From e30d2fe72b983971ec49ff64ab3700786b0ad610 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Mat=C3=A8rne?= Date: Mon, 22 Jan 2018 12:49:14 +0100 Subject: [PATCH 1/7] run OWASP-checks against our dependencies (draft) --- check.xml | 190 ++++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 143 insertions(+), 47 deletions(-) diff --git a/check.xml b/check.xml index 550952238..83e16a5ad 100644 --- a/check.xml +++ b/check.xml @@ -15,7 +15,7 @@ See the License for the specific language governing permissions and limitations under the License. --> - + Check Ants codebase against certain code styleguide rules using @@ -34,35 +34,48 @@ - - - - - - - - - + - - + + + + + + + + + - - - - - - @@ -73,13 +86,26 @@ value="${rat.report.dir}/report.html" description="RAT-Report file"/> + + + + + - + @@ -92,21 +118,30 @@ - - - - - - - - - - - + + + Found antlr on the classpath. + Having a wrong antlr version on the same classpath as Checkstyle may produce errors like + 'Can't find/access AST Node typecom.puppycrawl.tools.checkstyle.api.DetailAST' + Skip running Checkstyle. + + + + + + + + + + + + + + - + @@ -119,7 +154,7 @@ - + @@ -130,7 +165,7 @@ ${report} - + @@ -145,11 +180,34 @@ - + + + + + + + + + + + + + + + + + + + + + + + + - + @@ -163,15 +221,15 @@ - + - - + - + - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From 8b737f07f655a7a0db8661534b7fefb160b0668a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Mat=C3=A8rne?= Date: Mon, 22 Jan 2018 11:03:10 +0100 Subject: [PATCH 2/7] update Log4J dependency --- src/etc/poms/ant-apache-log4j/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/etc/poms/ant-apache-log4j/pom.xml b/src/etc/poms/ant-apache-log4j/pom.xml index 27f9eb71e..b9b558e32 100644 --- a/src/etc/poms/ant-apache-log4j/pom.xml +++ b/src/etc/poms/ant-apache-log4j/pom.xml @@ -44,7 +44,7 @@ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/ma log4j log4j - 1.2.14 + 1.2.17 compile From 7a6d765e011398468e4b755b4b5acba0fc6ef41f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Mat=C3=A8rne?= Date: Mon, 22 Jan 2018 11:13:32 +0100 Subject: [PATCH 3/7] deprecate Log4jListener --- manual/listeners.html | 9 +++++++-- .../org/apache/tools/ant/listener/Log4jListener.java | 7 +++++-- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/manual/listeners.html b/manual/listeners.html index 2015cd521..673106f5b 100644 --- a/manual/listeners.html +++ b/manual/listeners.html @@ -97,7 +97,11 @@ listeners and loggers.

org.apache.tools.ant.listener.Log4jListener - Passes events to Log4j for highly customizable logging. + + Passes events to Apache Log4j for highly customizable logging.
+ Deprecated: Apache Log4j (1) is not developed any more. Last + release is 1.2.17 from 26-May-2012 and contains vulnerability issues. + BuildListener @@ -364,6 +368,8 @@ Background is one of the following:

Log4jListener

+

Deprecated: Apache Log4j (1) is not developed any more. Last +release is 1.2.17 from 26-May-2012 and contains vulnerability issues.

Passes build events to Log4j, using the full classname's of the generator of each build event as the category:

    @@ -436,7 +442,6 @@ is declared at all.

