Skip to content

Commit

Permalink
Merge branch 'main' of https://github.com/zalando/logbook
Browse files Browse the repository at this point in the history
# Conflicts:
#	.github/CODEOWNERS
#	.github/workflows/build.yaml
#	logbook-parent/pom.xml
#	pom.xml
#	release.sh
  • Loading branch information
Anders Jaensson committed Mar 6, 2023
2 parents 2ae5174 + 1b00c7e commit 8947a7f
Show file tree
Hide file tree
Showing 52 changed files with 2,577 additions and 379 deletions.
Empty file added .github/CODEOWNERS
Empty file.
12 changes: 7 additions & 5 deletions .github/workflows/build.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -20,19 +20,21 @@ jobs:
runs-on: ubuntu-latest
strategy:
matrix:
profile: ['', 'spring4']
profile: ['']
steps:
- name: Checkout
uses: actions/checkout@v1
uses: actions/checkout@v3
- name: Cache
uses: actions/cache@v1
uses: actions/cache@v3
with:
path: ~/.m2
key: m2
- name: Set up JDK
uses: actions/setup-java@v1
uses: actions/setup-java@v3
with:
java-version: 1.8
distribution: temurin
java-version: 17
cache: 'maven'
- name: Compile
run: ./mvnw clean test-compile -B
- name: Test
Expand Down
469 changes: 305 additions & 164 deletions CHANGELOG.md

Large diffs are not rendered by default.

58 changes: 52 additions & 6 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@
[![Stability: Active](https://masterminds.github.io/stability/active.svg)](https://masterminds.github.io/stability/active.html)
![Build Status](https://github.com/zalando/logbook/workflows/build/badge.svg)
[![Coverage Status](https://img.shields.io/coveralls/zalando/logbook/main.svg)](https://coveralls.io/r/zalando/logbook)
[![Code Quality](https://img.shields.io/codacy/grade/1304955ee1cb4597a37267aac596bcb3/main.svg)](https://www.codacy.com/app/whiskeysierra/logbook)
[![Javadoc](http://javadoc.io/badge/org.zalando/logbook-core.svg)](http://www.javadoc.io/doc/org.zalando/logbook-core)
[![Release](https://img.shields.io/github/release/zalando/logbook.svg)](https://github.com/zalando/logbook/releases)
[![Maven Central](https://img.shields.io/maven-central/v/org.zalando/logbook-parent.svg)](https://maven-badges.herokuapp.com/maven-central/org.zalando/logbook-parent)
Expand Down Expand Up @@ -36,8 +35,8 @@ Logbook is ready to use out of the box for most common setups. Even for uncommon
- JAX-RS 2.x Client and Server (optional)
- Netty 4.x (optional)
- OkHttp 2.x **or 3.x** (optional)
- Spring 4.x **or 5.x** (optional)
- Spring Boot 1.x **or 2.x** (optional)
- Spring 5.x** (optional)
- Spring Boot 2.x** (optional)
- Ktor (optional)
- logstash-logback-encoder 5.x (optional)

Expand Down Expand Up @@ -465,6 +464,33 @@ The Common Log Format ([CLF](https://httpd.apache.org/docs/trunk/logs.html#commo
185.85.220.253 - - [02/Aug/2019:08:16:41 0000] "GET /search?q=zalando HTTP/1.1" 200 -
```

##### Extended Log Format

The Extended Log Format ([ELF](https://en.wikipedia.org/wiki/Extended_Log_Format)) is a standardised text file format, like Common Log Format (CLF), that is used by web servers when generating log files, but ELF files provide more information and flexibility. The format is supported via the `ExtendedLogFormatSink`.
Also see [W3C](https://www.w3.org/TR/WD-logfile.html) document.

Default fields:

```text
date time c-ip s-dns cs-method cs-uri-stem cs-uri-query sc-status sc-bytes cs-bytes time-taken cs-protocol cs(User-Agent) cs(Cookie) cs(Referrer)
```

Default log output example:

```text
2019-08-02 08:16:41 185.85.220.253 localhost POST /search ?q=zalando 200 21 20 0.125 HTTP/1.1 "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0" "name=value" "https://example.com/page?q=123"
```

Users may override default fields with their custom fields through the constructor of `ExtendedLogFormatSink`:

```java
new ExtendedLogFormatSink(new DefaultHttpLogWriter(), "date time cs(Custom-Request-Header) sc(Custom-Response-Header)")
```

For Http header fields: `cs(Any-Header)` and `sc(Any-Header)`, users could specify any headers they want to extract from the request.

Other supported fields are listed in the value of `ExtendedLogFormatSink.Field`, which can be put in the custom field expression.

##### cURL

*cURL* is an alternative formatting style, provided by the `CurlHttpLogFormatter` which will render requests as
Expand Down Expand Up @@ -640,7 +666,15 @@ client.execute(producer, new LogbookHttpAsyncResponseConsumer<>(consumer), callb

### HTTP Client 5

The `logbook-httpclient5` module contains both an `HttpRequestInterceptor` and an `HttpResponseInterceptor` to use with the `HttpClient`:
The `logbook-httpclient5` module contains an `ExecHandler` to use with the `HttpClient`:
```java
CloseableHttpClient client = HttpClientBuilder.create()
.addExecInterceptorFirst("Logbook", new LogbookHttpExecHandler(logbook))
.build();
```
The Handler should be added first, such that a compression is performed after logging and decompression is performed before logging.

To avoid a breaking change, there is also an `HttpRequestInterceptor` and an `HttpResponseInterceptor` to use with the `HttpClient`, which works fine as long as compression (or other ExecHandlers) is not used:

```java
CloseableHttpClient client = HttpClientBuilder.create()
Expand Down Expand Up @@ -676,6 +710,18 @@ client.register(new LogbookClientFilter(logbook));
resourceConfig.register(new LogbookServerFilter(logbook));
```

### JDK HTTP Server

The `logbook-jdkserver` module provides support for
[JDK HTTP server](https://docs.oracle.com/javase/8/docs/jre/api/net/httpserver/spec/com/sun/net/httpserver/HttpServer.html)
and contains:

A `LogbookFilter` to be used with the builtin server

```java
httpServer.createContext(path, handler).getFilters().add(new LogbookFilter(logbook))
```

### Netty

The `logbook-netty` module contains:
Expand Down Expand Up @@ -722,7 +768,7 @@ The `logbook-okhttp2` module contains an `Interceptor` to use with version 2.x o

```java
OkHttpClient client = new OkHttpClient();
client.networkInterceptors().add(new LogbookInterceptor(logbook);
client.networkInterceptors().add(new LogbookInterceptor(logbook));
```

If you're expecting gzip-compressed responses you need to register our `GzipInterceptor` in addition.
Expand All @@ -731,7 +777,7 @@ logbook to log compressed binary responses.

```java
OkHttpClient client = new OkHttpClient();
client.networkInterceptors().add(new LogbookInterceptor(logbook);
client.networkInterceptors().add(new LogbookInterceptor(logbook));
client.networkInterceptors().add(new GzipInterceptor());
```

Expand Down
62 changes: 21 additions & 41 deletions cve-suppressions.xml
Original file line number Diff line number Diff line change
@@ -1,44 +1,24 @@
<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<suppress>
<cve>CVE-2018-1258</cve>
<!-- Version clause doesn't match netty -->
<cve>CVE-2019-10797</cve>
<cve>CVE-2019-12814</cve>
<cve>CVE-2020-5421</cve>
<cve>CVE-2020-7712</cve>
<cve>CVE-2020-10663</cve>
<cve>CVE-2020-15824</cve>
</suppress>

<!--
False positive; matches old netty version.
See https://github.com/jeremylong/DependencyCheck/issues/3830
-->
<suppress>
<!-- language=regex -->
<packageUrl regex="true">pkg:maven\/io\.netty\.incubator\/netty-incubator-codec-(classes|native)-quic@0\.0\.24\.Final</packageUrl>
<cve>CVE-2014-3488</cve>
<cve>CVE-2015-2156</cve>
<cve>CVE-2019-16869</cve>
<cve>CVE-2019-20444</cve>
<cve>CVE-2019-20445</cve>
<cve>CVE-2021-37136</cve>
<cve>CVE-2021-37137</cve>
<cve>CVE-2021-21290</cve>
<cve>CVE-2021-21295</cve>
<cve>CVE-2021-21409</cve>
<cve>CVE-2021-43797</cve>
</suppress>

<suppress>
<!-- Related to SecurityContext, which Logbook never uses. -->
<cve>CVE-2021-22112</cve>
<cve>CVE-2021-22118</cve>
</suppress>

<suppress>
<packageUrl regex="true">^pkg:maven/org\.springframework\.security/spring-security-core@4\..*\.RELEASE$</packageUrl>
<vulnerabilityName>BREACH attack possible in CSRF tokens</vulnerabilityName>
</suppress>
<suppress>
<cve>CVE-2021-37533</cve>
<!-- Suppressing until the migration to Spring Framework 6-->
<cve>CVE-2016-1000027</cve>
<!-- False positive -->
<cve>CVE-2020-5408</cve>
<!-- Okhttp2 module uses the latest version of okhttp. The vulnerability is in OkHostnameVerifier.java, which is not used in this library -->
<cve>CVE-2021-0341</cve>
<!-- ktor requires a major upgrade. Suppressing until then -->
<cve>CVE-2021-4277</cve>
<!-- so far jackson-core and json-path don't have bugfix releases yet for that cve -->
<cve>CVE-2022-45688</cve>
</suppress>
<suppress>
<notes><![CDATA[
suppress CVE-2022-45688 only to pkg:maven/org.json/json
]]></notes>
<packageUrl regex="true">^(?!pkg:maven/org\.json/json@).+$</packageUrl>
<!-- Suppressing until https://github.com/jeremylong/DependencyCheck/issues/5502 has been solved -->
<cve>CVE-2022-45688</cve>
</suppress>
</suppressions>
2 changes: 1 addition & 1 deletion logbook-api/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
<dependency>
<groupId>org.organicdesign</groupId>
<artifactId>Paguro</artifactId>
<version>3.1.4</version>
<version>3.10.3</version>
</dependency>
</dependencies>
</project>
Loading

0 comments on commit 8947a7f

Please sign in to comment.