Update SLF4J log bridge to allow NULL EventTypes

[Jeff-Walker]

All of the older log bridges allowed a null be passed as the first parameter of the log call. Because of this, we have tons of legacy code that pass a null when they really should have passed Logger.EVENT_UNSPECIFIED. The original log4j bridge allowed it and the newer JUL bridge does.

I will submit a PR for the log bridge to do a null check and choose a sane value based on the log level.

I have a custom log bridge and factory, but I had to cut and paste a lot of code from the official SLF4J code that I'd really rather have this in the code base if possible.

[kwwall]

@Jeff-Walker - Thanks for making us aware of this and volunteering to do a PR. Could I ask you to please assign this ticket to yourself so that we know it's being worked on?

Lastly, FWIW, I am going to be submitting a PR in the next couple of days that updates ESAPI to use AntiSamy 1.7.1. And since that new AntiSamy version uses slf4j:slf4j-api:2.0.0, I will be updating our pom to use that as well. That probably won't make a difference, but if you start testing your PR before my soon-to-be-submitted PR is merged, you might want to make sure it works with slf4j:slf4j-api:2.0.0.

[Jeff-Walker]

Here's the PR https://github.com/ESAPI/esapi-java-legacy/pull/741

Just let me know if I need to review this for the upgrade.

[Jeff-Walker]

Looks like I don't have permission to assign myself.

[kwwall]

Strange. I can't assign you either. NBD though since you have already submitted the PR. I'll look at it tonight.

On Thu, Sep 8, 2022, 12:04 PM Jeff Walker @.***> wrote:

Looks like I don't have permission to assign myself.

— Reply to this email directly, view it on GitHub https://github.com/ESAPI/esapi-java-legacy/issues/740#issuecomment-1240919483, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAO6PG6KQVLX7GYRMLVYJ2TV5IE67ANCNFSM6AAAAAAQH2A56Y . You are receiving this because you commented.Message ID: @.***>