    -

    TimestampedLogger

    Acts like the default logger, except that the final success/failure message also includes diff --git a/src/main/org/apache/tools/ant/listener/Log4jListener.java b/src/main/org/apache/tools/ant/listener/Log4jListener.java index 501b511d3..3a3cce5d4 100644 --- a/src/main/org/apache/tools/ant/listener/Log4jListener.java +++ b/src/main/org/apache/tools/ant/listener/Log4jListener.java @@ -28,9 +28,12 @@ import org.apache.tools.ant.Task; /** - * Listener which sends events to Log4j logging system - * + * Listener which sends events to Log4j logging system. + * @deprecated Apache Log4j (1) is not developed any more. Last + * release is 1.2.17 from 26-May-2012 and contains vulnerability issues. + * Use the standard listener or your own custom listener instead. */ +@Deprecated public class Log4jListener implements BuildListener { /** Indicates if the listener was initialized. */ From aba4643a3847d8af8ba5cbfe4a0ad418dcf5c293 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Mat=C3=A8rne?= Date: Mon, 22 Jan 2018 14:54:08 +0100 Subject: [PATCH 4/7] enhance documentation "write a custom logger" --- manual/develop.html | 45 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/manual/develop.html b/manual/develop.html index ed06d3011..31add6a90 100644 --- a/manual/develop.html +++ b/manual/develop.html @@ -466,6 +466,8 @@ implementing class name to the default.properties file in the org.apache.tools.ant.taskdefs package. Then you can use it as if it were a built-in task.

    + +

    Build Events

    Ant is capable of generating build events as it performs the tasks necessary to build a project. @@ -522,6 +524,49 @@ been configured.

    simultaneously - for example while Ant is executing a <parallel> task.

    + + + + +

    Example

    +Writing an adapter to your favourite log library is very easy. +Just implent the BuildListener interface, instantiate your logger and delegate +the message to that instance.
    +When starting your build provide your adapter class and the log library to the +build classpath and activate your logger via -listener option as +described above. + +
    +
    +public class MyLogAdapter implements BuildListener {
+
+    private MyLogger getLogger() {
+        final MyLogger log = MyLoggerFactory.getLogger(Project.class.getName());
+        return log;
+    }
+
+    @Override
+    public void buildStarted(final BuildEvent event) {
+        final MyLogger log = getLogger();
+        log.info("Build started.");
+    }
+
+    @Override
+    public void buildFinished(final BuildEvent event) {
+        final MyLogger logger = getLogger();
+        MyLogLevelEnum loglevel = ... // map event.getPriority() to enum via Project.MSG_* constants
+        boolean allOK = event.getException() == null;
+        String logmessage = ... // create log message using data of the event and the message invoked
+        logger.log(loglevel, logmessage);
+    }
+
+    // implement all methods in that way
+}
+
    +
    + + +

    Source code integration

    From 1465c4581ace84548ec9dfc487d62cfec14d84ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Mat=C3=A8rne?= Date: Tue, 23 Jan 2018 10:14:27 +0100 Subject: [PATCH 5/7] clarify version vs. reference --- manual/listeners.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manual/listeners.html b/manual/listeners.html index 673106f5b..bbb03e05d 100644 --- a/manual/listeners.html +++ b/manual/listeners.html @@ -99,7 +99,7 @@ listeners and loggers.

