Uploaded image for project: 'Log4j 2'
  1. Log4j 2
  2. LOG4J2-2578

RequestContextMappings should ignore private and instance fields

Agile BoardAttach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Blocker
    • Resolution: Fixed
    • Log4j-Audit 1.0.1
    • Log4j-Audit 1.0.2
    • Log4j-Audit
    • None

    • Java 11

    • Patch

    Description

      RequestContextMappings inspects the user defined class passed as a constructor parameter, but it checks all fields, instead of just the public static ones (at least that's what I understand it should do).

      In Java 8 the issue is covered by catching an IllegalAccessException when accessing the field value, but in Java 11 this throws a NullPointerException for non-static fields.

      The proposed solution would be to replace clazz.getDeclaredFields() with clazz.getFields(), to obtain only the accessible public fields, and then check them to process only the static ones.

      Attachments

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            Unassigned Unassigned
            shadow Andrei Ivanov
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

              Estimated:
              Original Estimate - Not Specified
              Not Specified
              Remaining:
              Remaining Estimate - 0h
              0h
              Logged:
              Time Spent - 0.5h
              0.5h

              Slack

                Issue deployment