更改OWasp CSRFGuard的日志记录级别
更改OWasp CSRFGuard的日志记录级别
提问于 2020-02-11 20:23:29
我已经成功地在我的Java应用程序中安装了OWasp CSRFGuard。
我的CSRFGuard.Properties文件包含以下内容:
# Logger
#
# The logger property (org.owasp.csrfguard.Logger) defines the qualified class name of
# the object responsible for processing all log messages produced by CSRFGuard. The default
# CSRFGuard logger is org.owasp.csrfguard.log.ConsoleLogger. This class logs all messages
# to System.out which JavaEE application servers redirect to a vendor specific log file.
# Developers can customize the logging behavior of CSRFGuard by implementing the
# org.owasp.csrfguard.log.ILogger interface and setting the logger property to the new
# logger's qualified class name. The following configuration snippet instructs OWASP CSRFGuard
# to capture all log messages to the console:
#
# org.owasp.csrfguard.Logger=org.owasp.csrfguard.log.ConsoleLogger
org.owasp.csrfguard.Logger=org.owasp.csrfguard.log.JavaLogger我可以从https://www.javatips.net/api/OWASP-CSRFGuard-master/csrfguard/src/main/java/org/owasp/csrfguard/log/JavaLogger.java看到不同的日志记录级别
LOGGER.log(Level.FINEST, exception.getLocalizedMessage(), exception);
break;
case Debug:
LOGGER.log(Level.FINE, exception.getLocalizedMessage(), exception);
break;
case Info:
LOGGER.log(Level.INFO, exception.getLocalizedMessage(), exception);
break;
case Warning:
LOGGER.log(Level.WARNING, exception.getLocalizedMessage(), exception);
break;
case Error:
LOGGER.log(Level.WARNING, exception.getLocalizedMessage(), exception);
break;
case Fatal:
LOGGER.log(Level.SEVERE如何将CSRFGuard.Properties中的日志记录级别更改为目前仅显示Level.WARNING,每个请求都会被分析和记录。
INFO: CsrfGuard analyzing request example.com/examplepage.jsp回答 1
Stack Overflow用户
回答已采纳
发布于 2020-07-08 23:12:10
替换CSRFGuard.Properties中的以下行
org.owasp.csrfguard.Logger=org.owasp.csrfguard.log.JavaLogger使用
org.owasp.csrfguard.Logger=com.myPackage.MyLogger并添加一个新类,如下所示(基于this code),在MyLogger()构造函数中设置所需的日志级别(在下面的示例中,我将最低日志级别设置为Level.WARNING)
package com.myPackage
import java.util.logging.Level;
import java.util.logging.Logger;
import org.owasp.csrfguard.log.LogLevel;
public class MyLogger implements org.owasp.csrfguard.log.ILogger {
private static final long serialVersionUID = 1L;
private final static Logger LOGGER = Logger.getLogger("Owasp.CsrfGuard");
public MyLogger() {
LOGGER.setLevel(Level.WARNING);
}
@Override
public void log(String msg) {
LOGGER.info(msg.replaceAll("(\\r|\\n)", ""));
}
@Override
public void log(LogLevel level, String msg) {
// Remove CR and LF characters to prevent CRLF injection
String sanitizedMsg = msg.replaceAll("(\\r|\\n)", "");
switch(level) {
case Trace:
LOGGER.finest(sanitizedMsg);
break;
case Debug:
LOGGER.fine(sanitizedMsg);
break;
case Info:
LOGGER.info(sanitizedMsg);
break;
case Warning:
LOGGER.warning(sanitizedMsg);
break;
case Error:
LOGGER.warning(sanitizedMsg);
break;
case Fatal:
LOGGER.severe(sanitizedMsg);
break;
default:
throw new RuntimeException("unsupported log level " + level);
}
}
@Override
public void log(Exception exception) {
LOGGER.log(Level.WARNING, exception.getLocalizedMessage(), exception);
}
@Override
public void log(LogLevel level, Exception exception) {
switch(level) {
case Trace:
LOGGER.log(Level.FINEST, exception.getLocalizedMessage(), exception);
break;
case Debug:
LOGGER.log(Level.FINE, exception.getLocalizedMessage(), exception);
break;
case Info:
LOGGER.log(Level.INFO, exception.getLocalizedMessage(), exception);
break;
case Warning:
LOGGER.log(Level.WARNING, exception.getLocalizedMessage(), exception);
break;
case Error:
LOGGER.log(Level.WARNING, exception.getLocalizedMessage(), exception);
break;
case Fatal:
LOGGER.log(Level.SEVERE, exception.getLocalizedMessage(), exception);
break;
default:
throw new RuntimeException("unsupported log level " + level);
}
}
}页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/60168711
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号