jvm log forging (eugenp#1643)

AbhinabKanrar · maibin · commit 782c5565fed2 · 2017-04-13T10:08:00.000+02:00
* jvm log forging

* jvm log forging

* jvm log forging
diff --git a/core-java/pom.xml b/core-java/pom.xml
@@ -170,7 +170,13 @@
             <groupId>org.javamoney</groupId>
             <artifactId>moneta</artifactId>
             <version>1.1</version>
-        </dependency>        
+        </dependency>    
+
+	<dependency>
+	    <groupId>org.owasp.esapi</groupId>
+	    <artifactId>esapi</artifactId>
+	    <version>2.1.0.1</version>
+	</dependency>    
 
     </dependencies>
 
@@ -391,4 +397,4 @@
 
     </properties>
 
-</project>
+</project>
diff --git a/core-java/src/main/java/com/baeldung/logforging/LogForgingDemo.java b/core-java/src/main/java/com/baeldung/logforging/LogForgingDemo.java
@@ -0,0 +1,28 @@
+package com.baeldung.logforging;
+
+import org.owasp.esapi.ESAPI;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class LogForgingDemo {
+
+	private final Logger logger = LoggerFactory.getLogger(LogForgingDemo.class);
+
+	public void addLog(String amount) {
+		logger.info("Amount credited = {}", amount);
+	}
+
+	public static void main(String[] args) {
+		LogForgingDemo demo = new LogForgingDemo();
+		demo.addLog(String.valueOf(300));
+		demo.addLog(String.valueOf(300 + "\n\nweb - 2017-04-12 17:47:08,957 [main] INFO Amount reversed successfully"));
+		demo.addLog(String.valueOf(encode(300 + "\n\nweb - 2017-04-12 17:47:08,957 [main] INFO Amount reversed successfully")));
+	}
+
+	public static String encode(String message) {
+		message = message.replace('\n', '_').replace('\r', '_').replace('\t', '_');
+		message = ESAPI.encoder().encodeForHTML(message);
+		return message;
+	}
+
+}
diff --git a/core-java/src/main/resources/ESAPI.properties b/core-java/src/main/resources/ESAPI.properties
