[
https://issues.apache.org/jira/browse/LOG4J2-2578?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andrei Ivanov updated LOG4J2-2578:
----------------------------------
Flags: Patch
> RequestContextMappings should ignore private and instance fields
> ----------------------------------------------------------------
>
> Key: LOG4J2-2578
> URL: https://issues.apache.org/jira/browse/LOG4J2-2578
> Project: Log4j 2
> Issue Type: Bug
> Components: Log4j-Audit
> Affects Versions: Log4j-Audit 1.0.1
> Environment: Java 11
> Reporter: Andrei Ivanov
> Priority: Blocker
> Time Spent: 10m
> Remaining Estimate: 0h
>
> {{RequestContextMappings}} inspects the user defined
> [class|https://github.com/apache/logging-log4j-audit-sample/blob/master/audit-service-war/src/main/java/org/apache/logging/log4j/audit/service/RequestContext.java]
> passed as a constructor parameter, but it checks
> [all|https://github.com/apache/logging-log4j-audit/blob/master/log4j-audit/log4j-audit-api/src/main/java/org/apache/logging/log4j/audit/request/RequestContextMappings.java#L58]
> fields, instead of just the *public static* ones (at least that's what I
> understand it should do).
> In Java 8 the issue is covered by catching an {{IllegalAccessException}} when
> accessing the field value, but in Java 11 this throws a
> {{NullPointerException}} for non-static fields.
> The proposed solution would be to replace {{clazz.getDeclaredFields()}} with
> {{clazz.getFields()}}, to obtain only the accessible public fields, and then
> check them to process only the *static* ones.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
