[NCITERM-874] Apache log4j Security Vulnerabilities.

NCIEVS · Dec 17, 2021 · ae846fa · ae846fa
1 parent 36a5b8d
commit ae846fa
Show file tree

Hide file tree

Showing 70 changed files with 224 additions and 226 deletions.
diff --git a/software/ncitbrowser/lib/log4j-1.2.15.jar b/software/ncitbrowser/lib/log4j-1.2.15.jar
diff --git a/software/ncitbrowser/lib/log4j-api-2.16.0.jar b/software/ncitbrowser/lib/log4j-api-2.16.0.jar
diff --git a/software/ncitbrowser/lib/log4j-core-2.16.0.jar b/software/ncitbrowser/lib/log4j-core-2.16.0.jar
diff --git a/software/ncitbrowser/src/java/gov/nih/nci/evs/browser/bean/CartActionBean.java b/software/ncitbrowser/src/java/gov/nih/nci/evs/browser/bean/CartActionBean.java
@@ -32,7 +32,7 @@
 
 import org.LexGrid.concepts.Entity;
 
-import org.apache.log4j.Logger;
+//import org.apache.log4j.Logger;
 import org.LexGrid.naming.Mappings;
 import org.LexGrid.naming.SupportedCodingScheme;
 import org.LexGrid.naming.SupportedNamespace;
@@ -73,6 +73,7 @@
 import org.LexGrid.naming.SupportedHierarchy;
 import gov.nih.nci.evs.browser.utils.*;
 
+import org.apache.logging.log4j.*;
 
 /**
  * <!-- LICENSE_TEXT_START -->
@@ -124,7 +125,7 @@
 public class CartActionBean {
 
     // Local class variables
-    private static Logger _logger = Logger.getLogger(CartActionBean.class);
+	private static Logger _logger = LogManager.getLogger(CartActionBean.class);
     private String _entity = null;
     private String _codingScheme = null;
     private HashMap<String, Concept> _cart = null;

diff --git a/software/ncitbrowser/src/java/gov/nih/nci/evs/browser/bean/IteratorBean.java b/software/ncitbrowser/src/java/gov/nih/nci/evs/browser/bean/IteratorBean.java
@@ -5,7 +5,7 @@
 
 import org.LexGrid.LexBIG.Utility.Iterators.*;
 import org.LexGrid.LexBIG.DataModel.Core.*;
-import org.apache.log4j.*;
+import org.apache.logging.log4j.*;
 
 import gov.nih.nci.evs.browser.common.*;
 import gov.nih.nci.evs.browser.properties.*;
@@ -63,7 +63,7 @@
 //public class IteratorBean extends Object implements Serializable {
 public class IteratorBean extends Object implements Serializable {
 	static final long serialVersionUID = 13L;
-    private static Logger _logger = Logger.getLogger(IteratorBean.class);
+	private static Logger _logger = LogManager.getLogger(IteratorBean.class);
     private static int DEFAULT_MAX_RETURN = 100;
     private ResolvedConceptReferencesIterator _iterator = null;
     private int _size = 0;

diff --git a/software/ncitbrowser/src/java/gov/nih/nci/evs/browser/bean/LicenseBean.java b/software/ncitbrowser/src/java/gov/nih/nci/evs/browser/bean/LicenseBean.java
@@ -4,7 +4,7 @@
 
 import org.LexGrid.LexBIG.DataModel.Core.*;
 import org.LexGrid.LexBIG.LexBIGService.*;
-import org.apache.log4j.*;
+import org.apache.logging.log4j.*;
 
 import gov.nih.nci.evs.browser.utils.*;
 import gov.nih.nci.evs.browser.properties.*;
@@ -60,7 +60,7 @@
  */
 
 public class LicenseBean extends Object {
-    private static Logger _logger = Logger.getLogger(LicenseBean.class);
+	private static Logger _logger = LogManager.getLogger(LicenseBean.class);
     private HashSet _licenseAgreementHashSet = null;
 
