throwable unexpected) { - LOGGER.log(Level.FINE, + LOGGER.debug( "An unexpected throwable occurred unloading the database driver", unexpected); } driver = null; @@ -215,7 +215,7 @@ public final class ConnectionFactory { try { conn = DriverManager.getConnection(connectionString, userName, password); } catch (SQLException ex) { - LOGGER.log(Level.FINE, null, ex); + LOGGER.debug("", ex); throw new DatabaseException("Unable to connect to the database"); } return conn; @@ -242,7 +242,7 @@ public final class ConnectionFactory { * @throws DatabaseException thrown if there is a Database Exception */ private static void createTables(Connection conn) throws DatabaseException { - LOGGER.log(Level.FINE, "Creating database structure"); + LOGGER.debug("Creating database structure"); InputStream is; InputStreamReader reader; BufferedReader in = null; @@ -260,7 +260,7 @@ public final class ConnectionFactory { statement = conn.createStatement(); statement.execute(sb.toString()); } catch (SQLException ex) { - LOGGER.log(Level.FINE, null, ex); + LOGGER.debug("", ex); throw new DatabaseException("Unable to create database statement", ex); } finally { DBUtils.closeStatement(statement); @@ -272,7 +272,7 @@ public final class ConnectionFactory { try { in.close(); } catch (IOException ex) { - LOGGER.log(Level.FINEST, null, ex); + LOGGER.trace("", ex); } } } @@ -299,7 +299,7 @@ public final class ConnectionFactory { throw new DatabaseException("Database schema is missing"); } } catch (SQLException ex) { - LOGGER.log(Level.FINE, null, ex); + LOGGER.debug("", ex); throw new DatabaseException("Unable to check the database schema version"); } finally { DBUtils.closeResultSet(rs); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java index 23a8c06d7..cdb522378 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java @@ -33,8 +33,6 @@ import java.util.Map.Entry; import java.util.Properties; import java.util.ResourceBundle; import java.util.Set; -import java.util.logging.Level; -import java.util.logging.Logger; import org.owasp.dependencycheck.data.cwe.CweDB; import org.owasp.dependencycheck.dependency.Reference; import org.owasp.dependencycheck.dependency.Vulnerability; @@ -44,6 +42,8 @@ import org.owasp.dependencycheck.utils.DependencyVersion; import org.owasp.dependencycheck.utils.DependencyVersionUtil; import org.owasp.dependencycheck.utils.Pair; import org.owasp.dependencycheck.utils.Settings; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * The database holding information about the NVD CVE data. @@ -55,7 +55,7 @@ public class CveDB { /** * The logger. */ - private static final Logger LOGGER = Logger.getLogger(CveDB.class.getName()); + private static final Logger LOGGER = LoggerFactory.getLogger(CveDB.class); /** * Database connection */ @@ -110,13 +110,11 @@ public class CveDB { try { conn.close(); } catch (SQLException ex) { - final String msg = "There was an error attempting to close the CveDB, see the log for more details."; - LOGGER.log(Level.SEVERE, msg); - LOGGER.log(Level.FINE, null, ex); + LOGGER.error("There was an error attempting to close the CveDB, see the log for more details."); + LOGGER.debug("", ex); } catch (Throwable ex) { - final String msg = "There was an exception attempting to close the CveDB, see the log for more details."; - LOGGER.log(Level.SEVERE, msg); - LOGGER.log(Level.FINE, null, ex); + LOGGER.error("There was an exception attempting to close the CveDB, see the log for more details."); + LOGGER.debug("", ex); } conn = null; } @@ -151,7 +149,7 @@ public class CveDB { @Override @SuppressWarnings("FinalizeDeclaration") protected void finalize() throws Throwable { - LOGGER.log(Level.FINE, "Entering finalize"); + LOGGER.debug("Entering finalize"); close(); super.finalize(); } @@ -193,9 +191,8 @@ public class CveDB { cpe.add(vs); } } catch (SQLException ex) { - final String msg = "An unexpected SQL Exception occurred; please see the verbose log for more details."; - LOGGER.log(Level.SEVERE, msg); - LOGGER.log(Level.FINE, null, ex); + LOGGER.error("An unexpected SQL Exception occurred; please see the verbose log for more details."); + LOGGER.debug("", ex); } finally { DBUtils.closeResultSet(rs); DBUtils.closeStatement(ps); @@ -245,9 +242,8 @@ public class CveDB { prop.setProperty(rs.getString(1), rs.getString(2)); } } catch (SQLException ex) { - final String msg = "An unexpected SQL Exception occurred; please see the verbose log for more details."; - LOGGER.log(Level.SEVERE, msg); - LOGGER.log(Level.FINE, null, ex); + LOGGER.error("An unexpected SQL Exception occurred; please see the verbose log for more details."); + LOGGER.debug("", ex); } finally { DBUtils.closeStatement(ps); DBUtils.closeResultSet(rs); @@ -268,8 +264,8 @@ public class CveDB { updateProperty = getConnection().prepareStatement(statementBundle.getString("UPDATE_PROPERTY")); insertProperty = getConnection().prepareStatement(statementBundle.getString("INSERT_PROPERTY")); } catch (SQLException ex) { - LOGGER.log(Level.WARNING, "Unable to save properties to the database"); - LOGGER.log(Level.FINE, "Unable to save properties to the database", ex); + LOGGER.warn("Unable to save properties to the database"); + LOGGER.debug("Unable to save properties to the database", ex); return; } for (Entry entry : props.entrySet()) { @@ -283,9 +279,8 @@ public class CveDB { insertProperty.setString(2, value); } } catch (SQLException ex) { - final String msg = String.format("Unable to save property '%s' with a value of '%s' to the database", key, value); - LOGGER.log(Level.WARNING, msg); - LOGGER.log(Level.FINE, null, ex); + LOGGER.warn("Unable to save property '{}' with a value of '{}' to the database", key, value); + LOGGER.debug("", ex); } } } finally { @@ -307,8 +302,8 @@ public class CveDB { try { updateProperty = getConnection().prepareStatement(statementBundle.getString("UPDATE_PROPERTY")); } catch (SQLException ex) { - LOGGER.log(Level.WARNING, "Unable to save properties to the database"); - LOGGER.log(Level.FINE, "Unable to save properties to the database", ex); + LOGGER.warn("Unable to save properties to the database"); + LOGGER.debug("Unable to save properties to the database", ex); return; } try { @@ -318,8 +313,8 @@ public class CveDB { try { insertProperty = getConnection().prepareStatement(statementBundle.getString("INSERT_PROPERTY")); } catch (SQLException ex) { - LOGGER.log(Level.WARNING, "Unable to save properties to the database"); - LOGGER.log(Level.FINE, "Unable to save properties to the database", ex); + LOGGER.warn("Unable to save properties to the database"); + LOGGER.debug("Unable to save properties to the database", ex); return; } insertProperty.setString(1, key); @@ -327,9 +322,8 @@ public class CveDB { insertProperty.execute(); } } catch (SQLException ex) { - final String msg = String.format("Unable to save property '%s' with a value of '%s' to the database", key, value); - LOGGER.log(Level.WARNING, msg); - LOGGER.log(Level.FINE, null, ex); + LOGGER.warn("Unable to save property '{}' with a value of '{}' to the database", key, value); + LOGGER.debug("", ex); } } finally { DBUtils.closeStatement(updateProperty); @@ -350,7 +344,7 @@ public class CveDB { try { cpe.parseName(cpeStr); } catch (UnsupportedEncodingException ex) { - LOGGER.log(Level.FINEST, null, ex); + LOGGER.trace("", ex); } final DependencyVersion detectedVersion = parseDependencyVersion(cpe); final List vulnerabilities = new ArrayList(); @@ -601,7 +595,7 @@ public class CveDB { } catch (SQLException ex) { final String msg = String.format("Error updating '%s'", vuln.getName()); - LOGGER.log(Level.FINE, null, ex); + LOGGER.debug("", ex); throw new DatabaseException(msg, ex); } finally { DBUtils.closeStatement(selectVulnerabilityId); @@ -640,13 +634,12 @@ public class CveDB { } catch (IOException ex1) { dd = Settings.getString(Settings.KEYS.DATA_DIRECTORY); } - final String msg = String.format("Unable to access the local database.%n%nEnsure that '%s' is a writable directory. " - + "If the problem persist try deleting the files in '%s' and running %s again. If the problem continues, please " + LOGGER.error("Unable to access the local database.\n\nEnsure that '{}' is a writable directory. " + + "If the problem persist try deleting the files in '{}' and running {} again. If the problem continues, please " + "create a log file (see documentation at http://jeremylong.github.io/DependencyCheck/) and open a ticket at " - + "https://github.com/jeremylong/DependencyCheck/issues and include the log file.%n%n", - dd, dd, Settings.getString(Settings.KEYS.APPLICATION_VAME)); - LOGGER.log(Level.SEVERE, msg); - LOGGER.log(Level.FINE, "", ex); + + "https://github.com/jeremylong/DependencyCheck/issues and include the log file.\n\n", + dd, dd, Settings.getString(Settings.KEYS.APPLICATION_VAME)); + LOGGER.debug("", ex); } finally { DBUtils.closeResultSet(rs); DBUtils.closeStatement(cs); @@ -666,9 +659,8 @@ public class CveDB { ps.executeUpdate(); } } catch (SQLException ex) { - final String msg = "An unexpected SQL Exception occurred; please see the verbose log for more details."; - LOGGER.log(Level.SEVERE, msg); - LOGGER.log(Level.FINE, null, ex); + LOGGER.error("An unexpected SQL Exception occurred; please see the verbose log for more details."); + LOGGER.debug("", ex); } finally { DBUtils.closeStatement(ps); } @@ -759,7 +751,7 @@ public class CveDB { cpe.parseName(cpeStr); } catch (UnsupportedEncodingException ex) { //never going to happen. - LOGGER.log(Level.FINEST, null, ex); + LOGGER.trace("", ex); } return parseDependencyVersion(cpe); } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/DatabaseProperties.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/DatabaseProperties.java index d0103a87a..fc74931e3 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/DatabaseProperties.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/DatabaseProperties.java @@ -24,10 +24,10 @@ import java.util.Map; import java.util.Map.Entry; import java.util.Properties; import java.util.TreeMap; -import java.util.logging.Level; -import java.util.logging.Logger; import org.owasp.dependencycheck.data.update.NvdCveInfo; import org.owasp.dependencycheck.data.update.exception.UpdateException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * This is a wrapper around a set of properties that are stored in the database. @@ -39,7 +39,7 @@ public class DatabaseProperties { /** * The Logger. */ - private static final Logger LOGGER = Logger.getLogger(DatabaseProperties.class.getName()); + private static final Logger LOGGER = LoggerFactory.getLogger(DatabaseProperties.class); /** * Modified key word, used as a key to store information about the modified file (i.e. the containing the last 8 * days of updates).. @@ -166,7 +166,7 @@ public class DatabaseProperties { final String formatted = format.format(date); map.put(key, formatted); } catch (Throwable ex) { //deliberately being broad in this catch clause - LOGGER.log(Level.FINE, "Unable to parse timestamp from DB", ex); + LOGGER.debug("Unable to parse timestamp from DB", ex); map.put(key, (String) entry.getValue()); } } else { diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/DriverLoader.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/DriverLoader.java index acded5d98..c845e12b4 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/DriverLoader.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/DriverLoader.java @@ -17,6 +17,9 @@ */ package org.owasp.dependencycheck.data.nvdcve; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + import java.io.File; import java.net.MalformedURLException; import java.net.URL; @@ -28,8 +31,6 @@ import java.sql.DriverManager; import java.sql.SQLException; import java.util.ArrayList; import java.util.List; -import java.util.logging.Level; -import java.util.logging.Logger; /** * DriverLoader is a utility class that is used to load database drivers. @@ -41,7 +42,7 @@ public final class DriverLoader { /** * The logger. */ - private static final Logger LOGGER = Logger.getLogger(DriverLoader.class.getName()); + private static final Logger LOGGER = LoggerFactory.getLogger(DriverLoader.class); /** * Private constructor for a utility class. @@ -87,20 +88,18 @@ public final class DriverLoader { try { urls.add(f.toURI().toURL()); } catch (MalformedURLException ex) { - final String msg = String.format("Unable to load database driver '%s'; invalid path provided '%s'", - className, f.getAbsoluteFile()); - LOGGER.log(Level.FINE, msg, ex); - throw new DriverLoadException(msg, ex); + LOGGER.debug("Unable to load database driver '{}'; invalid path provided '{}'", + className, f.getAbsoluteFile(), ex); + throw new DriverLoadException("Unable to load database driver. Invalid path provided", ex); } } } else if (file.exists()) { try { urls.add(file.toURI().toURL()); } catch (MalformedURLException ex) { - final String msg = String.format("Unable to load database driver '%s'; invalid path provided '%s'", - className, file.getAbsoluteFile()); - LOGGER.log(Level.FINE, msg, ex); - throw new DriverLoadException(msg, ex); + LOGGER.debug("Unable to load database driver '{}'; invalid path provided '{}'", + className, file.getAbsoluteFile(), ex); + throw new DriverLoadException("Unable to load database driver. Invalid path provided", ex); } } } @@ -133,19 +132,19 @@ public final class DriverLoader { return shim; } catch (ClassNotFoundException ex) { final String msg = String.format("Unable to load database driver '%s'", className); - LOGGER.log(Level.FINE, msg, ex); + LOGGER.debug(msg, ex); throw new DriverLoadException(msg, ex); } catch (InstantiationException ex) { final String msg = String.format("Unable to load database driver '%s'", className); - LOGGER.log(Level.FINE, msg, ex); + LOGGER.debug(msg, ex); throw new DriverLoadException(msg, ex); } catch (IllegalAccessException ex) { final String msg = String.format("Unable to load database driver '%s'", className); - LOGGER.log(Level.FINE, msg, ex); + LOGGER.debug(msg, ex); throw new DriverLoadException(msg, ex); } catch (SQLException ex) { final String msg = String.format("Unable to load database driver '%s'", className); - LOGGER.log(Level.FINE, msg, ex); + LOGGER.debug(msg, ex); throw new DriverLoadException(msg, ex); } } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/DriverShim.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/DriverShim.java index c2e6547b3..6744f6a80 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/DriverShim.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/DriverShim.java @@ -17,6 +17,9 @@ */ package org.owasp.dependencycheck.data.nvdcve; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; import java.sql.Connection; @@ -25,8 +28,6 @@ import java.sql.DriverPropertyInfo; import java.sql.SQLException; import java.sql.SQLFeatureNotSupportedException; import java.util.Properties; -import java.util.logging.Level; -import java.util.logging.Logger; /** *