    org.apache.tools.ant.listener.Log4jListener Passes events to Apache Log4j for highly customizable logging.
    - Deprecated: Apache Log4j (1) is not developed any more. Last + Deprecated: Apache Log4j (1.x) is not developed any more. Last release is 1.2.17 from 26-May-2012 and contains vulnerability issues. BuildListener From 6bb1f2f0593de7582aba8f190a74eaf8e96fb8c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Mat=C3=A8rne?= Date: Tue, 23 Jan 2018 13:40:16 +0100 Subject: [PATCH 6/7] make the Log4j 1.2 Bridge work --- .../tools/ant/listener/Log4jListener.java | 138 ++++++++---------- 1 file changed, 59 insertions(+), 79 deletions(-) diff --git a/src/main/org/apache/tools/ant/listener/Log4jListener.java b/src/main/org/apache/tools/ant/listener/Log4jListener.java index 3a3cce5d4..4adf7961a 100644 --- a/src/main/org/apache/tools/ant/listener/Log4jListener.java +++ b/src/main/org/apache/tools/ant/listener/Log4jListener.java @@ -15,11 +15,9 @@ * limitations under the License. * */ - package org.apache.tools.ant.listener; import org.apache.log4j.Logger; -import org.apache.log4j.helpers.NullEnumeration; import org.apache.tools.ant.BuildEvent; import org.apache.tools.ant.BuildListener; import org.apache.tools.ant.Project; @@ -44,27 +42,21 @@ public class Log4jListener implements BuildListener { */ public static final String LOG_ANT = "org.apache.tools.ant"; - /** - * Construct the listener and make sure there is a valid appender. - */ - public Log4jListener() { - final Logger log = Logger.getLogger(LOG_ANT); - final Logger rootLog = Logger.getRootLogger(); - initialized = !(rootLog.getAllAppenders() instanceof NullEnumeration); - if (!initialized) { - log.error("No log4j.properties in build area"); - } - } + /** + * Construct the listener + */ + public Log4jListener() { + // trigger the log4j initialization (if at all it's not yet initialized) + final Logger log = Logger.getLogger(LOG_ANT); + } /** * @see BuildListener#buildStarted * {@inheritDoc}. */ public void buildStarted(final BuildEvent event) { - if (initialized) { - final Logger log = Logger.getLogger(Project.class.getName()); - log.info("Build started."); - } + final Logger log = Logger.getLogger(Project.class.getName()); + log.info("Build started."); } /** @@ -72,13 +64,11 @@ public class Log4jListener implements BuildListener { * {@inheritDoc}. */ public void buildFinished(final BuildEvent event) { - if (initialized) { - final Logger log = Logger.getLogger(Project.class.getName()); - if (event.getException() == null) { - log.info("Build finished."); - } else { - log.error("Build finished with error.", event.getException()); - } + final Logger log = Logger.getLogger(Project.class.getName()); + if (event.getException() == null) { + log.info("Build finished."); + } else { + log.error("Build finished with error.", event.getException()); } } @@ -87,10 +77,8 @@ public class Log4jListener implements BuildListener { * {@inheritDoc}. */ public void targetStarted(final BuildEvent event) { - if (initialized) { - final Logger log = Logger.getLogger(Target.class.getName()); - log.info("Target \"" + event.getTarget().getName() + "\" started."); - } + final Logger log = Logger.getLogger(Target.class.getName()); + log.info("Target \"" + event.getTarget().getName() + "\" started."); } /** @@ -98,15 +86,13 @@ public class Log4jListener implements BuildListener { * {@inheritDoc}. */ public void targetFinished(final BuildEvent event) { - if (initialized) { - final String targetName = event.getTarget().getName(); - final Logger cat = Logger.getLogger(Target.class.getName()); - if (event.getException() == null) { - cat.info("Target \"" + targetName + "\" finished."); - } else { - cat.error("Target \"" + targetName - + "\" finished with error.", event.getException()); - } + final String targetName = event.getTarget().getName(); + final Logger cat = Logger.getLogger(Target.class.getName()); + if (event.getException() == null) { + cat.info("Target \"" + targetName + "\" finished."); + } else { + cat.error("Target \"" + targetName + + "\" finished with error.", event.getException()); } } @@ -115,11 +101,9 @@ public class Log4jListener implements BuildListener { * {@inheritDoc}. */ public void taskStarted(final BuildEvent event) { - if (initialized) { - final Task task = event.getTask(); - final Logger log = Logger.getLogger(task.getClass().getName()); - log.info("Task \"" + task.getTaskName() + "\" started."); - } + final Task task = event.getTask(); + final Logger log = Logger.getLogger(task.getClass().getName()); + log.info("Task \"" + task.getTaskName() + "\" started."); } /** @@ -127,15 +111,13 @@ public class Log4jListener implements BuildListener { * {@inheritDoc}. */ public void taskFinished(final BuildEvent event) { - if (initialized) { - final Task task = event.getTask(); - final Logger log = Logger.getLogger(task.getClass().getName()); - if (event.getException() == null) { - log.info("Task \"" + task.getTaskName() + "\" finished."); - } else { - log.error("Task \"" + task.getTaskName() - + "\" finished with error.", event.getException()); - } + final Task task = event.getTask(); + final Logger log = Logger.getLogger(task.getClass().getName()); + if (event.getException() == null) { + log.info("Task \"" + task.getTaskName() + "\" finished."); + } else { + log.error("Task \"" + task.getTaskName() + + "\" finished with error.", event.getException()); } } @@ -145,37 +127,35 @@ public class Log4jListener implements BuildListener { */ /** {@inheritDoc}. */ public void messageLogged(final BuildEvent event) { - if (initialized) { - Object categoryObject = event.getTask(); + Object categoryObject = event.getTask(); + if (categoryObject == null) { + categoryObject = event.getTarget(); if (categoryObject == null) { - categoryObject = event.getTarget(); - if (categoryObject == null) { - categoryObject = event.getProject(); - } + categoryObject = event.getProject(); } + } - final Logger log - = Logger.getLogger(categoryObject.getClass().getName()); - switch (event.getPriority()) { - case Project.MSG_ERR: - log.error(event.getMessage()); - break; - case Project.MSG_WARN: - log.warn(event.getMessage()); - break; - case Project.MSG_INFO: - log.info(event.getMessage()); - break; - case Project.MSG_VERBOSE: - log.debug(event.getMessage()); - break; - case Project.MSG_DEBUG: - log.debug(event.getMessage()); - break; - default: - log.error(event.getMessage()); - break; - } + final Logger log + = Logger.getLogger(categoryObject.getClass().getName()); + switch (event.getPriority()) { + case Project.MSG_ERR: + log.error(event.getMessage()); + break; + case Project.MSG_WARN: + log.warn(event.getMessage()); + break; + case Project.MSG_INFO: + log.info(event.getMessage()); + break; + case Project.MSG_VERBOSE: + log.debug(event.getMessage()); + break; + case Project.MSG_DEBUG: + log.debug(event.getMessage()); + break; + default: + log.error(event.getMessage()); + break; } } } From a1258d875c22ee4b3d666ab6fdb9178a6e5136ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Mat=C3=A8rne?= Date: Tue, 23 Jan 2018 14:25:19 +0100 Subject: [PATCH 7/7] document how to use the Log4j 1.2 Bridge --- manual/listeners.html | 39 +++++++++++++++++++++++++++++++++++++-- 1 file changed, 37 insertions(+), 2 deletions(-) diff --git a/manual/listeners.html b/manual/listeners.html index bbb03e05d..e201638a6 100644 --- a/manual/listeners.html +++ b/manual/listeners.html @@ -418,6 +418,41 @@ log4j.appender.LogFile.file=build.log

