Uploaded image for project: 'Log4j 2'
  1. Log4j 2
  2. LOG4J2-2578

RequestContextMappings should ignore private and instance fields

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Blocker
    • Resolution: Fixed
    • Log4j-Audit 1.0.1
    • Log4j-Audit 1.0.2
    • Log4j-Audit
    • None
    • Java 11

    • Patch

    Description

      RequestContextMappings inspects the user defined class passed as a constructor parameter, but it checks all fields, instead of just the public static ones (at least that's what I understand it should do).

      In Java 8 the issue is covered by catching an IllegalAccessException when accessing the field value, but in Java 11 this throws a NullPointerException for non-static fields.

      The proposed solution would be to replace clazz.getDeclaredFields() with clazz.getFields(), to obtain only the accessible public fields, and then check them to process only the static ones.

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              shadow Andrei Ivanov
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 0.5h
                  0.5h