     public LicenseBean() {

diff --git a/software/ncitbrowser/src/java/gov/nih/nci/evs/browser/bean/OntologyBean.java b/software/ncitbrowser/src/java/gov/nih/nci/evs/browser/bean/OntologyBean.java
@@ -11,7 +11,7 @@
 import org.LexGrid.codingSchemes.*;
 import org.LexGrid.naming.*;
 import org.LexGrid.LexBIG.Impl.Extensions.GenericExtensions.*;
-import org.apache.log4j.*;
+import org.apache.logging.log4j.*;
 
 import org.LexGrid.relations.AssociationPredicate;
 import org.LexGrid.relations.Relations;
@@ -60,7 +60,7 @@
  */
 
 public class OntologyBean {
-    private static Logger _logger = Logger.getLogger(OntologyBean.class);
+	private static Logger _logger = LogManager.getLogger(OntologyBean.class);
     private static List _rela_list = null;
     private static List _association_name_list = null;
     private static List _property_name_list = null;

diff --git a/software/ncitbrowser/src/java/gov/nih/nci/evs/browser/bean/ResolvedValueSetIteratorBean.java b/software/ncitbrowser/src/java/gov/nih/nci/evs/browser/bean/ResolvedValueSetIteratorBean.java
@@ -5,7 +5,7 @@
 
 import org.LexGrid.LexBIG.Utility.Iterators.*;
 import org.LexGrid.LexBIG.DataModel.Core.*;
-import org.apache.log4j.*;
+import org.apache.logging.log4j.*;
 
 import gov.nih.nci.evs.browser.common.*;
 import gov.nih.nci.evs.browser.properties.*;
@@ -62,7 +62,7 @@
 
 //public class ResolvedValueSetIteratorBean extends Object implements Serializable {
 public class ResolvedValueSetIteratorBean extends Object {
-    private static Logger _logger = Logger.getLogger(ResolvedValueSetIteratorBean.class);
+	private static Logger _logger = LogManager.getLogger(ResolvedValueSetIteratorBean.class);
     private static int DEFAULT_MAX_RETURN = 100;
     private ListIterator _iterator = null;
     private int _size = 0;

diff --git a/software/ncitbrowser/src/java/gov/nih/nci/evs/browser/bean/Resources.properties b/software/ncitbrowser/src/java/gov/nih/nci/evs/browser/bean/Resources.properties
diff --git a/software/ncitbrowser/src/java/gov/nih/nci/evs/browser/bean/Resources_en-us.properties b/software/ncitbrowser/src/java/gov/nih/nci/evs/browser/bean/Resources_en-us.properties
diff --git a/software/ncitbrowser/src/java/gov/nih/nci/evs/browser/bean/Resources_en.properties b/software/ncitbrowser/src/java/gov/nih/nci/evs/browser/bean/Resources_en.properties
diff --git a/software/ncitbrowser/src/java/gov/nih/nci/evs/browser/bean/Resources_es.properties b/software/ncitbrowser/src/java/gov/nih/nci/evs/browser/bean/Resources_es.properties
diff --git a/software/ncitbrowser/src/java/gov/nih/nci/evs/browser/bean/Resources_fr.properties b/software/ncitbrowser/src/java/gov/nih/nci/evs/browser/bean/Resources_fr.properties
diff --git a/software/ncitbrowser/src/java/gov/nih/nci/evs/browser/bean/SearchStatusBean.java b/software/ncitbrowser/src/java/gov/nih/nci/evs/browser/bean/SearchStatusBean.java
@@ -7,7 +7,7 @@
 import javax.faces.model.*;
 import javax.servlet.http.*;
 
-import org.apache.log4j.*;
+import org.apache.logging.log4j.*;
 
 import gov.nih.nci.evs.browser.utils.*;
 
