You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@logging.apache.org by GitBox <gi...@apache.org> on 2021/12/01 05:43:57 UTC

[GitHub] [logging-log4j2] remkop commented on a change in pull request #608: Restrict LDAP access via JNDI

remkop commented on a change in pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#discussion_r759869682



##########
File path: log4j-core/src/main/java/org/apache/logging/log4j/core/net/JndiManager.java
##########
@@ -17,31 +17,76 @@
 
 package org.apache.logging.log4j.core.net;
 
+import java.io.Serializable;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
 import java.util.Properties;
 import java.util.concurrent.TimeUnit;
 
 import javax.naming.Context;
-import javax.naming.InitialContext;
+import javax.naming.NameClassPair;
+import javax.naming.NamingEnumeration;
 import javax.naming.NamingException;
+import javax.naming.Referenceable;
+import javax.naming.directory.Attribute;
+import javax.naming.directory.Attributes;
+import javax.naming.directory.DirContext;
+import javax.naming.directory.InitialDirContext;
 
 import org.apache.logging.log4j.core.appender.AbstractManager;
 import org.apache.logging.log4j.core.appender.ManagerFactory;
 import org.apache.logging.log4j.core.util.JndiCloser;
+import org.apache.logging.log4j.core.util.NetUtils;
+import org.apache.logging.log4j.util.PropertiesUtil;
 
 /**
- * Manages a JNDI {@link javax.naming.Context}.
+ * Manages a JNDI {@link javax.naming.directory.DirContext}.
  *
  * @since 2.1
  */
 public class JndiManager extends AbstractManager {
 
+    public static final String ALLOWED_HOSTS = "allowedLdapHosts";
+    public static final String ALLOWED_CLASSES = "allowedLdapClasses";
+
     private static final JndiManagerFactory FACTORY = new JndiManagerFactory();
+    private static final String PREFIX = "log4j2.";
+    private static final List<String> permanentAllowedHosts = new ArrayList<>();
+    private static final List<String> permanentAllowedClasses = new ArrayList<>();

Review comment:
       I agree with @carterkozak that lower-case feels more appropriate since these are not immutable lists.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@logging.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org