How to write an slf4j logger that adds an esapi filter for all parameters
We use the SLF4J interface, and our logger configuration is in the logback.xml file.
We have a parameter that needs to filter all the parameters sent to the logger through the ESAPI html encoding filter. The ugly solution is to simply use “ESAPI.getEncoder().encodeForHTML(..)” Wrap every parameter, but a better solution requires steps that I haven’t fully mastered yet.
I’ve seen Implement Custom Logger with slf4j and OWASP-ESAPI logger help needed . The first option in the first answer seems interesting, but I don’t quite understand what that means, or how to implement it.
I
think the first post provided information on how to implement a custom logger, but I needed a custom recorder that just provided a look on top of the “default” recorder (whatever that means).
Solution
The latest version of ESAPI (2.2.0.0) includes support for SLF4J. For more information, see the release notes: https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.2.0.0-release-notes.txt
If you have questions about how to use it, please post to the list of ESAPI users referenced in ESAPI README.md, displayed in the https://github.com/ESAPI/esapi-java-legacy。