Uploaded image for project: 'Log4j 2'
  1. Log4j 2
  2. LOG4J2-2578

RequestContextMappings should ignore private and instance fields

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: Log4j-Audit 1.0.1
    • Fix Version/s: Log4j-Audit 1.0.2
    • Component/s: Log4j-Audit
    • Labels:
      None
    • Environment:

      Java 11

    • Flags:
      Patch

      Description

      RequestContextMappings inspects the user defined class passed as a constructor parameter, but it checks all fields, instead of just the public static ones (at least that's what I understand it should do).

      In Java 8 the issue is covered by catching an IllegalAccessException when accessing the field value, but in Java 11 this throws a NullPointerException for non-static fields.

      The proposed solution would be to replace clazz.getDeclaredFields() with clazz.getFields(), to obtain only the accessible public fields, and then check them to process only the static ones.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                shadow Andrei Ivanov
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 0.5h
                  0.5h