Andrei Ivanov created LOG4J2-2578:
-------------------------------------
Summary: RequestContextMappings should ignore private and instance
fields
Key: LOG4J2-2578
URL: https://issues.apache.org/jira/browse/LOG4J2-2578
Project: Log4j 2
Issue Type: Bug
Components: Log4j-Audit
Affects Versions: Log4j-Audit 1.0.1
Environment: Java 11
Reporter: Andrei Ivanov
{{RequestContextMappings}} inspects the user defined
[class|https://github.com/apache/logging-log4j-audit-sample/blob/master/audit-service-war/src/main/java/org/apache/logging/log4j/audit/service/RequestContext.java]
passed as a constructor parameter, but it checks
[all|https://github.com/apache/logging-log4j-audit/blob/master/log4j-audit/log4j-audit-api/src/main/java/org/apache/logging/log4j/audit/request/RequestContextMappings.java#L58]
fields, instead of just the *public static* ones (at least that's what I
understand it should do).
In Java 8 the issue is covered by catching an {{IllegalAccessException}} when
accessing the field value, but in Java 11 this throws a
{{NullPointerException}} for non-static fields.
The proposed solution would be to replace {{clazz.getDeclaredFields()}} with
{{clazz.getFields()}}, to obtain only the accessible public fields, and then
check them to process only the *static* ones.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