@@ -42,7 +43,7 @@ class DriverShim implements Driver { /** * The logger. */ - private static final Logger LOGGER = Logger.getLogger(DriverShim.class.getName()); + private static final Logger LOGGER = LoggerFactory.getLogger(DriverShim.class); /** * The database driver being wrapped. */ @@ -115,7 +116,7 @@ class DriverShim implements Driver { * @see java.sql.Driver#getParentLogger() */ //@Override - public Logger getParentLogger() throws SQLFeatureNotSupportedException { + public java.util.logging.Logger getParentLogger() throws SQLFeatureNotSupportedException { //return driver.getParentLogger(); Method m = null; try { @@ -125,13 +126,13 @@ class DriverShim implements Driver { } if (m != null) { try { - return (Logger) m.invoke(m); + return (java.util.logging.Logger) m.invoke(m); } catch (IllegalAccessException ex) { - LOGGER.log(Level.FINER, null, ex); + LOGGER.trace("", ex); } catch (IllegalArgumentException ex) { - LOGGER.log(Level.FINER, null, ex); + LOGGER.trace("", ex); } catch (InvocationTargetException ex) { - LOGGER.log(Level.FINER, null, ex); + LOGGER.trace("", ex); } } throw new SQLFeatureNotSupportedException(); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/EngineVersionCheck.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/EngineVersionCheck.java index 26897e9eb..1c943d9ad 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/EngineVersionCheck.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/EngineVersionCheck.java @@ -22,8 +22,6 @@ import java.net.HttpURLConnection; import java.net.MalformedURLException; import java.net.URL; import java.util.Date; -import java.util.logging.Level; -import java.util.logging.Logger; import org.apache.commons.io.IOUtils; import org.owasp.dependencycheck.data.nvdcve.CveDB; import org.owasp.dependencycheck.data.nvdcve.DatabaseException; @@ -34,6 +32,8 @@ import org.owasp.dependencycheck.utils.DependencyVersion; import org.owasp.dependencycheck.utils.Settings; import org.owasp.dependencycheck.utils.URLConnectionFactory; import org.owasp.dependencycheck.utils.URLConnectionFailureException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * @@ -44,7 +44,7 @@ public class EngineVersionCheck implements CachedWebDataSource { /** * Static logger. */ - private static final Logger LOGGER = Logger.getLogger(EngineVersionCheck.class.getName()); + private static final Logger LOGGER = LoggerFactory.getLogger(EngineVersionCheck.class); /** * The property key indicating when the last version check occurred. */ @@ -85,23 +85,22 @@ public class EngineVersionCheck implements CachedWebDataSource { public void update() throws UpdateException { try { openDatabase(); - LOGGER.fine("Begin Engine Version Check"); + LOGGER.debug("Begin Engine Version Check"); final DatabaseProperties properties = cveDB.getDatabaseProperties(); final long lastChecked = Long.parseLong(properties.getProperty(ENGINE_VERSION_CHECKED_ON, "0")); final long now = (new Date()).getTime(); updateToVersion = properties.getProperty(CURRENT_ENGINE_RELEASE, ""); final String currentVersion = Settings.getString(Settings.KEYS.APPLICATION_VERSION, "0.0.0"); - LOGGER.fine("Last checked: " + lastChecked); - LOGGER.fine("Now: " + now); - LOGGER.fine("Current version: " + currentVersion); + LOGGER.debug("Last checked: {}", lastChecked); + LOGGER.debug("Now: {}", now); + LOGGER.debug("Current version: {}", currentVersion); final boolean updateNeeded = shouldUpdate(lastChecked, now, properties, currentVersion); if (updateNeeded) { - final String msg = String.format("A new version of dependency-check is available. Consider updating to version %s.", - updateToVersion); - LOGGER.warning(msg); + LOGGER.warn("A new version of dependency-check is available. Consider updating to version {}.", + updateToVersion); } } catch (DatabaseException ex) { - LOGGER.log(Level.FINE, "Database Exception opening databases to retrieve properties", ex); + LOGGER.debug("Database Exception opening databases to retrieve properties", ex); throw new UpdateException("Error occured updating database properties."); } finally { closeDatabase(); @@ -127,7 +126,7 @@ public class EngineVersionCheck implements CachedWebDataSource { checkRange = 7; } if (!DateUtil.withinDateRange(lastChecked, now, checkRange)) { - LOGGER.fine("Checking web for new version."); + LOGGER.debug("Checking web for new version."); final String currentRelease = getCurrentReleaseVersion(); if (currentRelease != null) { final DependencyVersion v = new DependencyVersion(currentRelease); @@ -141,15 +140,15 @@ public class EngineVersionCheck implements CachedWebDataSource { properties.save(ENGINE_VERSION_CHECKED_ON, Long.toString(now)); } } - LOGGER.log(Level.FINE, "Current Release: {0}", updateToVersion); + LOGGER.debug("Current Release: {}", updateToVersion); } final DependencyVersion running = new DependencyVersion(currentVersion); final DependencyVersion released = new DependencyVersion(updateToVersion); if (running.compareTo(released) < 0) { - LOGGER.fine("Upgrade recommended"); + LOGGER.debug("Upgrade recommended"); return true; } - LOGGER.fine("Upgrade not needed"); + LOGGER.debug("Upgrade not needed"); return false; } @@ -174,7 +173,7 @@ public class EngineVersionCheck implements CachedWebDataSource { try { cveDB.close(); } catch (Throwable ignore) { - LOGGER.log(Level.FINEST, "Error closing the cveDB", ignore); + LOGGER.trace("Error closing the cveDB", ignore); } } } @@ -199,11 +198,11 @@ public class EngineVersionCheck implements CachedWebDataSource { return releaseVersion.trim(); } } catch (MalformedURLException ex) { - LOGGER.log(Level.FINE, "unable to retrieve current release version of dependency-check", ex); + LOGGER.debug("unable to retrieve current release version of dependency-check", ex); } catch (URLConnectionFailureException ex) { - LOGGER.log(Level.FINE, "unable to retrieve current release version of dependency-check", ex); + LOGGER.debug("unable to retrieve current release version of dependency-check", ex); } catch (IOException ex) { - LOGGER.log(Level.FINE, "unable to retrieve current release version of dependency-check", ex); + LOGGER.debug("unable to retrieve current release version of dependency-check", ex); } finally { if (conn != null) { conn.disconnect(); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java index 2a26852d5..a6b602fd8 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java @@ -18,11 +18,11 @@ package org.owasp.dependencycheck.data.update; import java.net.MalformedURLException; -import java.util.logging.Level; -import java.util.logging.Logger; import org.owasp.dependencycheck.data.update.exception.UpdateException; import org.owasp.dependencycheck.utils.DownloadFailedException; import org.owasp.dependencycheck.utils.Settings; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * Class responsible for updating the NVD CVE and CPE data stores. @@ -34,7 +34,7 @@ public class NvdCveUpdater implements CachedWebDataSource { /** * The logger */ - private static final Logger LOGGER = Logger.getLogger(NvdCveUpdater.class.getName()); + private static final Logger LOGGER = LoggerFactory.getLogger(NvdCveUpdater.class); /** *

@@ -50,17 +50,17 @@ public class NvdCveUpdater implements CachedWebDataSource { task.update(); } } catch (MalformedURLException ex) { - LOGGER.log(Level.WARNING, + LOGGER.warn( "NVD CVE properties files contain an invalid URL, unable to update the data to use the most current data."); - LOGGER.log(Level.FINE, null, ex); + LOGGER.debug("", ex); } catch (DownloadFailedException ex) { - LOGGER.log(Level.WARNING, + LOGGER.warn( "Unable to download the NVD CVE data; the results may not include the most recent CPE/CVEs from the NVD."); if (Settings.getString(Settings.KEYS.PROXY_SERVER) == null) { - LOGGER.log(Level.INFO, + LOGGER.info( "If you are behind a proxy you may need to configure dependency-check to use the proxy."); } - LOGGER.log(Level.FINE, null, ex); + LOGGER.debug("", ex); } } } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/StandardUpdate.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/StandardUpdate.java index 5755e344a..dc5016c21 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/StandardUpdate.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/StandardUpdate.java @@ -26,8 +26,6 @@ import java.util.concurrent.ExecutionException; import java.util.concurrent.ExecutorService; import java.util.concurrent.Executors; import java.util.concurrent.Future; -import java.util.logging.Level; -import java.util.logging.Logger; import org.owasp.dependencycheck.data.nvdcve.CveDB; import org.owasp.dependencycheck.data.nvdcve.DatabaseException; import org.owasp.dependencycheck.data.nvdcve.DatabaseProperties; @@ -40,6 +38,8 @@ import org.owasp.dependencycheck.utils.DateUtil; import org.owasp.dependencycheck.utils.DownloadFailedException; import org.owasp.dependencycheck.utils.InvalidSettingException; import org.owasp.dependencycheck.utils.Settings; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * Class responsible for updating the NVDCVE data store. @@ -51,7 +51,7 @@ public class StandardUpdate { /** * Static logger. */ - private static final Logger LOGGER = Logger.getLogger(StandardUpdate.class.getName()); + private static final Logger LOGGER = LoggerFactory.getLogger(StandardUpdate.class); /** * The max thread pool size to use when downloading files. */ @@ -109,7 +109,7 @@ public class StandardUpdate { return; } if (maxUpdates > 3) { - LOGGER.log(Level.INFO, + LOGGER.info( "NVD CVE requires several updates; this could take a couple of minutes."); } if (maxUpdates > 0) { @@ -139,19 +139,19 @@ public class StandardUpdate { downloadExecutors.shutdownNow(); processExecutor.shutdownNow(); - LOGGER.log(Level.FINE, "Thread was interrupted during download", ex); + LOGGER.debug("Thread was interrupted during download", ex); throw new UpdateException("The download was interrupted", ex); } catch (ExecutionException ex) { downloadExecutors.shutdownNow(); processExecutor.shutdownNow(); - LOGGER.log(Level.FINE, "Thread was interrupted during download execution", ex); + LOGGER.debug("Thread was interrupted during download execution", ex); throw new UpdateException("The execution of the download was interrupted", ex); } if (task == null) { downloadExecutors.shutdownNow(); processExecutor.shutdownNow(); - LOGGER.log(Level.FINE, "Thread was interrupted during download"); + LOGGER.debug("Thread was interrupted during download"); throw new UpdateException("The download was interrupted; unable to complete the update"); } else { processFutures.add(task); @@ -166,11 +166,11 @@ public class StandardUpdate { } } catch (InterruptedException ex) { processExecutor.shutdownNow(); - LOGGER.log(Level.FINE, "Thread was interrupted during processing", ex); + LOGGER.debug("Thread was interrupted during processing", ex); throw new UpdateException(ex); } catch (ExecutionException ex) { processExecutor.shutdownNow(); - LOGGER.log(Level.FINE, "Execution Exception during process", ex); + LOGGER.debug("Execution Exception during process", ex); throw new UpdateException(ex); } finally { processExecutor.shutdown(); @@ -179,9 +179,9 @@ public class StandardUpdate { if (maxUpdates >= 1) { //ensure the modified file date gets written (we may not have actually updated it) properties.save(updateable.get(MODIFIED)); - LOGGER.log(Level.INFO, "Begin database maintenance."); + LOGGER.info("Begin database maintenance."); cveDB.cleanupDatabase(); - LOGGER.log(Level.INFO, "End database maintenance."); + LOGGER.info("End database maintenance."); } } finally { closeDataStores(); @@ -204,10 +204,10 @@ public class StandardUpdate { updates = retrieveCurrentTimestampsFromWeb(); } catch (InvalidDataException ex) { final String msg = "Unable to retrieve valid timestamp from nvd cve downloads page"; - LOGGER.log(Level.FINE, msg, ex); + LOGGER.debug(msg, ex); throw new DownloadFailedException(msg, ex); } catch (InvalidSettingException ex) { - LOGGER.log(Level.FINE, "Invalid setting found when retrieving timestamps", ex); + LOGGER.debug("Invalid setting found when retrieving timestamps", ex); throw new DownloadFailedException("Invalid settings", ex); } @@ -238,9 +238,8 @@ public class StandardUpdate { try { currentTimestamp = Long.parseLong(properties.getProperty(DatabaseProperties.LAST_UPDATED_BASE + entry.getId(), "0")); } catch (NumberFormatException ex) { - final String msg = String.format("Error parsing '%s' '%s' from nvdcve.lastupdated", - DatabaseProperties.LAST_UPDATED_BASE, entry.getId()); - LOGGER.log(Level.FINE, msg, ex); + LOGGER.debug("Error parsing '{}' '{}' from nvdcve.lastupdated", + DatabaseProperties.LAST_UPDATED_BASE, entry.getId(), ex); } if (currentTimestamp == entry.getTimestamp()) { entry.setNeedsUpdate(false); @@ -249,9 +248,8 @@ public class StandardUpdate { } } } catch (NumberFormatException ex) { - final String msg = "An invalid schema version or timestamp exists in the data.properties file."; - LOGGER.log(Level.WARNING, msg); - LOGGER.log(Level.FINE, "", ex); + LOGGER.warn("An invalid schema version or timestamp exists in the data.properties file."); + LOGGER.debug( "", ex); } } return updates; @@ -295,7 +293,7 @@ public class StandardUpdate { try { cveDB.close(); } catch (Throwable ignore) { - LOGGER.log(Level.FINEST, "Error closing the cveDB", ignore); + LOGGER.trace("Error closing the cveDB", ignore); } } } @@ -314,7 +312,7 @@ public class StandardUpdate { cveDB.open(); } catch (DatabaseException ex) { closeDataStores(); - LOGGER.log(Level.FINE, "Database Exception opening databases", ex); + LOGGER.debug("Database Exception opening databases", ex); throw new UpdateException("Error updating the CPE/CVE data, please see the log file for more details."); } } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/task/DownloadTask.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/task/DownloadTask.java index 4bba0323c..3365c179b 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/task/DownloadTask.