Hi All, This was added for a security fix [1] and was discussed at security-leads@ [2]. So the present fix affects to the existing appenders (CarbonConsoleAppender, CarbonDailyRollingFileAppender, MemoryAppender). The other option that we could have done is to extend the existing appenders and introduce a Secured set of appenders such that only those will sanitize the logging message. But, with the present fix I'm afraid that other than configuring the appender at log4j.properties to some in built log4j appender we won't be able to get rid of this sanitization logic at logging.
[1] https://support.wso2.com/jira/browse/SECINTDEV-5 [2] 'Preventing CRLF Injection when logging' Thanks, Malithi. On Wed, Nov 18, 2015 at 3:05 PM, Viraj Senevirathne <[email protected]> wrote: > Hi Krishantha, > > We have observed that* Log Mediator in ESB* is affected due to this > change. If there are new lines in the message payload it very inconvenient > and hard to read the logs. And user cannot see actual payload as it is, > because this functionality change the message log. > > Thanks, > > On Wed, Nov 18, 2015 at 2:58 PM, Sajith Ariyarathna <[email protected]> > wrote: > >> Hi All, >> >> We are using carbon.kernel.version 4.4.2 in MDM 2.0.0 SNAPSHOT and we >> face the same problem (new lines are replaced with underscores in logs). >> Because of this behavior, it is very hard to debug/find problems by reading >> error logs. Is there any way to by pass/stop this behavior without patching >> the carbon kernel? >> >> Thanks. >> >> On Fri, Oct 30, 2015 at 11:57 AM, Viraj Senevirathne <[email protected]> >> wrote: >> >>> Hi Kasun, >>> >>> It seems that it has happened due to this commit >>> https://github.com/wso2/carbon-kernel/commit/e0b6ae7d9f4cdee2f0bf3744b2a3ce02c3b808bf >>> . We removed it and patched the kernel then issue was resolved. What can we >>> do about this? >>> >>> Thank You, >>> >>> On Fri, Oct 30, 2015 at 9:15 AM, Kasun Gajasinghe <[email protected]> >>> wrote: >>> >>>> Can you guys go through recent commits to org.wso2.carbon.logging >>>> component and find out if any of those caused this issue? >>>> >>>> On Oct 29, 2015, at 9:23 PM, Jagath Sisirakumara Ariyarathne < >>>> [email protected]> wrote: >>>> >>>> Hi Carbon Team, >>>> >>>> Any thought to figure out the issue is much appreciated. >>>> >>>> Thanks. >>>> >>>> On Wed, Oct 28, 2015 at 3:42 PM, Viraj Senevirathne <[email protected]> >>>> wrote: >>>> >>>>> Hi All, >>>>> >>>>> We have upgraded the carbon version in ESB from 4.4.1 to 4.4.2. Then >>>>> we have encountered following issue. >>>>> >>>>> *In carbon.kernel.version 4.4.1 and earlier carbon versions* >>>>> >>>>> TID: [-1234] [] [2015-10-23 16:43:26,614] INFO >>>>> {org.apache.synapse.mediators.builtin.LogMediator} - To: >>>>> /services/sendReciveProxy.sendReciveProxyHttpSoap11Endpoint, WSAction: >>>>> urn:getQuote, SOAPAction: urn:getQuote, MessageID: >>>>> urn:uuid:333b6811-04aa-4c6a-94fb-3edc4d56065d, Direction: request, >>>>> Envelope: <?xml version='1.0' encoding='utf-8'?><soapenv:Envelope >>>>> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:xsd=" >>>>> http://services.samples/xsd"; xmlns:ser="http://services.samples >>>>> "><soapenv:Body> >>>>> <ser:getQuote> >>>>> <!--Optional:--> >>>>> <ser:request> >>>>> <!--Optional:--> >>>>> <xsd:symbol>IBM</xsd:symbol> >>>>> </ser:request> >>>>> </ser:getQuote> >>>>> </soapenv:Body></soapenv:Envelope> >>>>> {org.apache.synapse.mediators.builtin.LogMediator} >>>>> >>>>> *Same log in carbon.kernel.version 4.4.2 * >>>>> >>>>> [2015-10-28 15:38:36,027] INFO - LogMediator To: >>>>> /services/callOutOnly.callOutOnlyHttpSoap11Endpoint, WSAction: >>>>> urn:mediate, >>>>> SOAPAction: urn:mediate, MessageID: >>>>> urn:uuid:61f4b04c-0906-4228-975e-1b8f1be7450d, Direction: request, >>>>> Envelope: <?xml version='1.0' encoding='utf-8'?><soapenv:Envelope >>>>> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:wsa=" >>>>> http://www.w3.org/2005/08/addressing";><soapenv:Body>_ >>>>> <m:placeOrder xmlns:m="http://services.samples";>_ <m:order>_ >>>>> <m:price>3.141593E0</m:price>_ >>>>> <m:quantity>4</m:quantity>_ <m:symbol>IBM</m:symbol>_ >>>>> </m:order>_ </m:placeOrder>_ >>>>> </soapenv:Body></soapenv:Envelope> (Sanitized) >>>>> >>>>> >>>>> As you can see all the new lines are replaced with _ . >>>>> >>>>> What could be the issue here? >>>>> >>>>> Thank you, >>>>> >>>>> -- >>>>> Viraj Senevirathne >>>>> Software Engineer; WSO2, Inc. >>>>> >>>>> Mobile : +94 71 958 0269 >>>>> Email : [email protected] >>>>> >>>> >>>> >>>> >>>> -- >>>> Jagath Ariyarathne >>>> Technical Lead >>>> WSO2 Inc. http://wso2.com/ >>>> Email: [email protected] >>>> Mob : +94 77 386 7048 >>>> >>>> >>> >>> >>> -- >>> Viraj Senevirathne >>> Software Engineer; WSO2, Inc. >>> >>> Mobile : +94 71 958 0269 >>> Email : [email protected] >>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> Sajith Ariyarathna >> Software Engineer; WSO2, Inc.; http://wso2.com/ >> mobile: +94 77 6602284, +94 71 3951048 >> > > > > -- > Viraj Senevirathne > Software Engineer; WSO2, Inc. > > Mobile : +94 71 958 0269 > Email : [email protected] > -- *Malithi Edirisinghe* Senior Software Engineer WSO2 Inc. Mobile : +94 (0) 718176807 [email protected]
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
