Cookbook Name:
Standardisation on SLF4J
Description:
Recipes to standardise on the SLF4J framework including migrations from other logging frameworks
Owner:
Secure Code Warrior
Number of Recipes:
32
Recipe Name Description Language Level Tags
Dependencies/Maven
Vulnerable Log4j dependency - Log4Shell/CVE-2021-44228/CVE-2021-45046/CVE-2021-45105 Vulnerable Log4j dependency - Log4Shell/CVE-2021-44228/CVE-2021-45046/CVE-2021-45105 xml error Apache MavenLog4jOWASP Top 10SLF4Jbasic protection setframework specificinjectionloggingsecurity
Vulnerable Log4j version property - Log4Shell/CVE-2021-44228/CVE-2021-45046/CVE-2021-45105 Vulnerable Log4j version property - Log4Shell/CVE-2021-44228/CVE-2021-45046/CVE-2021-45105 xml error Apache MavenLog4jOWASP Top 10SLF4Jbasic protection setframework specificinjectionloggingsecurity
Logging/Log4J
Vulnerable Log4j version - Log4Shell/CVE-2021-44228/CVE-2021-45046/CVE-2021-45105 Vulnerable Log4j version - Log4Shell/CVE-2021-44228/CVE-2021-45046/CVE-2021-45105 javakotlin error Log4jOWASP Top 10SLF4Jbasic protection setframework specificinjectionloggingsecurity
Logging/SLF4J
Prevent CRLF injection in SLF4J Encode untrustated data to prevent the log files from CRLF injections java marked_information securitySLF4Jframework specificlogginginjection
Prevent CRLF injection in SLF4J using the Logstash Logback Encoder Encode untrustated data to prevent the log files from CRLF injections java marked_information securitySLF4Jframework specificlogginginjection
SLF4J Logging: Logger modifiers The logger should be a private static final field java marked_information SLF4Jframework specificloggingquality
SLF4J Logging: Naming convention: Reserved logger name The name "logger" should be reserved for the SLF4J logger instance. Use Refactor Rename (Shift+F6) to rename this variable. java marked_information SLF4Jframework specificloggingquality
SLF4J Logging: Naming convention: Standardise logger name The SLF4J logger instance should be named "logger". Use Refactor Rename (Shift+F6) to rename this variable. java marked_information SLF4Jframework specificloggingquality
SLF4J Logging: Print Exceptions using SLF4J instead Standardise on SLF4J by replacing this call java marked_information securitySLF4Jframework specificlogging
SLF4J Logging: System.err Replace System.err.print.* with consistent SLF4J error logging java marked_information SLF4Jframework specificloggingquality
SLF4J Logging: System.out Replace System.out.print.* with consistent SLF4J error logging java marked_information SLF4Jframework specificloggingquality
SLF4J Logging: enforce usage of placeholders in the messages Do not concatenate untrusted data in the message string, instead use placeholders ( '{}' ) java marked_information securitylogginginjectionOWASP Top 10SLF4Jframework specific
Logging/SLF4J/JUL
SLF4J Logging: Replace java.util.logging with SLF4J (Debug) Standardise on SLF4J by replacing this call java marked_information SLF4Jframework specificloggingquality
SLF4J Logging: Replace java.util.logging with SLF4J (Error) Standardise on SLF4J by replacing this call java marked_information SLF4Jframework specificloggingquality
SLF4J Logging: Replace java.util.logging with SLF4J (Info) Standardise on SLF4J by replacing this call java marked_information SLF4Jframework specificloggingquality
SLF4J Logging: Replace java.util.logging with SLF4J (Trace) Standardise on SLF4J by replacing this call java marked_information SLF4Jframework specificloggingquality
SLF4J Logging: Replace java.util.logging with SLF4J (Warning) Standardise on SLF4J by replacing this call java marked_information SLF4Jframework specificloggingquality
Logging/SLF4J/JUL_Log
SLF4J Logging: Replace java.util.logging with SLF4J (Log Debug) Standardise on SLF4J by replacing this call java marked_information SLF4Jframework specificloggingquality
SLF4J Logging: Replace java.util.logging with SLF4J (Log Error) Standardise on SLF4J by replacing this call java marked_information SLF4Jframework specificloggingquality
SLF4J Logging: Replace java.util.logging with SLF4J (Log Info) Standardise on SLF4J by replacing this call java marked_information SLF4Jframework specificloggingquality
SLF4J Logging: Replace java.util.logging with SLF4J (Log Trace) Standardise on SLF4J by replacing this call java marked_information SLF4Jframework specificloggingquality
SLF4J Logging: Replace java.util.logging with SLF4J (Log Warning) Standardise on SLF4J by replacing this call java marked_information SLF4Jframework specificloggingquality
Logging/SLF4J/JUL_Log_Exception
SLF4J Logging: Replace java.util.logging with SLF4J (Log Exception Debug) Standardise on SLF4J by replacing this call java marked_information SLF4Jframework specificloggingquality
SLF4J Logging: Replace java.util.logging with SLF4J (Log Exception Error) Standardise on SLF4J by replacing this call java marked_information SLF4Jframework specificloggingquality
SLF4J Logging: Replace java.util.logging with SLF4J (Log Exception Info) Standardise on SLF4J by replacing this call java marked_information SLF4Jframework specificloggingquality
SLF4J Logging: Replace java.util.logging with SLF4J (Log Exception Trace) Standardise on SLF4J by replacing this call java marked_information SLF4Jframework specificloggingquality
SLF4J Logging: Replace java.util.logging with SLF4J (Log Exception Warning) Standardise on SLF4J by replacing this call java marked_information SLF4Jframework specificloggingquality
Logging/SLF4J/JUL_Log_Object
SLF4J Logging: Replace java.util.logging with SLF4J (Log Object Debug) Standardise on SLF4J by replacing this call java marked_information SLF4Jframework specificloggingquality
SLF4J Logging: Replace java.util.logging with SLF4J (Log Object Error) Standardise on SLF4J by replacing this call java marked_information SLF4Jframework specificloggingquality
SLF4J Logging: Replace java.util.logging with SLF4J (Log Object Info) Standardise on SLF4J by replacing this call java marked_information SLF4Jframework specificloggingquality
SLF4J Logging: Replace java.util.logging with SLF4J (Log Object Trace) Standardise on SLF4J by replacing this call java marked_information SLF4Jframework specificloggingquality
SLF4J Logging: Replace java.util.logging with SLF4J (Log Object Warning) Standardise on SLF4J by replacing this call java marked_information SLF4Jframework specificloggingquality
Markdown badge:
View on Github