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/task/DownloadTask.java @@ -26,8 +26,6 @@ import java.net.URL; import java.util.concurrent.Callable; import java.util.concurrent.ExecutorService; import java.util.concurrent.Future; -import java.util.logging.Level; -import java.util.logging.Logger; import java.util.zip.GZIPInputStream; import org.apache.commons.io.FileUtils; import org.owasp.dependencycheck.data.nvdcve.CveDB; @@ -36,6 +34,8 @@ import org.owasp.dependencycheck.data.update.exception.UpdateException; import org.owasp.dependencycheck.utils.DownloadFailedException; import org.owasp.dependencycheck.utils.Downloader; import org.owasp.dependencycheck.utils.Settings; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * A callable object to download two files. @@ -47,7 +47,7 @@ public class DownloadTask implements Callable> { /** * The Logger. */ - private static final Logger LOGGER = Logger.getLogger(DownloadTask.class.getName()); + private static final Logger LOGGER = LoggerFactory.getLogger(DownloadTask.class); /** * Simple constructor for the callable download task. @@ -185,19 +185,17 @@ public class DownloadTask implements Callable> { Settings.setInstance(settings); final URL url1 = new URL(nvdCveInfo.getUrl()); final URL url2 = new URL(nvdCveInfo.getOldSchemaVersionUrl()); - String msg = String.format("Download Started for NVD CVE - %s", nvdCveInfo.getId()); - LOGGER.log(Level.INFO, msg); + LOGGER.info("Download Started for NVD CVE - {}", nvdCveInfo.getId()); try { Downloader.fetchFile(url1, first); Downloader.fetchFile(url2, second); } catch (DownloadFailedException ex) { - msg = String.format("Download Failed for NVD CVE - %s%nSome CVEs may not be reported.", nvdCveInfo.getId()); - LOGGER.log(Level.WARNING, msg); + LOGGER.warn("Download Failed for NVD CVE - {}\nSome CVEs may not be reported.", nvdCveInfo.getId()); if (Settings.getString(Settings.KEYS.PROXY_SERVER) == null) { - LOGGER.log(Level.INFO, + LOGGER.info( "If you are behind a proxy you may need to configure dependency-check to use the proxy."); } - LOGGER.log(Level.FINE, null, ex); + LOGGER.debug("", ex); return null; } if (url1.toExternalForm().endsWith(".xml.gz")) { @@ -207,8 +205,7 @@ public class DownloadTask implements Callable> { extractGzip(second); } - msg = String.format("Download Complete for NVD CVE - %s", nvdCveInfo.getId()); - LOGGER.log(Level.INFO, msg); + LOGGER.info("Download Complete for NVD CVE - {}", nvdCveInfo.getId()); if (this.processorService == null) { return null; } @@ -216,9 +213,8 @@ public class DownloadTask implements Callable> { return this.processorService.submit(task); } catch (Throwable ex) { - final String msg = String.format("An exception occurred downloading NVD CVE - %s%nSome CVEs may not be reported.", nvdCveInfo.getId()); - LOGGER.log(Level.WARNING, msg); - LOGGER.log(Level.FINE, "Download Task Failed", ex); + LOGGER.warn("An exception occurred downloading NVD CVE - {}\nSome CVEs may not be reported.", nvdCveInfo.getId()); + LOGGER.debug("Download Task Failed", ex); } finally { Settings.cleanup(false); } @@ -287,14 +283,14 @@ public class DownloadTask implements Callable> { try { cin.close(); } catch (IOException ex) { - LOGGER.log(Level.FINEST, "ignore", ex); + LOGGER.trace("ignore", ex); } } if (out != null) { try { out.close(); } catch (IOException ex) { - LOGGER.log(Level.FINEST, "ignore", ex); + LOGGER.trace("ignore", ex); } } if (gzip.isFile()) { diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/task/ProcessTask.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/task/ProcessTask.java index 36ab5938c..bb0583ad7 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/task/ProcessTask.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/task/ProcessTask.java @@ -24,8 +24,6 @@ import java.sql.SQLException; import java.util.List; import java.util.Map; import java.util.concurrent.Callable; -import java.util.logging.Level; -import java.util.logging.Logger; import javax.xml.parsers.ParserConfigurationException; import javax.xml.parsers.SAXParser; import javax.xml.parsers.SAXParserFactory; @@ -37,6 +35,8 @@ import org.owasp.dependencycheck.data.update.xml.NvdCve12Handler; import org.owasp.dependencycheck.data.update.xml.NvdCve20Handler; import org.owasp.dependencycheck.dependency.VulnerableSoftware; import org.owasp.dependencycheck.utils.Settings; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.xml.sax.SAXException; /** @@ -49,7 +49,7 @@ public class ProcessTask implements Callable { /** * The logger. */ - private static final Logger LOGGER = Logger.getLogger(ProcessTask.class.getName()); + private static final Logger LOGGER = LoggerFactory.getLogger(ProcessTask.class); /** * A field to store any update exceptions that occur during the "call". */ @@ -158,8 +158,7 @@ public class ProcessTask implements Callable { * @throws UpdateException thrown if there is an error loading the data into the database */ private void processFiles() throws UpdateException { - String msg = String.format("Processing Started for NVD CVE - %s", filePair.getNvdCveInfo().getId()); - LOGGER.log(Level.INFO, msg); + LOGGER.info("Processing Started for NVD CVE - {}", filePair.getNvdCveInfo().getId()); try { importXML(filePair.getFirst(), filePair.getSecond()); cveDB.commit(); @@ -181,7 +180,6 @@ public class ProcessTask implements Callable { } finally { filePair.cleanup(); } - msg = String.format("Processing Complete for NVD CVE - %s", filePair.getNvdCveInfo().getId()); - LOGGER.log(Level.INFO, msg); + LOGGER.info("Processing Complete for NVD CVE - {}", filePair.getNvdCveInfo().getId()); } } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/xml/NvdCve20Handler.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/xml/NvdCve20Handler.java index 1b1c993af..1ecabd763 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/xml/NvdCve20Handler.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/xml/NvdCve20Handler.java @@ -20,14 +20,14 @@ package org.owasp.dependencycheck.data.update.xml; import java.io.IOException; import java.util.List; import java.util.Map; -import java.util.logging.Level; -import java.util.logging.Logger; import org.apache.lucene.index.CorruptIndexException; import org.owasp.dependencycheck.data.nvdcve.CveDB; import org.owasp.dependencycheck.data.nvdcve.DatabaseException; import org.owasp.dependencycheck.dependency.Reference; import org.owasp.dependencycheck.dependency.Vulnerability; import org.owasp.dependencycheck.dependency.VulnerableSoftware; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.xml.sax.Attributes; import org.xml.sax.SAXException; import org.xml.sax.SAXNotSupportedException; @@ -43,7 +43,7 @@ public class NvdCve20Handler extends DefaultHandler { /** * The logger. */ - private static final Logger LOGGER = Logger.getLogger(NvdCve20Handler.class.getName()); + private static final Logger LOGGER = LoggerFactory.getLogger(NvdCve20Handler.class); /** * the current supported schema version. */ @@ -172,8 +172,8 @@ public class NvdCve20Handler extends DefaultHandler { final float score = Float.parseFloat(nodeText.toString()); vulnerability.setCvssScore(score); } catch (NumberFormatException ex) { - LOGGER.log(Level.SEVERE, "Error parsing CVSS Score."); - LOGGER.log(Level.FINE, null, ex); + LOGGER.error("Error parsing CVSS Score."); + LOGGER.debug("", ex); } nodeText = null; } else if (current.isCVSSAccessVectorNode()) { diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java index 52382a810..d72d8f149 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java @@ -27,11 +27,11 @@ import java.util.List; import java.util.Set; import java.util.SortedSet; import java.util.TreeSet; -import java.util.logging.Level; -import java.util.logging.Logger; import org.owasp.dependencycheck.data.nexus.MavenArtifact; import org.owasp.dependencycheck.utils.Checksum; import org.owasp.dependencycheck.utils.FileUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * A program dependency. This object is one of the core components within DependencyCheck. It is used to collect information about @@ -45,7 +45,7 @@ public class Dependency implements Serializable, Comparable { /** * The logger. */ - private static final Logger LOGGER = Logger.getLogger(Dependency.class.getName()); + private static final Logger LOGGER = LoggerFactory.getLogger(Dependency.class); /** * The actual file path of the dependency on disk. */ @@ -345,12 +345,12 @@ public class Dependency implements Serializable, Comparable { final String url = "http://search.maven.org/#search|ga|1|1%3A%22" + this.getSha1sum() + "%22"; i.setUrl(url); //i.setUrl(mavenArtifact.getArtifactUrl()); - LOGGER.fine(String.format("Already found identifier %s. Confidence set to highest", i.getValue())); + LOGGER.debug("Already found identifier {}. Confidence set to highest", i.getValue()); break; } } if (!found) { - LOGGER.fine(String.format("Adding new maven identifier %s", mavenArtifact.toString())); + LOGGER.debug("Adding new maven identifier {}", mavenArtifact.toString()); this.addIdentifier("maven", mavenArtifact.toString(), mavenArtifact.getArtifactUrl(), Confidence.HIGHEST); } } @@ -564,13 +564,11 @@ public class Dependency implements Serializable, Comparable { md5 = Checksum.getMD5Checksum(file); sha1 = Checksum.getSHA1Checksum(file); } catch (IOException ex) { - final String msg = String.format("Unable to read '%s' to determine hashes.", file.getName()); - LOGGER.log(Level.WARNING, msg); - LOGGER.log(Level.FINE, null, ex); + LOGGER.warn("Unable to read '{}' to determine hashes.", file.getName()); + LOGGER.debug("", ex); } catch (NoSuchAlgorithmException ex) { - final String msg = "Unable to use MD5 of SHA1 checksums."; - LOGGER.log(Level.WARNING, msg); - LOGGER.log(Level.FINE, null, ex); + LOGGER.warn("Unable to use MD5 of SHA1 checksums."); + LOGGER.debug("", ex); } this.setMd5sum(md5); this.setSha1sum(sha1); @@ -656,10 +654,10 @@ public class Dependency implements Serializable, Comparable { */ public void addRelatedDependency(Dependency dependency) { if (this == dependency) { - LOGGER.warning("Attempted to add a circular reference - please post the log file to issue #172 here " + LOGGER.warn("Attempted to add a circular reference - please post the log file to issue #172 here " + "https://github.com/jeremylong/DependencyCheck/issues/172 "); - LOGGER.log(Level.FINE, "this: {0}", this.toString()); - LOGGER.log(Level.FINE, "dependency: {0}", dependency.toString()); + LOGGER.debug("this: {}", this); + LOGGER.debug("dependency: {}", dependency); } else { relatedDependencies.add(dependency); } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/EvidenceCollection.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/EvidenceCollection.java index b62a73782..edfd300e4 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/EvidenceCollection.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/EvidenceCollection.java @@ -24,13 +24,13 @@ import java.util.Iterator; import java.util.List; import java.util.Set; import java.util.TreeSet; -import java.util.logging.Level; -import java.util.logging.Logger; import org.apache.commons.lang.StringUtils; import org.owasp.dependencycheck.utils.DependencyVersion; import org.owasp.dependencycheck.utils.DependencyVersionUtil; import org.owasp.dependencycheck.utils.Filter; import org.owasp.dependencycheck.utils.UrlStringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * Used to maintain a collection of Evidence. @@ -42,7 +42,7 @@ public class EvidenceCollection implements Serializable, Iterable { /** * The logger. */ - private static final Logger LOGGER = Logger.getLogger(EvidenceCollection.class.getName()); + private static final Logger LOGGER = LoggerFactory.getLogger(EvidenceCollection.class); /** * Used to iterate over highest confidence evidence contained in the collection. */ @@ -385,7 +385,7 @@ public class EvidenceCollection implements Serializable, Iterable { final List data = UrlStringUtils.extractImportantUrlData(part); sb.append(' ').append(StringUtils.join(data, ' ')); } catch (MalformedURLException ex) { - LOGGER.log(Level.FINE, "error parsing " + part, ex); + LOGGER.debug("error parsing {}", part, ex); sb.append(' ').append(part); } } else { diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java index 83fb20e08..3c73cf619 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java @@ -20,9 +20,9 @@ package org.owasp.dependencycheck.dependency; import java.io.Serializable; import java.io.UnsupportedEncodingException; import java.net.URLDecoder; -import java.util.logging.Level; -import java.util.logging.Logger; import org.owasp.dependencycheck.data.cpe.IndexEntry; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * A record containing information about vulnerable software. This is referenced from a vulnerability. @@ -34,7 +34,7 @@ public class VulnerableSoftware extends IndexEntry implements Serializable, Comp /** * The logger. */ - private static final Logger LOGGER = Logger.getLogger(VulnerableSoftware.class.getName()); + private static final Logger LOGGER = LoggerFactory.getLogger(VulnerableSoftware.class); /** * The serial version UID. */ @@ -49,9 +49,8 @@ public class VulnerableSoftware extends IndexEntry implements Serializable, Comp try { parseName(cpe); } catch (UnsupportedEncodingException ex) { - final String msg = String.format("Character encoding is unsupported for CPE '%s'.", cpe); - LOGGER.log(Level.WARNING, msg); - LOGGER.log(Level.FINE, null, ex); + LOGGER.warn("Character encoding is unsupported for CPE '{}'.", cpe); + LOGGER.debug("", ex); setName(cpe); } } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/EscapeTool.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/EscapeTool.java index 8427c2ed9..cf955bc27 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/EscapeTool.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/EscapeTool.java @@ -19,9 +19,9 @@ package org.owasp.dependencycheck.reporting; import java.io.UnsupportedEncodingException; import java.net.URLEncoder; -import java.util.logging.Level; -import java.util.logging.Logger; import org.apache.commons.lang.StringEscapeUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * An extremely simple wrapper around various escape utils to perform URL and HTML encoding within the reports. This @@ -34,7 +34,7 @@ public class EscapeTool { /** * The logger. */ - private static final Logger LOGGER = Logger.getLogger(EscapeTool.class.getName()); + private static final Logger LOGGER = LoggerFactory.getLogger(EscapeTool.class); /** * URL Encodes the provided text. @@ -46,8 +46,8 @@ public class EscapeTool { try { return URLEncoder.encode(text, "UTF-8"); } catch (UnsupportedEncodingException ex) { - LOGGER.log(Level.WARNING, "UTF-8 is not supported?"); - LOGGER.log(Level.INFO, null, ex); + LOGGER.warn("UTF-8 is not supported?"); + LOGGER.info("", ex); } return ""; } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/ReportGenerator.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/ReportGenerator.java index 443db4ce5..b47f9a8b9 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/ReportGenerator.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/ReportGenerator.java @@ -30,8 +30,6 @@ import java.text.DateFormat; import java.text.SimpleDateFormat; import java.util.Date; import java.util.List; -import java.util.logging.Level; -import java.util.logging.Logger; import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; import org.apache.velocity.context.Context; @@ -40,6 +38,8 @@ import org.owasp.dependencycheck.analyzer.Analyzer; import org.owasp.dependencycheck.data.nvdcve.DatabaseProperties; import org.owasp.dependencycheck.dependency.Dependency; import org.owasp.dependencycheck.utils.Settings; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * The ReportGenerator is used to, as the name implies, generate reports. Internally the generator uses the Velocity @@ -52,7 +52,7 @@ public class ReportGenerator { /** * The logger. */ - private static final Logger LOGGER = Logger.getLogger(ReportGenerator.class.getName()); + private static final Logger LOGGER = LoggerFactory.getLogger(ReportGenerator.class); /** * An enumeration of the report formats. @@ -235,9 +235,8 @@ public class ReportGenerator { templatePath = templateName; input = new FileInputStream(f); } catch (FileNotFoundException ex) { - final String msg = "Unable to generate the report, the report template file could not be found."; - LOGGER.log(Level.SEVERE, msg); - LOGGER.log(Level.FINE, null, ex); + LOGGER.error("Unable to generate the report, the report template file could not be found."); + LOGGER.debug("", ex); } } else { templatePath = "templates/" + templateName + ".vsl"; @@ -262,20 +261,20 @@ public class ReportGenerator { try { writer.close(); } catch (IOException ex) { - LOGGER.log(Level.FINEST, null, ex); + LOGGER.trace("", ex); } } if (outputStream != null) { try { outputStream.close(); } catch (IOException ex) { - LOGGER.log(Level.FINEST, null, ex); + LOGGER.trace("", ex); } } try { reader.close(); } catch (IOException ex) { - LOGGER.log(Level.FINEST, null, ex); + LOGGER.trace("", ex); } } } @@ -311,7 +310,7 @@ public class ReportGenerator { try { outputSteam.close(); } catch (IOException ex) { - LOGGER.log(Level.FINEST, "ignore", ex); + LOGGER.trace("ignore", ex); } } } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/VelocityLoggerRedirect.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/VelocityLoggerRedirect.java index b9f5cb074..f846b29c8 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/VelocityLoggerRedirect.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/VelocityLoggerRedirect.java @@ -17,14 +17,14 @@ */ package org.owasp.dependencycheck.reporting; -import java.util.logging.Level; -import java.util.logging.Logger; import org.apache.velocity.runtime.RuntimeServices; import org.apache.velocity.runtime.log.LogChute; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** *