    For more information about configuring Log4J see its documentation page.

    +

    Using the Log4j 1.2 Bridge

    +You could use the Log4j Bridge +if your application is written against the Log4j (1.x) API, but you want to use the Log4j 2.x runtime. +For using the bridge with Ant you have to add +
      +
    • log4j-1.2-api-${log4j.version}.jar
      • +
    • log4j-api-${log4j.version}.jar
      • +
    • log4j-core-${log4j.version}.jar
      • +
    • log4j2.xml
      • +
    +to your classpath (e.g. via the -lib option). +Translating the 1.x properties file into the 2.x xml syntax would result in +
    +
    <?xml version="1.0" encoding="UTF-8"?>
+<Configuration status="WARN">
+  <Appenders>
+    <File name="file" fileName="build.log">
+      <PatternLayout>
+        <Pattern>[%6r] %8c{1} : %m%n</Pattern>
+      </PatternLayout>
+    </File>
+  </Appenders>
+  <Loggers>
+    <Root level="ERROR">
+      <AppenderRef ref="file" level="DEBUG"/>
+    </Root>
+    <Logger name="org.apache.tools.ant.Project" level="INFO"/>
+    <Logger name="org.apache.tools.ant.Project" level="INFO"/>
+    <Logger name="org.apache.tools.ant.taskdefs" level="INFO"/>
+    <Logger name="org.apache.tools.ant.taskdefs.Echo" level="WARN"/>
+  </Loggers>
+</Configuration>
+
    +
    +

    XmlLogger

    @@ -605,7 +640,7 @@ developers.

    • - A listener or logger should not write to standard output or error in the messageLogged() method; + A listener or logger should not write to standard output or error in the messageLogged() method; Ant captures these internally and it will trigger an infinite loop.
    • @@ -613,7 +648,7 @@ developers.

      the output is processed. Slow logging means a slow build.
    • When a build is started, and BuildListener.buildStarted(BuildEvent event) is called, - the project is not fully functional. The build has started, yes, and the event.getProject() method call + the project is not fully functional. The build has started, yes, and the event.getProject() method call returns the Project instance, but that project is initialized with JVM and ant properties, nor has it parsed the build file yet. You cannot call Project.getProperty() for property lookup, or Project.getName() to get the project name (it will return null).