Java – How to write an slf4j logger that adds an esapi filter for all parameters

How to write an slf4j logger that adds an esapi filter for all parameters… here is a solution to the problem.

How to write an slf4j logger that adds an esapi filter for all parameters

We use the SLF4J interface, and our logger configuration is in the logback.xml file.

We have a parameter that needs to filter all the parameters sent to the logger through the ESAPI html encoding filter. The ugly solution is to simply use “ESAPI.getEncoder().encodeForHTML(..)” Wrap every parameter, but a better solution requires steps that I haven’t fully mastered yet.

I’ve seen Implement Custom Logger with slf4j and OWASP-ESAPI logger help needed . The first option in the first answer seems interesting, but I don’t quite understand what that means, or how to implement it.

I

think the first post provided information on how to implement a custom logger, but I needed a custom recorder that just provided a look on top of the “default” recorder (whatever that means).

Solution

The latest version of ESAPI (2.2.0.0) includes support for SLF4J. For more information, see the release notes: https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.2.0.0-release-notes.txt

If you have questions about how to use it, please post to the list of ESAPI users referenced in ESAPI README.md, displayed in the https://github.com/ESAPI/esapi-java-legacy

Related Problems and Solutions

  1. How do I implement a method reference as a predicate?
  2. Removed ActionBar in API below 11
  3. Write data to a remote text file in Android
  4. Java Generic Map in a Generic class put throws `incompatible types: T cannot be converted to T` error
  5. Should I use one global Retrofit instance or create one for every request in Android?
  6. Android In App Billing public key in a public repository
  7. Get a JVM method call
  8. Android Studio, Java 8, and functions