@@ -69,7 +69,7 @@
  */
 
 public class SearchStatusBean extends Object {
-    private static Logger _logger = Logger.getLogger(SearchStatusBean.class);
+	private static Logger _logger = LogManager.getLogger(SearchStatusBean.class);
     private String _codingSchemeName = null;
     private String _version = null;
 

diff --git a/software/ncitbrowser/src/java/gov/nih/nci/evs/browser/bean/UserSessionBean.java b/software/ncitbrowser/src/java/gov/nih/nci/evs/browser/bean/UserSessionBean.java
@@ -20,7 +20,7 @@
 import gov.nih.nci.evs.browser.properties.*;
 import gov.nih.nci.evs.browser.common.*;
 import gov.nih.nci.evs.searchlog.*;
-import org.apache.log4j.*;
+import org.apache.logging.log4j.*;
 
 import org.LexGrid.LexBIG.caCore.interfaces.LexEVSDistributed;
 import org.lexgrid.valuesets.LexEVSValueSetDefinitionServices;
@@ -87,7 +87,7 @@
  */
 
 public class UserSessionBean extends Object {
-    private static Logger _logger = Logger.getLogger(UserSessionBean.class);
+	private static Logger _logger = LogManager.getLogger(UserSessionBean.class);
 
     private static String _contains_warning_msg =
         "(WARNING: Only a subset of results may appear due to current limits in the terminology server (see Known Issues on the Help page).)";

diff --git a/software/ncitbrowser/src/java/gov/nih/nci/evs/browser/bean/ValueSetBean.java b/software/ncitbrowser/src/java/gov/nih/nci/evs/browser/bean/ValueSetBean.java
@@ -23,7 +23,7 @@
 import org.LexGrid.codingSchemes.*;
 import org.LexGrid.naming.*;
 import org.LexGrid.LexBIG.Impl.Extensions.GenericExtensions.*;
-import org.apache.log4j.*;
+import org.apache.logging.log4j.*;
 import javax.faces.event.ValueChangeEvent;
 
 import org.LexGrid.LexBIG.caCore.interfaces.LexEVSDistributed;
@@ -92,7 +92,7 @@
  */
 
 public class ValueSetBean {
-    private static Logger _logger = Logger.getLogger(ValueSetBean.class);
+	private static Logger _logger = LogManager.getLogger(ValueSetBean.class);
     private static List _rela_list = null;
     private static List _association_name_list = null;
     private static List _property_name_list = null;

diff --git a/software/ncitbrowser/src/java/gov/nih/nci/evs/browser/formatter/AsciiToHtmlFormatter.java b/software/ncitbrowser/src/java/gov/nih/nci/evs/browser/formatter/AsciiToHtmlFormatter.java
@@ -4,7 +4,7 @@
 import java.io.*;
 import java.util.*;
 
-import org.apache.log4j.*;
+import org.apache.logging.log4j.*;
 
 /**
  * <!-- LICENSE_TEXT_START -->
@@ -63,8 +63,7 @@ public class AsciiToHtmlFormatter extends FileFormatterBase
 
 
 
-    private static Logger _logger = Logger
-        .getLogger(AsciiToHtmlFormatter.class);
+	private static Logger _logger = LogManager.getLogger(AsciiToHtmlFormatter.class);
 
     public Boolean convert(String textfile, String delimiter) throws Exception {
         return convert2(textfile, "htm", delimiter);

diff --git a/software/ncitbrowser/src/java/gov/nih/nci/evs/browser/formatter/AsciiToTextFormatter.java b/software/ncitbrowser/src/java/gov/nih/nci/evs/browser/formatter/AsciiToTextFormatter.java
@@ -5,7 +5,7 @@
 import java.io.*;
 import java.util.*;
 
-import org.apache.log4j.*;
+import org.apache.logging.log4j.*;
 
 /**
  * <!-- LICENSE_TEXT_START -->
@@ -56,8 +56,7 @@
 
 public class AsciiToTextFormatter extends FileFormatterBase implements
         FormatterConstant {
-    private static Logger _logger = Logger
-        .getLogger(AsciiToTextFormatter.class);
+	private static Logger _logger = LogManager.getLogger(AsciiToTextFormatter.class);
 
     public Boolean convert(String textfile, String delimiter) throws Exception {
         return convert2(textfile, "edt", delimiter);

diff --git a/software/ncitbrowser/src/java/gov/nih/nci/evs/browser/formatter/FileFormatterBase.java b/software/ncitbrowser/src/java/gov/nih/nci/evs/browser/formatter/FileFormatterBase.java
@@ -3,7 +3,7 @@
 import java.io.*;
 import java.util.*;
 
