Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clean up Log4J xml-spam #1460

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Clean up Log4J xml-spam #1460

wants to merge 2 commits into from

Conversation

kd8lvt
Copy link

@kd8lvt kd8lvt commented Oct 6, 2022

Purpose

Log4J xml-spam has been an issue since the l4j RCE exploit was discovered a while ago. It makes reading logs at runtime harder, if not impossible, for end-users and makes modpack development take longer unnecessarily.

Approach

I'm parsing the raw XML log4j spits out through string manipulation. It's not the most elegant (or fastest) solution, but we're already using console.log, so speed went out the window a while ago, and I don't know nearly enough about regex to use it in a production setting. Future revisions could clean this up, but for now it's functional.

I very specifically decided not to parse messages coming through stderr, because if you're reading error messages you probably know how to sift through xml anyways.

Open Questions and Pre-Merge TODOs

  • As far as I know, this should be fully functional for any version of Minecraft. I've used it over the last couple months with 1.16+, 1.7.10, and 1.12.2 - so at least the major modded versions are working.

Learning

All of this was done from memory, it's very simple Vanilla JS. I did the bulk of development in the Electron dev tools, rather than in an actual development environment, because I wasn't originally planning on doing a PR, then decided other people would probably benefit from having this tiny tweak.
In the future, I might do an additional PR to clean this up using regex rather than string manipulation, which would involve much more learning, as I don't know nearly enough regex to do something like this.

kd8lvt added 2 commits October 5, 2022 15:58
@kd8lvt
Add Log4J xml parsing
c622173 
I got tired of trying to decode xml-vomit in my head and made a snippet to paste into the console when opening GDL.
Just decided to commit it so other people can have clean-looking logs too. Tested to work with 1.16+ - not sure about anything older.
@kd8lvt
Merge pull request #1 from kd8lvt/kd8lvt-add-log4j-parsing
5ed6df9 
Add Log4J xml parsing
@CLAassistant
Copy link

CLAassistant commented Oct 6, 2022
edited
Loading

CLA assistant check
All committers have signed the CLA.

@Eskaan Eskaan linked an issue Oct 20, 2022 that may be closed by this pull request
Log4j message formatting #1239
Open
Eskaan
Eskaan requested changes Jan 20, 2023
View reviewed changes
Copy link
Collaborator

@Eskaan Eskaan left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would prefer a solution that our log4shell hotfix, and forces a safe version of log4j again (I think we just don't download it at all atm).

@Eskaan Eskaan added Type: Bug Non fatal problems who can be ignored/worked around Status: Awaiting Feedback This will be closed whitout feedback. labels Jan 20, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Eskaan Eskaan Eskaan requested changes

Assignees
No one assigned
Labels
Status: Awaiting Feedback This will be closed whitout feedback. Type: Bug Non fatal problems who can be ignored/worked around
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Log4j message formatting
3 participants
@kd8lvt @CLAassistant @Eskaan