Comments (4)
@jvz I was looking into this. How do you suggest we check for a parametrized message, by doing countArgumentPlaceholders(msg) > 0
?
from logging-log4j2.
@adwsingh, that sounds about right.
I marked you as "assignee" to prevent other contributors to work on it. It's not an obligation.
from logging-log4j2.
@ppkarwasz after reading the docs I am not so sure of my implementation anymore as I think it would break users.
In docs we specify,
The message pattern passed to a FormattedMessage is first checked to see if it is a valid java.text.MessageFormat pattern. If it is, a MessageFormatMessage is used to format it. If not it is next checked to see if it contains any tokens that are valid format specifiers for String.format(). If so, a StringFormattedMessage is used to format it. Finally, if the pattern doesn't match either of those then a ParameterizedMessage is used to format it.
For a message like logger.error("Test message {} %s", "abc");
, we would now log Test message abc %s
instead of Test message {} abc
, which would go against what we specify in the docs.
from logging-log4j2.
Yes, it is a breaking change to silence Code scanning alert #51: checking for an unescaped {}
is much faster than checking for a java.util.Formatter
format specifier.
I believe we can change the documentation to state:
The message factory supports the following format specifiers:
- those specified by
java.text.MessageFormat
,- those specified by
java.util.Formatter
,{}
placeholders (cf.ParameterizedMessage
).
Mixing specifier from these 3 categories is not supported.
BTW: The regex we use currently is identical to java.util.Formatter.formatSpecifier
used by the JRE, so this does not change anything security-wise.
from logging-log4j2.
Related Issues (20)
- Revamp the `Configuration` page HOT 2
- Revamp the `Lookups` page
- Revamp the `Layouts` page
- Revamp the `Appenders` page HOT 1
- Revamp the `Filters` page
- Revamp the `Extending` page
- Revamp the `Plugins` page
- Create a `Troubleshooting` page
- Revamp the `Performance` page
- Revamp the `Asynchronous logging` page
- Revamp the `API` page
- Uniform handling of location and URIs HOT 1
- [MS14] Documentation revamp 1/5
- [MS15] Documentation revamp 2/5
- [MS16] Documentation revamp 3/5
- [MS17] Documentation revamp 4/5
- [MS18] Documentation revamp 5/5
- Revamp the `Web Applications` page
- Implement uniform password "encryption/decryption" mechanism HOT 2
- When logging from multiple threads, an appender can be broken until app restart if it rolls over HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from logging-log4j2.