Add new LogBox configuration option to disallow serializing complex objects

A new top level config item named `allowSerializingComplexObjects` controls
whether LogBox will attempt to serialize and log out complex objects
in `extraInfo` arguments.  Defaults to `true`.  Turning this to `false`
can catch instances where large you using lots of processing time converting
objects to XML or JSON unnecessarily.  Removing these can increase
performance and stability of running applications.

Author: elpete

system/logging/LogBox.cfc

@@ -179,10 +179,11 @@ component accessors="true" {
 		var rootConfig = variables.config.getRoot();
 		// Create Root Logger
 		var args       = {
-			category  : "ROOT",
-			levelMin  : rootConfig.levelMin,
-			levelMax  : rootConfig.levelMax,
-			appenders : getAppendersMap( rootConfig.appenders )
+			category                       : "ROOT",
+			levelMin                       : rootConfig.levelMin,
+			levelMax                       : rootConfig.levelMax,
+			appenders                      : getAppendersMap( rootConfig.appenders ),
+			allowSerializingComplexObjects : variables.config.getAllowSerializingComplexObjects()
 		};
 
 		// Save in Registry
@@ -257,9 +258,10 @@ component accessors="true" {
 			root = locateCategoryParentLogger( arguments.category );
 			// Build it out as per Root logger
 			args = {
-				category : arguments.category,
-				levelMin : root.getLevelMin(),
-				levelMax : root.getLevelMax()
+				category                       : arguments.category,
+				levelMin                       : root.getLevelMin(),
+				levelMax                       : root.getLevelMax(),
+				allowSerializingComplexObjects : variables.config.getAllowSerializingComplexObjects()
 			};
 		}
 

system/logging/Logger.cfc

@@ -31,6 +31,14 @@ component accessors="true" {
 	 */
 	property name="levelMax";
 
+	/**
+	 * Allow Serializing Complex Objects
+	 */
+	property
+		name   ="allowSerializingComplexObjects"
+		type   ="boolean"
+		default="true";
+
 	// The log levels enum as a public property
 	this.logLevels = new coldbox.system.logging.LogLevels();
 
@@ -44,14 +52,16 @@ component accessors="true" {
 	 */
 	function init(
 		required category,
-		numeric levelMin = 0,
-		numeric levelMax = 4,
-		struct appenders = {}
+		numeric levelMin                       = 0,
+		numeric levelMax                       = 4,
+		struct appenders                       = {},
+		boolean allowSerializingComplexObjects = true
 	){
 		// Save Properties
-		variables.rootLogger = "";
-		variables.category   = arguments.category;
-		variables.appenders  = arguments.appenders;
+		variables.rootLogger                     = "";
+		variables.category                       = arguments.category;
+		variables.appenders                      = arguments.appenders;
+		variables.allowSerializingComplexObjects = arguments.allowSerializingComplexObjects;
 
 		// Logger Logging Level defaults, which is wideeeee open!
 		variables.levelMin = arguments.levelMin;
@@ -326,6 +336,14 @@ component accessors="true" {
 		required severity,
 		extraInfo = ""
 	){
+		if ( !variables.allowSerializingComplexObjects && checkForComplexObjects( arguments.extraInfo ) ) {
+			throw(
+				message = "Attempted to log a complex object in the extraInfo parameter, but it is disallowed.",
+				detail  = "Log Message: #arguments.message#; Log Severity: #arguments.severity#",
+				type    = "Logger.SerializingComplexObjectException"
+			);
+		}
+
 		var target = this;
 
 		// Verify severity, if invalid, default to INFO
@@ -456,4 +474,46 @@ component accessors="true" {
 		return canLog( this.logLevels.DEBUG );
 	}
 