- * DependencyCheck uses {@link java.util.logging.Logger} as a logging framework, and Apache Velocity uses a custom + * DependencyCheck uses {@link org.slf4j.Logger} as a logging framework, and Apache Velocity uses a custom * logging implementation that outputs to a file named velocity.log by default. This class is an implementation of a * custom Velocity logger that redirects all velocity logging to the Java Logger class. *

@@ -39,7 +39,7 @@ public class VelocityLoggerRedirect implements LogChute { /** * The Logger. */ - private static final Logger LOGGER = Logger.getLogger(VelocityLoggerRedirect.class.getName()); + private static final Logger LOGGER = LoggerFactory.getLogger(VelocityLoggerRedirect.class); /** * This will be invoked once by the LogManager. @@ -58,7 +58,25 @@ public class VelocityLoggerRedirect implements LogChute { * @param message the message to be logged */ public void log(int level, String message) { - LOGGER.log(getLevel(level), message); + switch (level) { + case TRACE_ID: + LOGGER.trace(message); + break; + case DEBUG_ID: + LOGGER.debug(message); + break; + case INFO_ID: + LOGGER.info(message); + break; + case WARN_ID: + LOGGER.warn(message); + break; + case ERROR_ID: + LOGGER.error(message); + break; + default: + LOGGER.info(message); + } } /** @@ -70,7 +88,25 @@ public class VelocityLoggerRedirect implements LogChute { * @param t a throwable to log */ public void log(int level, String message, Throwable t) { - LOGGER.log(getLevel(level), message, t); + switch (level) { + case TRACE_ID: + LOGGER.trace(message, t); + break; + case DEBUG_ID: + LOGGER.debug(message, t); + break; + case INFO_ID: + LOGGER.info(message, t); + break; + case WARN_ID: + LOGGER.warn(message, t); + break; + case ERROR_ID: + LOGGER.error(message, t); + break; + default: + LOGGER.info(message, t); + } } /** @@ -82,27 +118,4 @@ public class VelocityLoggerRedirect implements LogChute { public boolean isLevelEnabled(int level) { return true; } - - /** - * Maps Velocity log levels to {@link Logger} values. - * - * @param velocityLevel the logging level - * @return the logging level - */ - private Level getLevel(int velocityLevel) { - switch (velocityLevel) { - case TRACE_ID: - return Level.ALL; - case DEBUG_ID: - return Level.FINE; - case INFO_ID: - return Level.INFO; - case WARN_ID: - return Level.WARNING; - case ERROR_ID: - return Level.SEVERE; - default: - return Level.INFO; - } - } } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/suppression/SuppressionErrorHandler.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/suppression/SuppressionErrorHandler.java index 6cbf9a4b8..5d8b8733a 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/suppression/SuppressionErrorHandler.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/suppression/SuppressionErrorHandler.java @@ -17,8 +17,8 @@ */ package org.owasp.dependencycheck.suppression; -import java.util.logging.Level; -import java.util.logging.Logger; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.xml.sax.ErrorHandler; import org.xml.sax.SAXException; import org.xml.sax.SAXParseException; @@ -33,7 +33,7 @@ public class SuppressionErrorHandler implements ErrorHandler { /** * The logger. */ - private static final Logger LOGGER = Logger.getLogger(SuppressionErrorHandler.class.getName()); + private static final Logger LOGGER = LoggerFactory.getLogger(SuppressionErrorHandler.class); /** * Builds a prettier exception message. @@ -70,7 +70,7 @@ public class SuppressionErrorHandler implements ErrorHandler { */ @Override public void warning(SAXParseException ex) throws SAXException { - LOGGER.log(Level.FINE, null, ex); + LOGGER.debug("", ex); } /** diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/suppression/SuppressionParser.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/suppression/SuppressionParser.java index 9f7767b74..9b863c3d0 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/suppression/SuppressionParser.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/suppression/SuppressionParser.java @@ -25,11 +25,12 @@ import java.io.InputStream; import java.io.InputStreamReader; import java.io.Reader; import java.util.List; -import java.util.logging.Level; -import java.util.logging.Logger; import javax.xml.parsers.ParserConfigurationException; import javax.xml.parsers.SAXParser; import javax.xml.parsers.SAXParserFactory; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.xml.sax.InputSource; import org.xml.sax.SAXException; import org.xml.sax.XMLReader; @@ -44,7 +45,7 @@ public class SuppressionParser { /** * The logger. */ - private static final Logger LOGGER = Logger.getLogger(SuppressionParser.class.getName()); + private static final Logger LOGGER = LoggerFactory.getLogger(SuppressionParser.class); /** * JAXP Schema Language. Source: http://docs.oracle.com/javase/tutorial/jaxp/sax/validation.html */ @@ -71,14 +72,14 @@ public class SuppressionParser { fis = new FileInputStream(file); return parseSuppressionRules(fis); } catch (IOException ex) { - LOGGER.log(Level.FINE, null, ex); + LOGGER.debug("", ex); throw new SuppressionParseException(ex); } finally { if (fis != null) { try { fis.close(); } catch (IOException ex) { - LOGGER.log(Level.FINE, "Unable to close stream", ex); + LOGGER.debug("Unable to close stream", ex); } } } @@ -113,16 +114,16 @@ public class SuppressionParser { return handler.getSuppressionRules(); } catch (ParserConfigurationException ex) { - LOGGER.log(Level.FINE, null, ex); + LOGGER.debug("", ex); throw new SuppressionParseException(ex); } catch (SAXException ex) { - LOGGER.log(Level.FINE, null, ex); + LOGGER.debug("", ex); throw new SuppressionParseException(ex); } catch (FileNotFoundException ex) { - LOGGER.log(Level.FINE, null, ex); + LOGGER.debug("", ex); throw new SuppressionParseException(ex); } catch (IOException ex) { - LOGGER.log(Level.FINE, null, ex); + LOGGER.debug("", ex); throw new SuppressionParseException(ex); } } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/DBUtils.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/DBUtils.java index 8b99e0dfe..c27c4b7d4 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/DBUtils.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/DBUtils.java @@ -21,9 +21,9 @@ import java.sql.PreparedStatement; import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Statement; -import java.util.logging.Level; -import java.util.logging.Logger; import org.owasp.dependencycheck.data.nvdcve.DatabaseException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * @@ -34,7 +34,7 @@ public final class DBUtils { /** * The logger. */ - private static final Logger LOGGER = Logger.getLogger(DBUtils.class.getName()); + private static final Logger LOGGER = LoggerFactory.getLogger(DBUtils.class); /** * Private constructor for a utility class. @@ -76,7 +76,7 @@ public final class DBUtils { try { statement.close(); } catch (SQLException ex) { - LOGGER.log(Level.FINEST, statement.toString(), ex); + LOGGER.trace(statement.toString(), ex); } } } @@ -91,7 +91,7 @@ public final class DBUtils { try { rs.close(); } catch (SQLException ex) { - LOGGER.log(Level.FINEST, rs.toString(), ex); + LOGGER.trace(rs.toString(), ex); } } } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/DCResources.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/DCResources.java new file mode 100644 index 000000000..2d3327429 --- /dev/null +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/DCResources.java @@ -0,0 +1,26 @@ +package org.owasp.dependencycheck.utils; + +import ch.qos.cal10n.BaseName; +import ch.qos.cal10n.Locale; +import ch.qos.cal10n.LocaleData; + +/** + * Created by colezlaw on 6/13/15. + */ +@BaseName("dependencycheck-resources") +@LocaleData(defaultCharset = "UTF-8", + value = { + @Locale("en") + } +) +public enum DCResources { + NOTDEPLOYED, + GROKERROR, + NOTASSEMBLY, + GROKRC, + GROKDEPLOYED, + GROKNOTDEPLOYED, + GROKINITFAIL, + GROKINITMSG, + GROKNOTDELETED +} diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java index 13e23fa0a..a39f01cd5 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java @@ -29,8 +29,6 @@ import java.io.FileOutputStream; import java.io.FilenameFilter; import java.io.IOException; import java.io.InputStream; -import java.util.logging.Level; -import java.util.logging.Logger; import java.util.zip.ZipEntry; import java.util.zip.ZipInputStream; @@ -40,6 +38,8 @@ import org.apache.commons.compress.archivers.zip.ZipArchiveInputStream; import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.analyzer.exception.AnalysisException; import org.owasp.dependencycheck.analyzer.exception.ArchiveExtractionException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * Set of utilities to extract files from archives. @@ -51,7 +51,7 @@ public final class ExtractionUtil { /** * The logger. */ - private static final Logger LOGGER = Logger.getLogger(ExtractionUtil.class.getName()); + private static final Logger LOGGER = LoggerFactory.getLogger(ExtractionUtil.class); /** * The buffer size to use when extracting files from the archive. */ @@ -94,7 +94,7 @@ public final class ExtractionUtil { try { fis = new FileInputStream(archive); } catch (FileNotFoundException ex) { - LOGGER.log(Level.FINE, null, ex); + LOGGER.debug("", ex); throw new ExtractionException("Archive file was not found.", ex); } zis = new ZipInputStream(new BufferedInputStream(fis)); @@ -118,11 +118,11 @@ public final class ExtractionUtil { bos = new BufferedOutputStream(fos, BUFFER_SIZE); transferUsingBuffer(zis, bos); } catch (FileNotFoundException ex) { - LOGGER.log(Level.FINE, null, ex); + LOGGER.debug("", ex); final String msg = String.format("Unable to find file '%s'.", file.getName()); throw new ExtractionException(msg, ex); } catch (IOException ex) { - LOGGER.log(Level.FINE, null, ex); + LOGGER.debug("", ex); final String msg = String.format("IO Exception while parsing file '%s'.", file.getName()); throw new ExtractionException(msg, ex); } finally { @@ -133,7 +133,7 @@ public final class ExtractionUtil { } } catch (IOException ex) { final String msg = String.format("Exception reading archive '%s'.", archive.getName()); - LOGGER.log(Level.FINE, msg, ex); + LOGGER.debug("", ex); throw new ExtractionException(msg, ex); } finally { closeStream(zis); @@ -158,22 +158,20 @@ public final class ExtractionUtil { try { fis = new FileInputStream(archive); } catch (FileNotFoundException ex) { - LOGGER.log(Level.FINE, null, ex); + LOGGER.debug("", ex); throw new ExtractionException("Archive file was not found.", ex); } try { extractArchive(new ZipArchiveInputStream(new BufferedInputStream( fis)), destination, filter); } catch (ArchiveExtractionException ex) { - final String msg = String.format( - "Exception extracting archive '%s'.", archive.getName()); - LOGGER.log(Level.WARNING, msg); - LOGGER.log(Level.FINE, null, ex); + LOGGER.warn("Exception extracting archive '{}'.", archive.getName()); + LOGGER.debug("", ex); } finally { try { fis.close(); } catch (IOException ex) { - LOGGER.log(Level.FINE, null, ex); + LOGGER.debug("", ex); } } } @@ -228,9 +226,8 @@ public final class ExtractionUtil { FilenameFilter filter, ArchiveEntry entry) throws ExtractionException { final File file = new File(destination, entry.getName()); if (filter.accept(file.getParentFile(), file.getName())) { - final String extracting = String.format("Extracting '%s'", - file.getPath()); - LOGGER.fine(extracting); + LOGGER.debug("Extracting '{}'", + file.getPath()); BufferedOutputStream bos = null; FileOutputStream fos = null; try { @@ -239,12 +236,12 @@ public final class ExtractionUtil { bos = new BufferedOutputStream(fos, BUFFER_SIZE); transferUsingBuffer(input, bos); } catch (FileNotFoundException ex) { - LOGGER.log(Level.FINE, null, ex); + LOGGER.debug("", ex); final String msg = String.format("Unable to find file '%s'.", file.getName()); throw new ExtractionException(msg, ex); } catch (IOException ex) { - LOGGER.log(Level.FINE, null, ex); + LOGGER.debug("", ex); final String msg = String .format("IO Exception while parsing file '%s'.", file.getName()); @@ -283,7 +280,7 @@ public final class ExtractionUtil { try { stream.close(); } catch (IOException ex) { - LOGGER.log(Level.FINEST, null, ex); + LOGGER.trace("", ex); } } } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/pom/PomParser.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/pom/PomParser.java index 321a54b01..d17ff6b6c 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/pom/PomParser.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/pom/PomParser.java @@ -24,11 +24,12 @@ import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; import java.io.Reader; -import java.util.logging.Level; -import java.util.logging.Logger; import javax.xml.parsers.ParserConfigurationException; import javax.xml.parsers.SAXParser; import javax.xml.parsers.SAXParserFactory; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.xml.sax.InputSource; import org.xml.sax.SAXException; import org.xml.sax.XMLReader; @@ -43,7 +44,7 @@ public class PomParser { /** * The logger. */ - private static final Logger LOGGER = Logger.getLogger(PomParser.class.getName()); + private static final Logger LOGGER = LoggerFactory.getLogger(PomParser.class); /** * Parses the given xml file and returns a Model object containing only the fields dependency-check requires. @@ -58,14 +59,14 @@ public class PomParser { fis = new FileInputStream(file); return parse(fis); } catch (IOException ex) { - LOGGER.log(Level.FINE, null, ex); + LOGGER.debug("", ex); throw new PomParseException(ex); } finally { if (fis != null) { try { fis.close(); } catch (IOException ex) { - LOGGER.log(Level.FINE, "Unable to close stream", ex); + LOGGER.debug("Unable to close stream", ex); } } } @@ -96,16 +97,16 @@ public class PomParser { return handler.getModel(); } catch (ParserConfigurationException ex) { - LOGGER.log(Level.FINE, null, ex); + LOGGER.debug("", ex); throw new PomParseException(ex); } catch (SAXException ex) { - LOGGER.log(Level.FINE, null, ex); + LOGGER.debug("", ex); throw new PomParseException(ex); } catch (FileNotFoundException ex) { - LOGGER.log(Level.FINE, null, ex); + LOGGER.debug("", ex); throw new PomParseException(ex); } catch (IOException ex) { - LOGGER.log(Level.FINE, null, ex); + LOGGER.debug("", ex); throw new PomParseException(ex); } } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/pom/PomUtils.