Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Log messages use concatenated strings #265

Open
nzp opened this issue Mar 26, 2025 · 7 comments
Open

Log messages use concatenated strings #265

nzp opened this issue Mar 26, 2025 · 7 comments

Comments

@nzp
Copy link

nzp commented Mar 26, 2025
edited
Loading

It seems that Spring.NET universally logs messages using string concatenation and interpolation instead of log formatting templates. This leads to problems when applications use structured logging in general, and in particular when raw message templates are logged.

For example, if we have an NLog layout (snippet) such as this:

{
    "name": "message",
    "layout": "${message}"
},
{
    "name": "messageTemplate",
    "layout": "${message:raw=true}"
}

A resulting log entry would be:

{
  "time": "2025-03-17 15:55:21.5886",
  "level": "DEBUG",
  "logger": "Spring.Objects.Factory.Support.DefaultListableObjectFactory",
  "message": "Invoking IObjectPostProcessors before initialization of object 'System.Data.OracleClient'",
  "messageTemplate": "Invoking IObjectPostProcessors before initialization of object 'System.Data.OracleClient'"
}

instead of the expected:

{
  "time": "2025-03-17 15:55:21.5886",
  "level": "DEBUG",
  "logger": "Spring.Objects.Factory.Support.DefaultListableObjectFactory",
  "message": "Invoking IObjectPostProcessors before initialization of object 'System.Data.OracleClient'",
  "messageTemplate": "Invoking IObjectPostProcessors before initialization of object '{name}'"
}

This makes template logging unusable for Spring logs (one reason to do this would be to easily categorize messages produces by a particular logging call), but, more importantly, could lead to unexpected sensitive data leakages (e.g. database connection string being logged unsanitized via the logged template because the client app does not expect actual values popping up here).
@lahma
Copy link
Collaborator

lahma commented Mar 27, 2025

This could be quite the undertaking, but PRs are always welcome 👍🏻

@nzp
Copy link
Author

nzp commented Mar 27, 2025

This could be quite the undertaking, but PRs are always welcome 👍🏻

I can imagine it would be quite some work to do. No promises, but would you be open to partial fixes? Maybe we (I'm writing on behalf of my workplace) could identify the most problematic spots and fix those if nothing else.

@lahma
Copy link
Collaborator

lahma commented Mar 27, 2025

Partial is always better than nothing, logging fixes can be incremental. As Spring.NET currently uses Common.Logging, will that be a problem?

@nzp
Copy link
Author

nzp commented Mar 27, 2025

As Spring.NET currently uses Common.Logging, will that be a problem?

It's on my mind, but I'm not sure ATM, especially in our case as it's not really clear to me to what extent Common.Logging plays nice with NLog 5, it would need to be tested. We'll see what can be done.

@lahma
Copy link
Collaborator

lahma commented Mar 27, 2025

I can take look how switching to Microsoft logging abstraction would work when I have the time, Common.Logging is generally a bit of a dead end.

@lahma
Copy link
Collaborator

lahma commented Mar 28, 2025

@nzp main branch now uses MS logging abstractions for logging, so should be good to go for any logging template improvements. Might still be some rough edges and improvements needed though. LogManager.LoggerFactory is your entry point.

@nzp
Copy link
Author

nzp commented Mar 31, 2025

Awesome! Thank you very much for acting on this so quickly! We'll prepare a PR for the template issues, at least the ones that bother us most, as soon as possible.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lahma @nzp