-import org.apache.log4j.*;
+import org.apache.logging.log4j.*;
 
 /**
  * <!-- LICENSE_TEXT_START -->
@@ -55,7 +55,7 @@
 public abstract class FileFormatterBase {
 
 
-    protected static final Logger _logger = Logger.getLogger(FileFormatterBase.class);
+	private static Logger _logger = LogManager.getLogger(FileFormatterBase.class);
 
     public abstract Boolean convert(String textfile, String delimiter)
             throws Exception;

diff --git a/software/ncitbrowser/src/java/gov/nih/nci/evs/browser/formatter/UrlAsciiToHtmlFormatter.java b/software/ncitbrowser/src/java/gov/nih/nci/evs/browser/formatter/UrlAsciiToHtmlFormatter.java
@@ -3,7 +3,7 @@
 import java.io.*;
 import java.net.*;
 
-import org.apache.log4j.*;
+import org.apache.logging.log4j.*;
 
 /**
  * <!-- LICENSE_TEXT_START -->
@@ -56,8 +56,7 @@ public class UrlAsciiToHtmlFormatter extends AsciiToHtmlFormatter implements
         FormatterConstant {
 */
 public class UrlAsciiToHtmlFormatter extends AsciiToHtmlFormatter {
-    private static Logger _logger = Logger
-        .getLogger(UrlAsciiToHtmlFormatter.class);
+	private static Logger _logger = LogManager.getLogger(UrlAsciiToHtmlFormatter.class);
     private String _value = "";
 
     protected Boolean convert2(String textfile, String toExt, String delimiter)

diff --git a/software/ncitbrowser/src/java/gov/nih/nci/evs/browser/formatter/UrlAsciiToTextFormatter.java b/software/ncitbrowser/src/java/gov/nih/nci/evs/browser/formatter/UrlAsciiToTextFormatter.java
@@ -3,7 +3,7 @@
 import java.io.*;
 import java.net.*;
 
-import org.apache.log4j.*;
+import org.apache.logging.log4j.*;
 
 /**
  * <!-- LICENSE_TEXT_START -->
@@ -57,8 +57,7 @@ public class UrlAsciiToTextFormatter extends AsciiToTextFormatter implements
 */
 public class UrlAsciiToTextFormatter extends AsciiToTextFormatter {
 
-    private static Logger _logger = Logger
-        .getLogger(UrlAsciiToTextFormatter.class);
+	private static Logger _logger = LogManager.getLogger(UrlAsciiToTextFormatter.class);
 
     protected Boolean convert2(String textfile, String toExt, String delimiter)
             throws Exception {

diff --git a/software/ncitbrowser/src/java/gov/nih/nci/evs/browser/properties/NCItBrowserProperties.java b/software/ncitbrowser/src/java/gov/nih/nci/evs/browser/properties/NCItBrowserProperties.java
@@ -1,7 +1,7 @@
 package gov.nih.nci.evs.browser.properties;
 
 import java.util.*;
-import org.apache.log4j.*;
+import org.apache.logging.log4j.*;
 import gov.nih.nci.evs.browser.common.*;
 import gov.nih.nci.evs.browser.utils.*;
 import org.LexGrid.LexBIG.LexBIGService.LexBIGService;
@@ -59,8 +59,7 @@
  */
 
 public class NCItBrowserProperties {
-    private static Logger _logger =
-        Logger.getLogger(NCItBrowserProperties.class);
+	private static Logger _logger = LogManager.getLogger(NCItBrowserProperties.class);
     private static List _displayItemList;
     private static List _metadataElementList;
     private static List _defSourceMappingList;

diff --git a/software/ncitbrowser/src/java/gov/nih/nci/evs/browser/properties/PropertyFileParser.java b/software/ncitbrowser/src/java/gov/nih/nci/evs/browser/properties/PropertyFileParser.java
@@ -5,7 +5,7 @@
 
 import javax.xml.parsers.*;
 