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/pom/PomUtils.java index 8ee3f2980..60122969a 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/pom/PomUtils.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/pom/PomUtils.java @@ -20,12 +20,12 @@ package org.owasp.dependencycheck.xml.pom; import java.io.File; import java.io.IOException; import java.util.jar.JarFile; -import java.util.logging.Level; -import java.util.logging.Logger; import java.util.zip.ZipEntry; import org.owasp.dependencycheck.analyzer.JarAnalyzer; import org.owasp.dependencycheck.analyzer.exception.AnalysisException; import org.owasp.dependencycheck.dependency.Dependency; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * @@ -41,7 +41,7 @@ public final class PomUtils { /** * The logger. */ - private static final Logger LOGGER = Logger.getLogger(PomUtils.class.getName()); + private static final Logger LOGGER = LoggerFactory.getLogger(PomUtils.class); /** * Reads in the specified POM and converts it to a Model. @@ -57,19 +57,16 @@ public final class PomUtils { final PomParser parser = new PomParser(); model = parser.parse(file); } catch (PomParseException ex) { - final String msg = String.format("Unable to parse pom '%s'", file.getPath()); - LOGGER.log(Level.WARNING, msg); - LOGGER.log(Level.FINE, "", ex); + LOGGER.warn("Unable to parse pom '{}'", file.getPath()); + LOGGER.debug("", ex); throw new AnalysisException(ex); } catch (IOException ex) { - final String msg = String.format("Unable to parse pom '%s'(IO Exception)", file.getPath()); - LOGGER.log(Level.WARNING, msg); - LOGGER.log(Level.FINE, "", ex); + LOGGER.warn("Unable to parse pom '{}'(IO Exception)", file.getPath()); + LOGGER.debug("", ex); throw new AnalysisException(ex); } catch (Throwable ex) { - final String msg = String.format("Unexpected error during parsing of the pom '%s'", file.getPath()); - LOGGER.log(Level.WARNING, msg); - LOGGER.log(Level.FINE, "", ex); + LOGGER.warn("Unexpected error during parsing of the pom '{}'", file.getPath()); + LOGGER.debug("", ex); throw new AnalysisException(ex); } return model; @@ -91,21 +88,18 @@ public final class PomUtils { try { final PomParser parser = new PomParser(); model = parser.parse(jar.getInputStream(entry)); - LOGGER.fine(String.format("Read POM %s", path)); + LOGGER.debug("Read POM {}", path); } catch (SecurityException ex) { - final String msg = String.format("Unable to parse pom '%s' in jar '%s'; invalid signature", path, jar.getName()); - LOGGER.log(Level.WARNING, msg); - LOGGER.log(Level.FINE, null, ex); + LOGGER.warn("Unable to parse pom '{}' in jar '{}'; invalid signature", path, jar.getName()); + LOGGER.debug("", ex); throw new AnalysisException(ex); } catch (IOException ex) { - final String msg = String.format("Unable to parse pom '%s' in jar '%s' (IO Exception)", path, jar.getName()); - LOGGER.log(Level.WARNING, msg); - LOGGER.log(Level.FINE, "", ex); + LOGGER.warn("Unable to parse pom '{}' in jar '{}' (IO Exception)", path, jar.getName()); + LOGGER.debug("", ex); throw new AnalysisException(ex); } catch (Throwable ex) { - final String msg = String.format("Unexpected error during parsing of the pom '%s' in jar '%s'", path, jar.getName()); - LOGGER.log(Level.WARNING, msg); - LOGGER.log(Level.FINE, "", ex); + LOGGER.warn("Unexpected error during parsing of the pom '{}' in jar '{}'", path, jar.getName()); + LOGGER.debug("", ex); throw new AnalysisException(ex); } } diff --git a/dependency-check-core/src/main/resources/dependencycheck-resources.properties b/dependency-check-core/src/main/resources/dependencycheck-resources.properties index b88bc2bca..92a38b666 100644 --- a/dependency-check-core/src/main/resources/dependencycheck-resources.properties +++ b/dependency-check-core/src/main/resources/dependencycheck-resources.properties @@ -1,10 +1,10 @@ -analyzer.AssemblyAnalyzer.notdeployed=GrokAssembly didn't get deployed -analyzer.AssemblyAnalyzer.grokassembly.stderr=Error from GrokAssembly: {0} -analyzer.AssemblyAnalyzer.notassembly={0} is not a .NET assembly or executable and as such cannot be analyzed by dependency-check -analyzer.AssemblyAnalyzer.grokassembly.rc=Return code {0} from GrokAssembly -analyzer.AssemblyAnalyzer.grokassembly.deployed=Extracted GrokAssembly.exe to {0} -analyzer.AssemblyAnalyzer.grokassembly.notdeployed=Could not extract GrokAssembly.exe: {0} -analyzer.AssemblyAnalyzer.grokassembly.initialization.failed=An error occurred with the .NET AssemblyAnalyzer; \ +NOTDEPLOYED=GrokAssembly didn't get deployed +GROKERROR=Error from GrokAssembly: {0} +NOTASSEMBLY={0} is not a .NET assembly or executable and as such cannot be analyzed by dependency-check +GROKRC=Return code {0} from GrokAssembly +GROKDEPLOYED=Extracted GrokAssembly.exe to {0} +GROKNOTDEPLOYED=Could not extract GrokAssembly.exe: {0} +GROKINITFAIL=An error occurred with the .NET AssemblyAnalyzer; \ this can be ignored unless you are scanning .NET DLLs. Please see the log for more details. -analyzer.AssemblyAnalyzer.grokassembly.initialization.message=Could not execute GrokAssembly {0} -analyzer.AssemblyAnalyzer.grokassembly.notdeleted=Can't delete temporary GrokAssembly.exe \ No newline at end of file +GROKINITMSG=Could not execute GrokAssembly {0} +GROKNOTDELETED=Can't delete temporary GrokAssembly.exe \ No newline at end of file diff --git a/dependency-check-core/src/main/resources/dependencycheck-resources_en.properties b/dependency-check-core/src/main/resources/dependencycheck-resources_en.properties new file mode 100644 index 000000000..92a38b666 --- /dev/null +++ b/dependency-check-core/src/main/resources/dependencycheck-resources_en.properties @@ -0,0 +1,10 @@ +NOTDEPLOYED=GrokAssembly didn't get deployed +GROKERROR=Error from GrokAssembly: {0} +NOTASSEMBLY={0} is not a .NET assembly or executable and as such cannot be analyzed by dependency-check +GROKRC=Return code {0} from GrokAssembly +GROKDEPLOYED=Extracted GrokAssembly.exe to {0} +GROKNOTDEPLOYED=Could not extract GrokAssembly.exe: {0} +GROKINITFAIL=An error occurred with the .NET AssemblyAnalyzer; \ + this can be ignored unless you are scanning .NET DLLs. Please see the log for more details. +GROKINITMSG=Could not execute GrokAssembly {0} +GROKNOTDELETED=Can't delete temporary GrokAssembly.exe \ No newline at end of file diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AbstractSuppressionAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AbstractSuppressionAnalyzerTest.java index 271350ed3..19862f09b 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AbstractSuppressionAnalyzerTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AbstractSuppressionAnalyzerTest.java @@ -26,13 +26,12 @@ import org.owasp.dependencycheck.dependency.Dependency; import org.owasp.dependencycheck.suppression.SuppressionParseException; import org.owasp.dependencycheck.suppression.SuppressionRule; import org.owasp.dependencycheck.utils.Settings; +import org.slf4j.LoggerFactory; import java.net.MalformedURLException; import java.net.URISyntaxException; import java.util.List; import java.util.Set; -import java.util.logging.Level; -import java.util.logging.Logger; import static org.junit.Assert.assertNull; import static org.junit.Assert.assertTrue; @@ -93,9 +92,9 @@ public class AbstractSuppressionAnalyzerTest extends BaseTest { final String uri = this.getClass().getClassLoader().getResource("suppressions.xml").toURI().toURL().toString(); Settings.setString(Settings.KEYS.SUPPRESSION_FILE, uri); } catch (URISyntaxException ex) { - Logger.getLogger(AbstractSuppressionAnalyzerTest.class.getName()).log(Level.SEVERE, null, ex); + LoggerFactory.getLogger(AbstractSuppressionAnalyzerTest.class).error("", ex); } catch (MalformedURLException ex) { - Logger.getLogger(AbstractSuppressionAnalyzerTest.class.getName()).log(Level.SEVERE, null, ex); + LoggerFactory.getLogger(AbstractSuppressionAnalyzerTest.class).error("", ex); } } diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzerTest.java index 1e1e70685..34b2b9873 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzerTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzerTest.java @@ -18,8 +18,6 @@ package org.owasp.dependencycheck.analyzer; import java.io.File; -import java.util.logging.Level; -import java.util.logging.Logger; import org.junit.After; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertTrue; @@ -34,6 +32,10 @@ import org.owasp.dependencycheck.dependency.Confidence; import org.owasp.dependencycheck.dependency.Dependency; import org.owasp.dependencycheck.dependency.Evidence; import org.owasp.dependencycheck.utils.Settings; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.slf4j.impl.SimpleLogger; +import org.slf4j.impl.SimpleLoggerFactory; /** * Tests for the AssemblyAnalyzer. @@ -43,7 +45,9 @@ import org.owasp.dependencycheck.utils.Settings; */ public class AssemblyAnalyzerTest extends BaseTest { - private static final Logger LOGGER = Logger.getLogger(AssemblyAnalyzerTest.class.getName()); + private static final Logger LOGGER = LoggerFactory.getLogger(AssemblyAnalyzerTest.class); + + private static final String LOG_KEY = "org.slf4j.simpleLogger.org.owasp.dependencycheck.analyzer.AssemblyAnalyzer"; AssemblyAnalyzer analyzer; @@ -60,9 +64,9 @@ public class AssemblyAnalyzerTest extends BaseTest { analyzer.initialize(); } catch (Exception e) { if (e.getMessage().contains("Could not execute .NET AssemblyAnalyzer")) { - LOGGER.log(Level.WARNING, "Exception setting up AssemblyAnalyzer. Tests will be incomplete"); + LOGGER.warn("Exception setting up AssemblyAnalyzer. Tests will be incomplete"); } else { - LOGGER.log(Level.WARNING, "Exception setting up AssemblyAnalyzer. Tests will be incomplete", e); + LOGGER.warn("Exception setting up AssemblyAnalyzer. Tests will be incomplete", e); } Assume.assumeNoException("Is mono installed? TESTS WILL BE INCOMPLETE", e); } @@ -113,11 +117,8 @@ public class AssemblyAnalyzerTest extends BaseTest { @Test public void testNonexistent() { - Level oldLevel = Logger.getLogger(AssemblyAnalyzer.class.getName()).getLevel(); - Level oldDependency = Logger.getLogger(Dependency.class.getName()).getLevel(); // Tweak the log level so the warning doesn't show in the console - Logger.getLogger(AssemblyAnalyzer.class.getName()).setLevel(Level.OFF); - Logger.getLogger(Dependency.class.getName()).setLevel(Level.OFF); + String oldProp = System.getProperty(LOG_KEY, "info"); //File f = new File(AssemblyAnalyzerTest.class.getClassLoader().getResource("log4net.dll").getPath()); File f = BaseTest.getResourceAsFile(this, "log4net.dll"); File test = new File(f.getParent(), "nonexistent.dll"); @@ -129,8 +130,7 @@ public class AssemblyAnalyzerTest extends BaseTest { } catch (AnalysisException ae) { assertEquals("File does not exist", ae.getMessage()); } finally { - Logger.getLogger(AssemblyAnalyzer.class.getName()).setLevel(oldLevel); - Logger.getLogger(Dependency.class.getName()).setLevel(oldDependency); + System.setProperty(LOG_KEY, oldProp); } } @@ -151,10 +151,10 @@ public class AssemblyAnalyzerTest extends BaseTest { Settings.setString(Settings.KEYS.ANALYZER_ASSEMBLY_MONO_PATH, "/yooser/bine/mono"); } - Level oldLevel = Logger.getLogger(AssemblyAnalyzer.class.getName()).getLevel(); + String oldProp = System.getProperty(LOG_KEY, "info"); try { // Tweak the logging to swallow the warning when testing - Logger.getLogger(AssemblyAnalyzer.class.getName()).setLevel(Level.OFF); + System.setProperty(LOG_KEY, "error"); // Have to make a NEW analyzer because during setUp, it would have gotten the correct one AssemblyAnalyzer aanalyzer = new AssemblyAnalyzer(); aanalyzer.supportsExtension("dll"); @@ -163,8 +163,8 @@ public class AssemblyAnalyzerTest extends BaseTest { } catch (AnalysisException ae) { assertEquals("An error occured with the .NET AssemblyAnalyzer", ae.getMessage()); } finally { + System.setProperty(LOG_KEY, oldProp); // Recover the logger - Logger.getLogger(AssemblyAnalyzer.class.getName()).setLevel(oldLevel); // Now recover the way we came in. If we had to set a System property, delete it. Otherwise, // reset the old value if (oldValue == null) { diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/central/CentralSearchTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/central/CentralSearchTest.java index d75ef404a..a3710f2f3 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/central/CentralSearchTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/central/CentralSearchTest.java @@ -5,11 +5,12 @@ import org.junit.Test; import org.owasp.dependencycheck.BaseTest; import org.owasp.dependencycheck.data.nexus.MavenArtifact; import org.owasp.dependencycheck.utils.Settings; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import java.io.FileNotFoundException; import java.net.URL; import java.util.List; -import java.util.logging.Logger; import static org.junit.Assert.*; @@ -17,13 +18,13 @@ import static org.junit.Assert.*; * Created by colezlaw on 10/13/14. */ public class CentralSearchTest extends BaseTest { - private static final Logger LOGGER = Logger.getLogger(CentralSearchTest.class.getName()); + private static final Logger LOGGER = LoggerFactory.getLogger(CentralSearchTest.class); private CentralSearch searcher; @Before public void setUp() throws Exception { String centralUrl = Settings.getString(Settings.KEYS.ANALYZER_CENTRAL_URL); - LOGGER.fine(centralUrl); + LOGGER.debug(centralUrl); searcher = new CentralSearch(new URL(centralUrl)); } diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nexus/NexusSearchTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nexus/NexusSearchTest.java index 144b86e22..7a719ae0d 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nexus/NexusSearchTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nexus/NexusSearchTest.java @@ -19,7 +19,6 @@ package org.owasp.dependencycheck.data.nexus; import java.io.FileNotFoundException; import java.net.URL; -import java.util.logging.Logger; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; import org.junit.Assume; @@ -28,16 +27,18 @@ import org.junit.Ignore; import org.junit.Test; import org.owasp.dependencycheck.BaseTest; import org.owasp.dependencycheck.utils.Settings; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; public class NexusSearchTest extends BaseTest { - private static final Logger LOGGER = Logger.getLogger(NexusSearchTest.class.getName()); + private static final Logger LOGGER = LoggerFactory.getLogger(NexusSearchTest.class); private NexusSearch searcher; @Before public void setUp() throws Exception { String nexusUrl = Settings.getString(Settings.KEYS.ANALYZER_NEXUS_URL); - LOGGER.fine(nexusUrl); + LOGGER.debug(nexusUrl); searcher = new NexusSearch(new URL(nexusUrl)); Assume.assumeTrue(searcher.preflightRequest()); } diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/BaseDBTestCase.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/BaseDBTestCase.java index bde570a63..242971ff4 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/BaseDBTestCase.