Skip to content

Commit 6e7dcce

Browse files
fhanikduanemay
authored andcommitted
Add new-defaults counterpart tests for security fix defaults
For each of the 12 tests that were failing due to the security commits, add a parallel counterpart that exercises the new default behavior: - redirect_uri.matching_mode: exact (allow_unsafe_matching: false) - logging_level: INFO - extended log redaction pattern (code=, access_token=, refresh_token=, id_token= in addition to password= and client_secret=) New compare fixtures (8 files): - bosh-lite-uaa-defaults.yml, bosh-lite-log4j2-defaults.properties - all-properties-set-uaa-defaults.yml, all-properties-set-log4j2-defaults.properties - test-defaults-uaa-defaults.yml, test-defaults-log4j2-defaults.properties - deprecated-properties-still-work-uaa-defaults.yml - default-log4j2-template-defaults.properties New spec examples (12 total): - 4 fixture-comparison contexts (bosh-lite, all-properties-set, test-defaults, deprecated-properties-still-work) with new-defaults before blocks (matching_mode=exact, logging_level=INFO) - 1 unit test: "when not set by the user, defaults to false (exact)" - 4 logging-format timestamp tests (rfc3339, rfc3339-legacy, deprecated, not-set) against the INFO-level template fixture All 321 examples pass.
1 parent 1efed7b commit 6e7dcce

9 files changed

Lines changed: 2195 additions & 1 deletion
Lines changed: 85 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,85 @@
1+
status = error
2+
dest = err
3+
name = UaaLog
4+
5+
property.log_directory = /var/vcap/sys/log/uaa
6+
property.log_pattern=[%d{yyyy-MM-dd'T'HH:mm:ss.nnnnnn}{GMT+0}Z] uaa%X{context} - %pid [%t] - [%X{traceId},%X{spanId}] .... %5p --- %c{1}: %replace{%m}{(?<=password=|client_secret=|code=|access_token=|refresh_token=|id_token=)([^&\s]*)}{<redacted>}%n
7+
8+
appender.uaaDefaultAppender.type = File
9+
appender.uaaDefaultAppender.name = UaaDefaultAppender
10+
appender.uaaDefaultAppender.fileName = ${log_directory}/uaa.log
11+
appender.uaaDefaultAppender.layout.type = PatternLayout
12+
appender.uaaDefaultAppender.layout.pattern = ${log_pattern}
13+
14+
appender.uaaAuditAppender.type = File
15+
appender.uaaAuditAppender.name = UaaAuditAppender
16+
appender.uaaAuditAppender.fileName = ${log_directory}/uaa_events.log
17+
appender.uaaAuditAppender.layout.type = PatternLayout
18+
appender.uaaAuditAppender.layout.pattern = ${log_pattern}
19+
20+
rootLogger.level = info
21+
rootLogger.appenderRef.uaaDefaultAppender.ref = UaaDefaultAppender
22+
23+
logger.UAAAudit.name = UAA.Audit
24+
logger.UAAAudit.level = info
25+
logger.UAAAudit.additivity = true
26+
logger.UAAAudit.appenderRef.auditEventLog.ref = UaaAuditAppender
27+
28+
29+
# These loggers have a configurable level
30+
logger.cfIdentity.name = org.cloudfoundry.identity
31+
logger.cfIdentity.level = INFO
32+
logger.cfIdentity.additivity = false
33+
logger.cfIdentity.appenderRef.uaaDefaultAppender.ref = UaaDefaultAppender
34+
35+
logger.springSecurity.name = org.springframework.security
36+
logger.springSecurity.level = INFO
37+
logger.springSecurity.additivity = false
38+
logger.springSecurity.appenderRef.uaaDefaultAppender.ref = UaaDefaultAppender
39+
40+
logger.springJdbc.name = org.springframework.jdbc
41+
logger.springJdbc.level = INFO
42+
logger.springJdbc.additivity = false
43+
logger.springJdbc.appenderRef.uaaDefaultAppender.ref = UaaDefaultAppender
44+
45+
46+
# These loggers have a fixed level of "info"
47+
logger.springWebStandardServletEnvironment.name = org.springframework.web.context.support.StandardServletEnvironment
48+
logger.springWebStandardServletEnvironment.level = info
49+
logger.springWebStandardServletEnvironment.additivity = false
50+
logger.springWebStandardServletEnvironment.appenderRef.uaaDefaultAppender.ref = UaaDefaultAppender
51+
52+
logger.apacheHttpWire.name = org.apache.http.wire
53+
logger.apacheHttpWire.level = info
54+
logger.apacheHttpWire.additivity = false
55+
logger.apacheHttpWire.appenderRef.uaaDefaultAppender.ref = UaaDefaultAppender
56+
57+
logger.springAopAspectJExpressionPointcut.name = org.springframework.aop.aspectj.AspectJExpressionPointcut
58+
logger.springAopAspectJExpressionPointcut.level = info
59+
logger.springAopAspectJExpressionPointcut.additivity = false
60+
logger.springAopAspectJExpressionPointcut.appenderRef.uaaDefaultAppender.ref = UaaDefaultAppender
61+
62+
logger.springBeansDefaultListableBeanFactory.name = org.springframework.beans.factory.support.DefaultListableBeanFactory
63+
logger.springBeansDefaultListableBeanFactory.level = info
64+
logger.springBeansDefaultListableBeanFactory.additivity = false
65+
logger.springBeansDefaultListableBeanFactory.appenderRef.uaaDefaultAppender.ref = UaaDefaultAppender
66+
67+
logger.springBeansDisposableBeanAdaptor.name = org.springframework.beans.factory.support.DisposableBeanAdapter
68+
logger.springBeansDisposableBeanAdaptor.level = info
69+
logger.springBeansDisposableBeanAdaptor.additivity = false
70+
logger.springBeansDisposableBeanAdaptor.appenderRef.uaaDefaultAppender.ref = UaaDefaultAppender
71+
72+
logger.springSecurityLdapAuthenticationProvider.name = org.springframework.security.ldap.authentication.LdapAuthenticationProvider
73+
logger.springSecurityLdapAuthenticationProvider.level = info
74+
logger.springSecurityLdapAuthenticationProvider.additivity = false
75+
logger.springSecurityLdapAuthenticationProvider.appenderRef.uaaDefaultAppender.ref = UaaDefaultAppender
76+
77+
logger.springSecurityFilterBasedUserSearch.name = org.springframework.security.ldap.search.FilterBasedLdapUserSearch
78+
logger.springSecurityFilterBasedUserSearch.level = info
79+
logger.springSecurityFilterBasedUserSearch.additivity = false
80+
logger.springSecurityFilterBasedUserSearch.appenderRef.uaaDefaultAppender.ref = UaaDefaultAppender
81+
82+
logger.springWeb.name = org.springframework.web
83+
logger.springWeb.level = info
84+
logger.springWeb.additivity = false
85+
logger.springWeb.appenderRef.uaaDefaultAppender.ref = UaaDefaultAppender

0 commit comments

Comments
 (0)