+	private boolean function checkForComplexObjects( required any value ){
+		if ( isNull( arguments.value ) ) {
+			return false;
+		}
+
+		if ( isSimpleValue( arguments.value ) ) {
+			return false;
+		}
+
+		// If the object has a $toString() method, then we consider it safe
+		if ( isObject( arguments.value ) AND structKeyExists( arguments.value, "$toString" ) ) {
+			return false;
+		}
+
+		// CFML Exceptions are safe
+		if ( isCFMLException( arguments.value ) ) {
+			return false;
+		}
+
+		if ( isArray( arguments.value ) ) {
+			return arraySome( arguments.value, function( v ){
+				return checkForComplexObjects( v );
+			} );
+		}
+
+		if ( isStruct( arguments.value ) ) {
+			return structSome( arguments.value, function( k, v ){
+				return checkForComplexObjects( v );
+			} );
+		}
+
+		return true;
+	}
+
+	private boolean function isCFMLException( required any value ){
+		return ( isObject( arguments.value ) || isStruct( arguments.value ) ) && (
+			structKeyExists( arguments.value, "stacktrace" ) &&
+			structKeyExists( arguments.value, "message" ) &&
+			structKeyExists( arguments.value, "detail" )
+		);
+	}
+
 }

system/logging/config/LogBoxConfig.cfc

@@ -26,6 +26,14 @@ component accessors="true" {
 	 */
 	property name="rootLogger" type="struct";
 
+	/**
+	 * Flag to allow serializing complex objects in `extraInfo`.
+	 */
+	property
+		name   ="allowSerializingComplexObjects"
+		type   ="boolean"
+		default="true";
+
 	// The log levels enum as a public property
 	this.logLevels = new coldbox.system.logging.LogLevels();
 	// Startup the configuration
@@ -128,6 +136,10 @@ component accessors="true" {
 			OFF( argumentCollection = getUtil().arrayToStruct( logBoxDSL.off ) );
 		}
 
+		if ( structKeyExists( logBoxDSL, "allowSerializingComplexObjects" ) ) {
+			variables.allowSerializingComplexObjects = logBoxDSL.allowSerializingComplexObjects;
+		}
+
 		return this;
 	}
 

tests/specs/logging/LoggerTest.cfc

@@ -128,6 +128,69 @@
 					expect( mockAppender.$callLog().logmessage ).toBeEmpty();
 				} );
 			} );
+
+			describe( "can control serializing complex objects", function(){
+				beforeEach( function( currentSpec ){
+					// MockAppender
+					mockAppender = createStub()
+						.$( "getName", "MockAppender" )
+						.$( "isInitialized", true )
+						.$( "canLog", true )
+						.$( "getProperty", false )
+						.$( "logmessage" );
+					logger.addAppender( mockAppender );
+				} );
+
+				afterEach( function(){
+					logger.setAllowSerializingComplexObjects( true ); // reset to default
+				} );
+
+				it( "allows serializing complex objects by default", function(){
+					expect( function(){
+						logger.logMessage(
+							"This is a closure message",
+							"info",
+							new tests.resources.base1()
+						);
+					} ).notToThrow( type = "Logger.SerializingComplexObjectException" );
+				} );
+
+				it( "can disallow serializing complex objects", function(){
+					logger.setAllowSerializingComplexObjects( false );
+					expect( function(){
+						logger.logMessage(
+							"This is a closure message",
+							"info",
+							new tests.resources.base1()
+						);
+					} ).toThrow( type = "Logger.SerializingComplexObjectException" );
+				} );
+
+				it( "can find complex objects inside structs", () => {
+					logger.setAllowSerializingComplexObjects( false );
+					expect( function(){
+						logger.logMessage(
+							"This is a closure message",
+							"info",
+							{
+								"simple" : "value",
+								"nested" : { "array" : [ "values", "are", "okay" ] }
+							}
+						);
+					} ).notToThrow( type = "Logger.SerializingComplexObjectException" );
+
+					expect( function(){
+						logger.logMessage(
+							"This is a closure message",
+							"info",
+							{
+								"simple" : "value",
+								"nested" : { "complex" : new tests.resources.base1() }
+							}
+						);
+					} ).toThrow( type = "Logger.SerializingComplexObjectException" );
+				} );
+			} );
 		} );
 	}