-import org.apache.log4j.*;
+import org.apache.logging.log4j.*;
 import org.w3c.dom.*;
 import org.xml.sax.*;
 
@@ -62,7 +62,7 @@
  */
 
 public class PropertyFileParser {
-    private static Logger _logger = Logger.getLogger(PropertyFileParser.class);
+	private static Logger _logger = LogManager.getLogger(PropertyFileParser.class);
     private List _displayItemList;
     private HashMap _configurableItemMap;
 

diff --git a/software/ncitbrowser/src/java/gov/nih/nci/evs/browser/properties/StandardFtpReportInfo.java b/software/ncitbrowser/src/java/gov/nih/nci/evs/browser/properties/StandardFtpReportInfo.java
@@ -4,7 +4,7 @@
 
 import java.util.*;
 
-import org.apache.log4j.*;
+import org.apache.logging.log4j.*;
 
 /**
  * <!-- LICENSE_TEXT_START -->
@@ -54,8 +54,7 @@
  */
 
 public class StandardFtpReportInfo {
-    private static Logger _logger = Logger
-        .getLogger(StandardFtpReportInfo.class);
+	private static Logger _logger = LogManager.getLogger(StandardFtpReportInfo.class);
     private String _name = "";
     private String _url = "";
     private Vector<Integer> _ncitColumns = new Vector<Integer>();

diff --git a/...are/ncitbrowser/src/java/gov/nih/nci/evs/browser/properties/ValueSetDefinitionConfig.java b/...are/ncitbrowser/src/java/gov/nih/nci/evs/browser/properties/ValueSetDefinitionConfig.java
@@ -6,7 +6,7 @@
 import java.util.Map;
 import java.util.Map.Entry;
 
-import org.apache.log4j.*;
+import org.apache.logging.log4j.*;
 
 import gov.nih.nci.evs.browser.bean.ValueSetConfig;
 import gov.nih.nci.evs.browser.common.*;
@@ -69,8 +69,7 @@ public class ValueSetDefinitionConfig {
     private static String vsd_config_file = null;
     private static HashSet uriHset = null;
     private static HashMap code2URIHashMap = null;
-    private static Logger _logger =
-        Logger.getLogger(ValueSetDefinitionConfig.class);
+	private static Logger _logger = LogManager.getLogger(ValueSetDefinitionConfig.class);
 
     static {
 		long ms = System.currentTimeMillis();

diff --git a/software/ncitbrowser/src/java/gov/nih/nci/evs/browser/servlet/AjaxServlet.java b/software/ncitbrowser/src/java/gov/nih/nci/evs/browser/servlet/AjaxServlet.java
@@ -15,7 +15,7 @@
 import javax.servlet.*;
 import javax.servlet.http.*;
 
-import org.apache.log4j.*;
+import org.apache.logging.log4j.*;
 
 import gov.nih.nci.evs.browser.properties.*;
 import static gov.nih.nci.evs.browser.common.Constants.*;
@@ -29,7 +29,7 @@
 import org.LexGrid.codingSchemes.*;
 import org.LexGrid.naming.*;
 import org.LexGrid.LexBIG.Impl.Extensions.GenericExtensions.*;
-import org.apache.log4j.*;
+import org.apache.logging.log4j.*;
 import javax.faces.event.ValueChangeEvent;
 
 import org.LexGrid.LexBIG.caCore.interfaces.LexEVSDistributed;
@@ -129,7 +129,7 @@
  */
 
 public final class AjaxServlet extends HttpServlet {
-    private static Logger _logger = Logger.getLogger(AjaxServlet.class);
+	private static Logger _logger = LogManager.getLogger(AjaxServlet.class);
     //CodingSchemeDataUtils csdu = null;
     //ValueSetDefUtils vsdu = null;
     boolean show_released_file_button = false;