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/BaseDBTestCase.java @@ -22,13 +22,12 @@ import java.io.BufferedOutputStream; import java.io.File; import java.io.FileInputStream; import java.io.FileOutputStream; -import java.util.logging.Level; -import java.util.logging.Logger; import java.util.zip.ZipEntry; import java.util.zip.ZipInputStream; import org.junit.Before; import org.owasp.dependencycheck.BaseTest; import org.owasp.dependencycheck.utils.Settings; +import org.slf4j.LoggerFactory; /** * @@ -76,7 +75,7 @@ public abstract class BaseDBTestCase extends BaseTest { dest.write(data, 0, count); } } catch (Throwable ex) { - Logger.getLogger(BaseDBTestCase.class.getName()).log(Level.SEVERE, null, ex); + LoggerFactory.getLogger(BaseDBTestCase.class).error("", ex); } finally { try { if (dest != null) { @@ -84,14 +83,14 @@ public abstract class BaseDBTestCase extends BaseTest { dest.close(); } } catch (Throwable ex) { - Logger.getLogger(BaseDBTestCase.class.getName()).log(Level.FINEST, null, ex); + LoggerFactory.getLogger(BaseDBTestCase.class).trace("", ex); } try { if (fos != null) { fos.close(); } } catch (Throwable ex) { - Logger.getLogger(BaseDBTestCase.class.getName()).log(Level.FINEST, null, ex); + LoggerFactory.getLogger(BaseDBTestCase.class).trace("", ex); } } } @@ -101,14 +100,14 @@ public abstract class BaseDBTestCase extends BaseTest { zin.close(); } } catch (Throwable ex) { - Logger.getLogger(BaseDBTestCase.class.getName()).log(Level.FINEST, null, ex); + LoggerFactory.getLogger(BaseDBTestCase.class).trace("", ex); } try { if (fis != null) { fis.close(); } } catch (Throwable ex) { - Logger.getLogger(BaseDBTestCase.class.getName()).log(Level.FINEST, null, ex); + LoggerFactory.getLogger(BaseDBTestCase.class).trace("", ex); } } } diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/AggregateMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/AggregateMojo.java index 23d9bd737..da89c4339 100644 --- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/AggregateMojo.java +++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/AggregateMojo.java @@ -25,8 +25,6 @@ import java.util.HashSet; import java.util.List; import java.util.Locale; import java.util.Set; -import java.util.logging.Level; -import java.util.logging.Logger; import org.apache.maven.plugin.MojoExecutionException; import org.apache.maven.plugin.MojoFailureException; import org.apache.maven.plugins.annotations.LifecyclePhase; @@ -54,12 +52,6 @@ import org.owasp.dependencycheck.utils.Settings; requiresOnline = true ) public class AggregateMojo extends BaseDependencyCheckMojo { - - /** - * Logger field reference. - */ - private static final Logger LOGGER = Logger.getLogger(AggregateMojo.class.getName()); - /** * Executes the aggregate dependency-check goal. This runs dependency-check and generates the subsequent reports. * @@ -76,7 +68,9 @@ public class AggregateMojo extends BaseDependencyCheckMojo { for (MavenProject current : getReactorProjects()) { final File dataFile = getDataFile(current); if (dataFile == null) { //dc was never run on this project. write the ser to the target. - LOGGER.fine(String.format("Executing dependency-check on %s", current.getName())); + if (getLog().isDebugEnabled()) { + getLog().debug(String.format("Executing dependency-check on %s", current.getName())); + } generateDataFile(engine, current); } } @@ -90,22 +84,32 @@ public class AggregateMojo extends BaseDependencyCheckMojo { for (MavenProject reportOn : childProjects) { final List childDeps = readDataFile(reportOn); if (childDeps != null && !childDeps.isEmpty()) { - LOGGER.fine(String.format("Adding %d dependencies from %s", childDeps.size(), reportOn.getName())); + if (getLog().isDebugEnabled()) { + getLog().debug(String.format("Adding %d dependencies from %s", childDeps.size(), reportOn.getName())); + } dependencies.addAll(childDeps); } else { - LOGGER.fine(String.format("No dependencies read for %s", reportOn.getName())); + if (getLog().isDebugEnabled()) { + getLog().debug(String.format("No dependencies read for %s", reportOn.getName())); + } } } engine.getDependencies().clear(); engine.getDependencies().addAll(dependencies); final DependencyBundlingAnalyzer bundler = new DependencyBundlingAnalyzer(); try { - LOGGER.fine(String.format("Dependency count pre-bundler: %s", engine.getDependencies().size())); + if (getLog().isDebugEnabled()) { + getLog().debug(String.format("Dependency count pre-bundler: %s", engine.getDependencies().size())); + } bundler.analyze(null, engine); - LOGGER.fine(String.format("Dependency count post-bundler: %s", engine.getDependencies().size())); + if (getLog().isDebugEnabled()) { + getLog().debug(String.format("Dependency count post-bundler: %s", engine.getDependencies().size())); + } } catch (AnalysisException ex) { - LOGGER.log(Level.WARNING, "An error occured grouping the dependencies; duplicate entries may exist in the report", ex); - LOGGER.log(Level.FINE, "Bundling Exception", ex); + getLog().warn("An error occured grouping the dependencies; duplicate entries may exist in the report", ex); + if (getLog().isDebugEnabled()) { + getLog().debug("Bundling Exception", ex); + } } File outputDir = getCorrectOutputDirectory(current); @@ -133,17 +137,23 @@ public class AggregateMojo extends BaseDependencyCheckMojo { } final Set descendants = new HashSet(); int size = 0; - LOGGER.fine(String.format("Collecting descendants of %s", project.getName())); + if (getLog().isDebugEnabled()) { + getLog().debug(String.format("Collecting descendants of %s", project.getName())); + } for (String m : project.getModules()) { for (MavenProject mod : getReactorProjects()) { try { File mpp = new File(project.getBasedir(), m); mpp = mpp.getCanonicalFile(); if (mpp.compareTo(mod.getBasedir()) == 0 && descendants.add(mod)) { - LOGGER.fine(String.format("Decendent module %s added", mod.getName())); + if (getLog().isDebugEnabled()) { + getLog().debug(String.format("Decendent module %s added", mod.getName())); + }; } } catch (IOException ex) { - LOGGER.log(Level.FINE, "Unable to determine module path", ex); + if (getLog().isDebugEnabled()) { + getLog().debug("Unable to determine module path", ex); + } } } } @@ -152,12 +162,16 @@ public class AggregateMojo extends BaseDependencyCheckMojo { for (MavenProject p : getReactorProjects()) { if (project.equals(p.getParent()) || descendants.contains(p.getParent())) { if (descendants.add(p)) { - LOGGER.fine(String.format("Decendent %s added", p.getName())); + if (getLog().isDebugEnabled()) { + getLog().debug(String.format("Decendent %s added", p.getName())); + } } for (MavenProject modTest : getReactorProjects()) { if (p.getModules() != null && p.getModules().contains(modTest.getName()) && descendants.add(modTest)) { - LOGGER.fine(String.format("Decendent %s added", modTest.getName())); + if (getLog().isDebugEnabled()) { + getLog().debug(String.format("Decendent %s added", modTest.getName())); + } } } } @@ -167,16 +181,22 @@ public class AggregateMojo extends BaseDependencyCheckMojo { File mpp = new File(dec.getBasedir(), mod); mpp = mpp.getCanonicalFile(); if (mpp.compareTo(p.getBasedir()) == 0 && descendants.add(p)) { - LOGGER.fine(String.format("Decendent module %s added", p.getName())); + if (getLog().isDebugEnabled()) { + getLog().debug(String.format("Decendent module %s added", p.getName())); + } } } catch (IOException ex) { - LOGGER.log(Level.FINE, "Unable to determine module path", ex); + if (getLog().isDebugEnabled()) { + getLog().debug("Unable to determine module path", ex); + } } } } } } while (size != 0 && size != descendants.size()); - LOGGER.fine(String.format("%s has %d children", project, descendants.size())); + if (getLog().isDebugEnabled()) { + getLog().debug(String.format("%s has %d children", project, descendants.size())); + } return descendants; } @@ -202,7 +222,9 @@ public class AggregateMojo extends BaseDependencyCheckMojo { try { engine = initializeEngine(); } catch (DatabaseException ex) { - LOGGER.log(Level.FINE, "Database connection error", ex); + if (getLog().isDebugEnabled()) { + getLog().debug("Database connection error", ex); + } throw new MojoExecutionException("An exception occured connecting to the local database. Please see the log file for more details.", ex); } return generateDataFile(engine, getProject()); @@ -218,7 +240,9 @@ public class AggregateMojo extends BaseDependencyCheckMojo { * @throws MojoFailureException thrown if dependency-check is configured to fail the build if severe CVEs are identified. */ protected Engine generateDataFile(Engine engine, MavenProject project) throws MojoExecutionException, MojoFailureException { - LOGGER.fine(String.format("Begin Scanning: %s", project.getName())); + if (getLog().isDebugEnabled()) { + getLog().debug(String.format("Begin Scanning: %s", project.getName())); + } engine.getDependencies().clear(); engine.resetFileTypeAnalyzers(); scanArtifacts(project, engine); diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java index 21067fb6b..850f7ec75 100644 --- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java +++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java @@ -29,8 +29,6 @@ import java.io.ObjectOutputStream; import java.io.OutputStream; import java.util.List; import java.util.Locale; -import java.util.logging.Level; -import java.util.logging.Logger; import org.apache.maven.artifact.Artifact; import org.apache.maven.artifact.metadata.ArtifactMetadataRetrievalException; import org.apache.maven.artifact.metadata.ArtifactMetadataSource; @@ -66,10 +64,6 @@ import org.owasp.dependencycheck.utils.Settings; public abstract class BaseDependencyCheckMojo extends AbstractMojo implements MavenReport { // - /** - * Logger field reference. - */ - private static final Logger LOGGER = Logger.getLogger(BaseDependencyCheckMojo.class.getName()); /** * The properties file location. */ @@ -407,7 +401,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma } catch (MojoExecutionException ex) { throw new MavenReportException(ex.getMessage(), ex); } catch (MojoFailureException ex) { - LOGGER.warning("Vulnerabilities were identifies that exceed the CVSS threshold for failing the build"); + getLog().warn("Vulnerabilities were identifies that exceed the CVSS threshold for failing the build"); } } @@ -446,14 +440,18 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma * @return the directory to write the report(s) */ protected File getDataFile(MavenProject current) { - LOGGER.fine(String.format("Getting data filefor %s using key '%s'", current.getName(), getDataFileContextKey())); + if (getLog().isDebugEnabled()) { + getLog().debug(String.format("Getting data filefor %s using key '%s'", current.getName(), getDataFileContextKey())); + } final Object obj = current.getContextValue(getDataFileContextKey()); if (obj != null) { if (obj instanceof File) { return (File) obj; } } else { - LOGGER.fine("Context value not found"); + if (getLog().isDebugEnabled()) { + getLog().debug("Context value not found"); + } } return null; } @@ -477,8 +475,10 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma final MavenArtifact ma = new MavenArtifact(a.getGroupId(), a.getArtifactId(), a.getVersion()); d.addAsEvidence("pom", ma, Confidence.HIGHEST); d.addProjectReference(project.getName()); - LOGGER.fine(String.format("Adding project reference %s on dependency %s", project.getName(), + if (getLog().isDebugEnabled()) { + getLog().debug(String.format("Adding project reference %s on dependency %s", project.getName(), d.getDisplayFileName())); + } if (metadataSource != null) { try { final DependencyVersion currentVersion = new DependencyVersion(a.getVersion()); @@ -491,20 +491,26 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma } } } catch (ArtifactMetadataRetrievalException ex) { - LOGGER.log(Level.WARNING, + getLog().warn( "Unable to check for new versions of dependencies; see the log for more details."); - LOGGER.log(Level.FINE, null, ex); + if (getLog().isDebugEnabled()) { + getLog().debug("", ex); + } } catch (Throwable t) { - LOGGER.log(Level.WARNING, + getLog().warn( "Unexpected error occured checking for new versions; see the log for more details."); - LOGGER.log(Level.FINE, "", t); + if (getLog().isDebugEnabled()) { + getLog().debug("", t); + } } } } } else { - final String msg = String.format("More then 1 dependency was identified in first pass scan of '%s:%s:%s'", + if (getLog().isDebugEnabled()) { + final String msg = String.format("More then 1 dependency was identified in first pass scan of '%s:%s:%s'", a.getGroupId(), a.getArtifactId(), a.getVersion()); - LOGGER.fine(msg); + getLog().debug(msg); + } } } } @@ -570,7 +576,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma } else if ("VULN".equalsIgnoreCase(this.format)) { return "dependency-check-vulnerability"; } else { - LOGGER.log(Level.WARNING, "Unknown report format used during site generation."); + getLog().warn("Unknown report format used during site generation."); return "dependency-check-report"; } } @@ -613,26 +619,30 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma mojoProperties = this.getClass().getClassLoader().getResourceAsStream(PROPERTIES_FILE); Settings.mergeProperties(mojoProperties); } catch (IOException ex) { - LOGGER.log(Level.WARNING, "Unable to load the dependency-check ant task.properties file."); - LOGGER.log(Level.FINE, null, ex); + getLog().warn("Unable to load the dependency-check ant task.properties file."); + if (getLog().isDebugEnabled()) { + getLog().debug("", ex); + } } finally { if (mojoProperties != null) { try { mojoProperties.close(); } catch (IOException ex) { - LOGGER.log(Level.FINEST, null, ex); + if (getLog().isDebugEnabled()) { + getLog().debug("", ex); + } } } } Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, autoUpdate); if (externalReport != null) { - LOGGER.warning("The 'externalReport' option was set; this configuration option has been removed. " - + "Please update the dependency-check-maven plugin's configuration"); + getLog().warn("The 'externalReport' option was set; this configuration option has been removed. " + + "Please update the dependency-check-maven plugin's configuration"); } if (proxyUrl != null && !proxyUrl.isEmpty()) { - LOGGER.warning("Deprecated configuration detected, proxyUrl will be ignored; use the maven settings " + "to configure the proxy instead"); + getLog().warn("Deprecated configuration detected, proxyUrl will be ignored; use the maven settings " + "to configure the proxy instead"); } final Proxy proxy = getMavenProxy(); if (proxy != null) { @@ -739,8 +749,8 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma } else if (proxies.size() == 1) { return proxies.get(0); } else { - LOGGER.warning("Multiple proxy definitions exist in the Maven settings. In the dependency-check " - + "configuration set the mavenSettingsProxyId so that the correct proxy will be used."); + getLog().warn("Multiple proxy definitions exist in the Maven settings. In the dependency-check " + + "configuration set the mavenSettingsProxyId so that the correct proxy will be used."); throw new IllegalStateException("Ambiguous proxy definition"); } } @@ -812,7 +822,9 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma cve.open(); prop = cve.getDatabaseProperties(); } catch (DatabaseException ex) { - LOGGER.log(Level.FINE, "Unable to retrieve DB Properties", ex); + if (getLog().isDebugEnabled()) { + getLog().debug("Unable to retrieve DB Properties", ex); + } } finally { if (cve != null) { cve.close(); @@ -822,13 +834,17 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma try { r.generateReports(outputDir.getAbsolutePath(), format); } catch (IOException ex) { - LOGGER.log(Level.SEVERE, + getLog().error( "Unexpected exception occurred during analysis; please see the verbose error log for more details."); - LOGGER.log(Level.FINE, null, ex); + if (getLog().isDebugEnabled()) { + getLog().debug("", ex); + } } catch (Throwable ex) { - LOGGER.log(Level.SEVERE, - "Unexpected exception occurred during analysis; please see the verbose error log for more details."); - LOGGER.log(Level.FINE, null, ex); + getLog().error( + "Unexpected exception occurred during analysis; please see the verbose error log for more details."); + if (getLog().isDebugEnabled()) { + getLog().debug("", ex); + } } } @@ -903,7 +919,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma if (summary.length() > 0) { final String msg = String.format("%n%n" + "One or more dependencies were identified with known vulnerabilities in %s:%n%n%s" + "%n%nSee the dependency-check report for more details.%n%n", mp.getName(), summary.toString()); - LOGGER.log(Level.WARNING, msg); + getLog().warn(msg); } } } @@ -962,33 +978,43 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma //https://www.securecoding.cert.org/confluence/display/java/SER10-J.+Avoid+memory+and+resource+leaks+during+serialization out.reset(); } - LOGGER.fine(String.format("Serialized data file written to '%s' for %s, referenced by key %s", + if (getLog().isDebugEnabled()) { + getLog().debug(String.format("Serialized data file written to '%s' for %s, referenced by key %s", file.getAbsolutePath(), mp.getName(), this.getDataFileContextKey())); + } mp.setContextValue(this.getDataFileContextKey(), file.getAbsolutePath()); } catch (IOException ex) { - LOGGER.log(Level.WARNING, "Unable to create data file used for report aggregation; " + getLog().warn("Unable to create data file used for report aggregation; " + "if report aggregation is being used the results may be incomplete."); - LOGGER.log(Level.FINE, ex.getMessage(), ex); + if (getLog().isDebugEnabled()) { + getLog().debug(ex.getMessage(), ex); + } } finally { if (out != null) { try { out.close(); } catch (IOException ex) { - LOGGER.log(Level.FINEST, "ignore", ex); + if (getLog().isDebugEnabled()) { + getLog().debug("ignore", ex); + } } } if (bos != null) { try { bos.close(); } catch (IOException ex) { - LOGGER.log(Level.FINEST, "ignore", ex); + if (getLog().isDebugEnabled()) { + getLog().debug("ignore", ex); + } } } if (os != null) { try { os.close(); } catch (IOException ex) { - LOGGER.log(Level.FINEST, "ignore", ex); + if (getLog().isDebugEnabled()) { + getLog().debug("ignore", ex); + } } } } @@ -1016,17 +1042,17 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma ret = (List) ois.readObject(); } catch (FileNotFoundException ex) { //TODO fix logging - LOGGER.log(Level.SEVERE, null, ex); + getLog().error("", ex); } catch (IOException ex) { - LOGGER.log(Level.SEVERE, null, ex); + getLog().error("", ex); } catch (ClassNotFoundException ex) { - LOGGER.log(Level.SEVERE, null, ex); + getLog().error("", ex); } finally { if (ois != null) { try { ois.close(); } catch (IOException ex) { - LOGGER.log(Level.SEVERE, null, ex); + getLog().error("", ex); } } } diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/CheckMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/CheckMojo.java index b71c6b0c0..17f2692d1 100644 --- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/CheckMojo.java +++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/CheckMojo.java @@ -18,8 +18,6 @@ package org.owasp.dependencycheck.maven; import java.util.Locale; -import java.util.logging.Level; -import java.util.logging.Logger; import org.apache.maven.artifact.Artifact; import org.apache.maven.plugin.MojoExecutionException; import org.apache.maven.plugin.MojoFailureException; @@ -43,11 +41,6 @@ import org.owasp.dependencycheck.utils.Settings; ) public class CheckMojo extends BaseDependencyCheckMojo { - /** - * Logger field reference. - */ - private static final Logger LOGGER = Logger.getLogger(CheckMojo.class.getName()); - /** * Returns whether or not a the report can be generated. * @@ -77,12 +70,14 @@ public class CheckMojo extends BaseDependencyCheckMojo { try { engine = initializeEngine(); } catch (DatabaseException ex) { - LOGGER.log(Level.FINE, "Database connection error", ex); + if (getLog().isDebugEnabled()) { + getLog().debug("Database connection error", ex); + } throw new MojoExecutionException("An exception occured connecting to the local database. Please see the log file for more details.", ex); } scanArtifacts(getProject(), engine); if (engine.getDependencies().isEmpty()) { - LOGGER.info("No dependencies were identified that could be analyzed by dependency-check"); + getLog().info("No dependencies were identified that could be analyzed by dependency-check"); } else { engine.analyzeDependencies(); writeReports(engine, getProject(), getCorrectOutputDirectory()); diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/Engine.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/Engine.java index 9942adc70..900bcaef4 100644 --- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/Engine.java +++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/Engine.java @@ -18,13 +18,14 @@ package org.owasp.dependencycheck.maven; import java.util.List; -import java.util.logging.Logger; import org.apache.maven.project.MavenProject; import org.owasp.dependencycheck.analyzer.Analyzer; import org.owasp.dependencycheck.analyzer.CPEAnalyzer; import org.owasp.dependencycheck.analyzer.FileTypeAnalyzer; import org.owasp.dependencycheck.data.nvdcve.DatabaseException; import org.owasp.dependencycheck.utils.Settings; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * A modified version of the core engine specifically designed to persist some data between multiple executions of a multi-module @@ -37,7 +38,7 @@ public class Engine extends org.owasp.dependencycheck.Engine { /** * The logger. */ - private static final transient Logger LOGGER = Logger.getLogger(Engine.class.getName()); + private static final transient Logger LOGGER = LoggerFactory.getLogger(Engine.class); /** * A key used to persist an object in the MavenProject. */ @@ -75,9 +76,9 @@ public class Engine extends org.owasp.dependencycheck.Engine { public void analyzeDependencies() { final MavenProject root = getExecutionRoot(); if (root != null) { - LOGGER.fine(String.format("Checking root project, %s, if updates have already been completed", root.getArtifactId())); + LOGGER.debug("Checking root project, {}, if updates have already been completed", root.getArtifactId()); } else { - LOGGER.fine("Checking root project, null, if updates have already been completed"); + LOGGER.debug("Checking root project, null, if updates have already been completed"); } if (root != null && root.getContextValue(UPDATE_EXECUTED_FLAG) != null) { System.setProperty(Settings.KEYS.AUTO_UPDATE, Boolean.FALSE.toString()); diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/MavenLoggerAdapter.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/MavenLoggerAdapter.java new file mode 100644 index 000000000..3a34670c7 --- /dev/null +++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/MavenLoggerAdapter.java @@ -0,0 +1,320 @@ +/* + * This file is part of dependency-check-ant. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Copyright (c) 2013 Jeremy Long. All Rights Reserved. + */ +package org.owasp.dependencycheck.maven; + +import org.apache.maven.plugin.logging.Log; +import org.slf4j.helpers.FormattingTuple; +import org.slf4j.helpers.MarkerIgnoringBase; +import org.slf4j.helpers.MessageFormatter; + +/** + * Created by colezlaw on 6/14/15. + */ +public class MavenLoggerAdapter extends MarkerIgnoringBase { + private Log log; + + public MavenLoggerAdapter(Log log) { + super(); + this.log = log; + } + + @Override + public boolean isTraceEnabled() { + if (log != null) { + return log.isDebugEnabled(); + } + return true; + } + + @Override + public void trace(String msg) { + if (log != null) { + log.debug(msg); + } else { + System.out.println(msg); + } + } + + @Override + public void trace(String format, Object arg) { + String message = MessageFormatter.format(format, arg).getMessage(); + if (log != null) { + log.debug(message); + } else { + System.out.println(message); + } + } + + @Override + public void trace(String format, Object arg1, Object arg2) { + String message = MessageFormatter.format(format, arg1, arg2).getMessage(); + if (log != null) { + log.debug(message); + } else { + System.out.println(message); + } + } + + @Override + public void trace(String format, Object... arguments) { + String message = MessageFormatter.format(format, arguments).getMessage(); + if (log != null) { + log.debug(message); + } else { + System.out.println(message); + } + } + + @Override + public void trace(String msg, Throwable t) { + if (log != null) { + log.debug(msg, t); + } else { + System.out.println(msg); + t.printStackTrace(); + } + } + + @Override + public boolean isDebugEnabled() { + if (log != null) { + return log.isDebugEnabled(); + } + return true; + } + + @Override + public void debug(String msg) { + if (log != null) { + log.debug(msg); + } else { + System.out.println(msg); + } + } + + @Override + public void debug(String format, Object arg) { + String message = MessageFormatter.format(format, arg).getMessage(); + if (log != null) { + log.debug(message); + } else { + System.out.println(message); + } + } + + @Override + public void debug(String format, Object arg1, Object arg2) { + String message = MessageFormatter.format(format, arg1, arg2).getMessage(); + if (log != null) { + log.debug(message); + } else { + System.out.println(message); + } + } + + @Override + public void debug(String format, Object... arguments) { + String message = MessageFormatter.format(format, arguments).getMessage(); + if (log != null) { + log.debug(message); + } else { + System.out.println(message); + } + } + + @Override + public void debug(String msg, Throwable t) { + if (log != null) { + log.debug(msg, t); + } else { + System.out.println(msg); + t.printStackTrace(); + } + } + + @Override + public boolean isInfoEnabled() { + if (log != null) { + return log.isInfoEnabled(); + } + return true; + } + + @Override + public void info(String msg) { + if (log != null) { + log.info(msg); + } else { + System.out.println(msg); + } + } + + @Override + public void info(String format, Object arg) { + String message = MessageFormatter.format(format, arg).getMessage(); + if (log != null) { + log.info(message); + } else { + System.out.println(message); + } + } + + @Override + public void info(String format, Object arg1, Object arg2) { + String message = MessageFormatter.format(format, arg1, arg2).getMessage(); + if (log != null) { + log.info(message); + } else { + System.out.println(message); + } + } + + @Override + public void info(String format, Object... arguments) { + String message = MessageFormatter.format(format, arguments).getMessage(); + if (log != null) { + log.info(message); + } else { + System.out.println(message); + } + } + + @Override + public void info(String msg, Throwable t) { + if (log != null) { + log.info(msg, t); + } else { + System.out.println(msg); + t.printStackTrace(); + } + } + + @Override + public boolean isWarnEnabled() { + if (log != null) { + return log.isWarnEnabled(); + } + return true; + } + + @Override + public void warn(String msg) { + if (log != null) { + log.warn(msg); + } else { + System.out.println(msg); + } + } + + @Override + public void warn(String format, Object arg) { + String message = MessageFormatter.format(format, arg).getMessage(); + if (log != null) { + log.warn(message); + } else { + System.out.println(message); + } + } + + @Override + public void warn(String format, Object arg1, Object arg2) { + String message = MessageFormatter.format(format, arg1, arg2).getMessage(); + if (log != null) { + log.warn(message); + } else { + System.out.println(message); + } + } + + @Override + public void warn(String format, Object... arguments) { + String message = MessageFormatter.format(format, arguments).getMessage(); + if (log != null) { + log.warn(message); + } else { + System.out.println(message); + } + } + + @Override + public void warn(String msg, Throwable t) { + if (log != null) { + log.warn(msg, t); + } else { + System.out.println(msg); + t.printStackTrace(); + } + } + + @Override + public boolean isErrorEnabled() { + if (log != null) { + return log.isErrorEnabled(); + } + return true; + } + + @Override + public void error(String msg) { + if (log != null) { + log.error(msg); + } else { + System.out.println(msg); + } + } + + @Override + public void error(String format, Object arg) { + String message = MessageFormatter.format(format, arg).getMessage(); + if (log != null) { + log.error(message); + } else { + System.out.println(message); + } + } + + @Override + public void error(String format, Object arg1, Object arg2) { + String message = MessageFormatter.format(format, arg1, arg2).getMessage(); + if (log != null) { + log.error(message); + } else { + System.out.println(message); + } + } + + @Override + public void error(String format, Object... arguments) { + String message = MessageFormatter.format(format, arguments).getMessage(); + if (log != null) { + log.error(message); + } else { + System.out.println(message); + } + } + + @Override + public void error(String msg, Throwable t) { + if (log != null) { + log.error(msg, t); + } else { + System.out.println(msg); + t.printStackTrace(); + } + } +} diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/MavenLoggerFactory.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/MavenLoggerFactory.java new file mode 100644 index 000000000..4e5a2598e --- /dev/null +++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/MavenLoggerFactory.java @@ -0,0 +1,38 @@ +/* + * This file is part of dependency-check-ant. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Copyright (c) 2013 Jeremy Long. All Rights Reserved. + */ +package org.owasp.dependencycheck.maven; + +import org.apache.maven.plugin.logging.Log; +import org.slf4j.ILoggerFactory; +import org.slf4j.Logger; + +/** + * Created by colezlaw on 6/14/15. + */ +public class MavenLoggerFactory implements ILoggerFactory { + private MavenLoggerAdapter mavenLoggerAdapter; + + public MavenLoggerFactory(Log log) { + super(); + this.mavenLoggerAdapter = new MavenLoggerAdapter(log); + } + + public Logger getLogger(String name) { + return mavenLoggerAdapter; + } +} diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/UpdateMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/UpdateMojo.java index 098c98281..dd5afdec6 100644 --- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/UpdateMojo.java +++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/UpdateMojo.java @@ -18,8 +18,6 @@ package org.owasp.dependencycheck.maven; import java.util.Locale; -import java.util.logging.Level; -import java.util.logging.Logger; import org.apache.maven.plugin.MojoExecutionException; import org.apache.maven.plugin.MojoFailureException; import org.apache.maven.plugins.annotations.LifecyclePhase; @@ -42,11 +40,6 @@ import org.owasp.dependencycheck.utils.Settings; ) public class UpdateMojo extends BaseDependencyCheckMojo { - /** - * Logger field reference. - */ - private static final Logger LOGGER = Logger.getLogger(UpdateMojo.class.getName()); - /** * Returns false; this mojo cannot generate a report. * @@ -70,7 +63,9 @@ public class UpdateMojo extends BaseDependencyCheckMojo { engine = initializeEngine(); engine.update(); } catch (DatabaseException ex) { - LOGGER.log(Level.FINE, "Database connection error", ex); + if (getLog().isDebugEnabled()) { + getLog().debug("Database connection error", ex); + } throw new MojoExecutionException("An exception occured connecting to the local database. Please see the log file for more details.", ex); } engine.cleanup(); diff --git a/dependency-check-maven/src/main/java/org/slf4j/impl/StaticLoggerBinder.java b/dependency-check-maven/src/main/java/org/slf4j/impl/StaticLoggerBinder.java new file mode 100644 index 000000000..dd2bd998c --- /dev/null +++ b/dependency-check-maven/src/main/java/org/slf4j/impl/StaticLoggerBinder.java @@ -0,0 +1,88 @@ +/* + * This file is part of dependency-check-ant. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Copyright (c) 2013 Jeremy Long. All Rights Reserved. + */ +package org.slf4j.impl; + +import org.apache.maven.plugin.logging.Log; +import org.owasp.dependencycheck.maven.MavenLoggerFactory; +import org.slf4j.ILoggerFactory; +import org.slf4j.spi.LoggerFactoryBinder; + +/** + * The binding of {@link org.slf4j.LoggerFactory} class with an actual instance of + * {@link ILoggerFactory} is performed using information returned by this class. + * + * @author colezlaw + */ +public class StaticLoggerBinder implements LoggerFactoryBinder { + /** + * The unique instance of this class + * + */ + private static final StaticLoggerBinder SINGLETON = new StaticLoggerBinder(); + + /** + * Return the singleton of this class. + * + * @return the StaticLoggerBinder singleton + */ + public static final StaticLoggerBinder getSingleton() { + return SINGLETON; + } + + /** + * Maven mojos have their own logger, so we'll use one of those + */ + private Log log; + + /** + * Set the Task which will this is to log through. + * + * @param log the task through which to log + */ + public void setLog(Log log) { + this.log = log; + loggerFactory = new MavenLoggerFactory(log); + } + + /** + * Declare the version of the SLF4J API this implementation is compiled + * against. The value of this filed is usually modified with each release. + */ + // to avoid constant folding by the compiler, this field must *not* be final + public static String REQUESTED_API_VERSION = "1.7.12"; // final + + private static final String loggerFactoryClassStr = MavenLoggerFactory.class.getName(); + + /** + * The ILoggerFactory instance returned by the {@link #getLoggerFactory} + * method should always be the smae object + */ + private ILoggerFactory loggerFactory; + + private StaticLoggerBinder() { + loggerFactory = new MavenLoggerFactory(log); + } + + public ILoggerFactory getLoggerFactory() { + return loggerFactory; + } + + public String getLoggerFactoryClassStr() { + return loggerFactoryClassStr; + } +} diff --git a/dependency-check-utils/pom.xml b/dependency-check-utils/pom.xml index 6b86ed24f..8d88e5a8f 100644 --- a/dependency-check-utils/pom.xml +++ b/dependency-check-utils/pom.xml @@ -224,5 +224,16 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved. commons-io commons-io + + org.slf4j + slf4j-api + ${slf4j.version} + compile + + + org.slf4j + slf4j-simple + test + diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Checksum.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Checksum.java index f20927d97..97b254e80 100644 --- a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Checksum.java +++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Checksum.java @@ -17,6 +17,9 @@ */ package org.owasp.dependencycheck.utils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + import java.io.File; import java.io.FileInputStream; import java.io.IOException; @@ -24,8 +27,6 @@ import java.nio.MappedByteBuffer; import java.nio.channels.FileChannel; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; -import java.util.logging.Level; -import java.util.logging.Logger; /** * Includes methods to generate the MD5 and SHA1 checksum. @@ -38,7 +39,7 @@ public final class Checksum { /** * The logger. */ - private static final Logger LOGGER = Logger.getLogger(Checksum.class.getName()); + private static final Logger LOGGER = LoggerFactory.getLogger(Checksum.class); /** * Private constructor for a utility class. @@ -89,7 +90,7 @@ public final class Checksum { try { fis.close(); } catch (IOException ex) { - LOGGER.log(Level.FINEST, "Error closing file '" + file.getName() + "'.", ex); + LOGGER.trace("Error closing file '{}'.", file.getName(), ex); } } } diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Downloader.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Downloader.java index 67513a6ac..345d28adf 100644 --- a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Downloader.java +++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Downloader.java @@ -17,6 +17,9 @@ */ package org.owasp.dependencycheck.utils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + import java.io.BufferedOutputStream; import java.io.File; import java.io.FileOutputStream; @@ -26,8 +29,6 @@ import java.net.HttpURLConnection; import java.net.URISyntaxException; import java.net.URL; import java.security.InvalidAlgorithmParameterException; -import java.util.logging.Level; -import java.util.logging.Logger; import java.util.zip.GZIPInputStream; import java.util.zip.InflaterInputStream; @@ -41,7 +42,7 @@ public final class Downloader { /** * The logger. */ - private static final Logger LOGGER = Logger.getLogger(Downloader.class.getName()); + private static final Logger LOGGER = LoggerFactory.getLogger(Downloader.class); /** * The maximum number of redirects that will be followed when attempting to download a file. */ @@ -95,7 +96,7 @@ public final class Downloader { } else { HttpURLConnection conn = null; try { - LOGGER.fine(String.format("Attempting download of %s", url.toString())); + LOGGER.debug("Attempting download of {}", url.toString()); conn = URLConnectionFactory.createHttpURLConnection(url, useProxy); conn.setRequestProperty("Accept-Encoding", "gzip, deflate"); conn.connect(); @@ -111,7 +112,7 @@ public final class Downloader { } finally { conn = null; } - LOGGER.fine(String.format("Download is being redirected from %s to %s", url.toString(), location)); + LOGGER.debug("Download is being redirected from {} to {}", url.toString(), location); conn = URLConnectionFactory.createHttpURLConnection(new URL(location), useProxy); conn.setRequestProperty("Accept-Encoding", "gzip, deflate"); conn.connect(); @@ -157,7 +158,7 @@ public final class Downloader { while ((bytesRead = reader.read(buffer)) > 0) { writer.write(buffer, 0, bytesRead); } - LOGGER.fine(String.format("Download of %s complete", url.toString())); + LOGGER.debug("Download of {} complete", url.toString()); } catch (IOException ex) { analyzeException(ex); final String msg = String.format("Error saving '%s' to file '%s'%nConnection Timeout: %d%nEncoding: %s%n", @@ -172,14 +173,14 @@ public final class Downloader { try { writer.close(); } catch (IOException ex) { - LOGGER.log(Level.FINEST, "Error closing the writer in Downloader.", ex); + LOGGER.trace("Error closing the writer in Downloader.", ex); } } if (reader != null) { try { reader.close(); } catch (IOException ex) { - LOGGER.log(Level.FINEST, "Error closing the reader in Downloader.", ex); + LOGGER.trace("Error closing the reader in Downloader.", ex); } } try { @@ -258,8 +259,8 @@ public final class Downloader { LOGGER.info("Error making HTTPS request - InvalidAlgorithmParameterException"); LOGGER.info("There appears to be an issue with the installation of Java and the cacerts." + "See closed issue #177 here: https://github.com/jeremylong/DependencyCheck/issues/177"); - LOGGER.info(String.format("Java Info:%njavax.net.ssl.keyStore='%s'%njava.version='%s'%njava.vendor='%s'", - keystore, version, vendor)); + LOGGER.info("Java Info:\njavax.net.ssl.keyStore='{}'\njava.version='{}'\njava.vendor='{}'", + keystore, version, vendor); throw new DownloadFailedException("Error making HTTPS request. Please see the log for more details."); } cause = cause.getCause(); diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/FileUtils.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/FileUtils.java index b1602141f..54bc64e87 100644 --- a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/FileUtils.java +++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/FileUtils.java @@ -17,13 +17,14 @@ */ package org.owasp.dependencycheck.utils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + import java.io.File; import java.io.IOException; import java.io.UnsupportedEncodingException; import java.net.URLDecoder; import java.util.UUID; -import java.util.logging.Level; -import java.util.logging.Logger; /** * A collection of utilities for processing information about files. @@ -35,7 +36,7 @@ public final class FileUtils { /** * The logger. */ - private static final Logger LOGGER = Logger.getLogger(FileUtils.class.getName()); + private static final Logger LOGGER = LoggerFactory.getLogger(FileUtils.class); /** * Bit bucket for non-Windows systems */ @@ -77,8 +78,7 @@ public final class FileUtils { boolean success = true; if (!org.apache.commons.io.FileUtils.deleteQuietly(file)) { success = false; - final String msg = String.format("Failed to delete file: %s; attempting to delete on exit.", file.getPath()); - LOGGER.log(Level.INFO, msg); + LOGGER.info("Failed to delete file: {}; attempting to delete on exit.", file.getPath()); file.deleteOnExit(); } return success; diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java index 6699e2e4b..8e41117ef 100644 --- a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java +++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java @@ -17,6 +17,9 @@ */ package org.owasp.dependencycheck.utils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; @@ -28,8 +31,6 @@ import java.io.UnsupportedEncodingException; import java.net.URLDecoder; import java.util.Enumeration; import java.util.Properties; -import java.util.logging.Level; -import java.util.logging.Logger; /** * A simple settings container that wraps the dependencycheck.properties file. @@ -264,7 +265,7 @@ public final class Settings { /** * The logger. */ - private static final Logger LOGGER = Logger.getLogger(Settings.class.getName()); + private static final Logger LOGGER = LoggerFactory.getLogger(Settings.class); /** * The properties file location. */ @@ -290,14 +291,14 @@ public final class Settings { in = this.getClass().getClassLoader().getResourceAsStream(propertiesFilePath); props.load(in); } catch (IOException ex) { - LOGGER.log(Level.SEVERE, "Unable to load default settings."); - LOGGER.log(Level.FINE, null, ex); + LOGGER.error("Unable to load default settings."); + LOGGER.debug("", ex); } finally { if (in != null) { try { in.close(); } catch (IOException ex) { - LOGGER.log(Level.FINEST, null, ex); + LOGGER.trace("", ex); } } } @@ -342,7 +343,7 @@ public final class Settings { try { localSettings.remove(); } catch (Throwable ex) { - LOGGER.log(Level.FINE, "Error cleaning up Settings", ex); + LOGGER.debug("Error cleaning up Settings", ex); } } @@ -371,7 +372,7 @@ public final class Settings { * @param properties the properties to log */ private static void logProperties(String header, Properties properties) { - if (LOGGER.isLoggable(Level.FINE)) { + if (LOGGER.isDebugEnabled()) { final StringWriter sw = new StringWriter(); PrintWriter pw = null; try { @@ -390,7 +391,7 @@ public final class Settings { } } pw.flush(); - LOGGER.fine(sw.toString()); + LOGGER.debug(sw.toString()); } finally { if (pw != null) { pw.close(); @@ -408,9 +409,7 @@ public final class Settings { */ public static void setString(String key, String value) { localSettings.get().props.setProperty(key, value); - if (LOGGER.isLoggable(Level.FINE)) { - LOGGER.fine(String.format("Setting: %s='%s'", key, value)); - } + LOGGER.debug("Setting: {}='{}'", key, value); } /** @@ -425,9 +424,7 @@ public final class Settings { } else { localSettings.get().props.setProperty(key, Boolean.FALSE.toString()); } - if (LOGGER.isLoggable(Level.FINE)) { - LOGGER.fine(String.format("Setting: %s='%b'", key, value)); - } + LOGGER.debug("Setting: {}='{}'", key, value); } /** @@ -449,7 +446,7 @@ public final class Settings { try { fis.close(); } catch (IOException ex) { - LOGGER.log(Level.FINEST, "close error", ex); + LOGGER.trace("close error", ex); } } } @@ -474,7 +471,7 @@ public final class Settings { try { fis.close(); } catch (IOException ex) { - LOGGER.log(Level.FINEST, "close error", ex); + LOGGER.trace("close error", ex); } } } @@ -523,16 +520,16 @@ public final class Settings { */ protected static File getDataFile(String key) { final String file = getString(key); - LOGGER.log(Level.FINE, String.format("Settings.getDataFile() - file: '%s'", file)); + LOGGER.debug("Settings.getDataFile() - file: '{}'", file); if (file == null) { return null; } if (file.startsWith("[JAR]")) { - LOGGER.log(Level.FINE, "Settings.getDataFile() - transforming filename"); + LOGGER.debug("Settings.getDataFile() - transforming filename"); final File jarPath = getJarPath(); - LOGGER.log(Level.FINE, String.format("Settings.getDataFile() - jar file: '%s'", jarPath.toString())); + LOGGER.debug("Settings.getDataFile() - jar file: '{}'", jarPath.toString()); final File retVal = new File(jarPath, file.substring(6)); - LOGGER.log(Level.FINE, String.format("Settings.getDataFile() - returning: '%s'", retVal.toString())); + LOGGER.debug("Settings.getDataFile() - returning: '{}'", retVal.toString()); return retVal; } return new File(file); @@ -549,7 +546,7 @@ public final class Settings { try { decodedPath = URLDecoder.decode(jarPath, "UTF-8"); } catch (UnsupportedEncodingException ex) { - LOGGER.log(Level.FINEST, null, ex); + LOGGER.trace("", ex); } final File path = new File(decodedPath); @@ -652,8 +649,7 @@ public final class Settings { try { value = Integer.parseInt(Settings.getString(key)); } catch (NumberFormatException ex) { - final String msg = String.format("Could not convert property '%s' to an int.", key); - LOGGER.log(Level.FINEST, msg, ex); + LOGGER.trace("Could not convert property '{}' to an int.", key, ex); value = defaultValue; } return value; @@ -770,7 +766,7 @@ public final class Settings { // yes, for H2 this path won't actually exists - but this is sufficient to get the value needed final File dbFile = new File(directory, fileName); final String cString = String.format(connStr, dbFile.getCanonicalPath()); - LOGGER.log(Level.FINE, String.format("Connection String: '%s'", cString)); + LOGGER.debug("Connection String: '{}'", cString); return cString; } return connStr; diff --git a/pom.xml b/pom.xml index aef95ccf8..62d9a69b2 100644 --- a/pom.xml +++ b/pom.xml @@ -124,6 +124,7 @@ Copyright (c) 2012 - Jeremy Long UTF-8 UTF-8 github + 1.7.12 @@ -366,6 +367,16 @@ Copyright (c) 2012 - Jeremy Long commons-io 2.4 + + org.slf4j + slf4j-api + ${slf4j.version} + + + org.slf4j + slf4j-simple + ${slf4j.version} + junit junit