Google Git
Sign in
apache / logging-log4j2 / refs/heads/doc/string-concatenation
commit1b68b3de81a65bb2d22488b1f184d4884db6667a[log] [tgz]
authorPiotr P. Karwasz <piotr.github@karwasz.org>Wed Mar 19 22:25:38 2025 +0100
committerPiotr P. Karwasz <piotr.github@karwasz.org>Wed Mar 19 22:25:38 2025 +0100
tree32354018d2c1f1bb29a4f40ac8ddd0ab70d5bd3f
parent1a7112a28219f778f2ed69e66da2623024cc97f1 [diff]
Improve String concatenation best practice

This change splits the "don't use String concatenation" best practice into two parts:

- A recommendation concerning performance: string concatenation is not efficient if the logger is off.
- A security recommendation: format string must be constants to prevent `{}` placeholder injection.

The `${dangerousLookup}` part of the example is removed, since lookups are not executed since version `2.15.0`
4 files changed
tree: 32354018d2c1f1bb29a4f40ac8ddd0ab70d5bd3f
  1. .github/
  2. .mvn/
  3. log4j-1.2-api/
  4. log4j-api/
  5. log4j-api-java9/
  6. log4j-api-test/
  7. log4j-appserver/
  8. log4j-cassandra/
  9. log4j-core/
  10. log4j-core-fuzz-test/
  11. log4j-core-its/
  12. log4j-core-java9/
  13. log4j-core-test/
  14. log4j-couchdb/
  15. log4j-docker/
  16. log4j-fuzz-test/
  17. log4j-iostreams/
  18. log4j-jakarta-jms/
  19. log4j-jakarta-smtp/
  20. log4j-jakarta-web/
  21. log4j-jcl/
  22. log4j-jdbc-dbcp2/
  23. log4j-jpa/
  24. log4j-jpl/
  25. log4j-jul/
  26. log4j-layout-template-json/
  27. log4j-layout-template-json-fuzz-test/
  28. log4j-layout-template-json-test/
  29. log4j-mongodb/
  30. log4j-mongodb4/
  31. log4j-osgi-test/
  32. log4j-parent/
  33. log4j-perf-test/
  34. log4j-slf4j-impl/
  35. log4j-slf4j2-impl/
  36. log4j-slf4j2-impl-fuzz-test/
  37. log4j-spring-boot/
  38. log4j-spring-cloud-config-client/
  39. log4j-taglib/
  40. log4j-to-jul/
  41. log4j-to-slf4j/
  42. log4j-web/
  43. src/
  44. .asf.yaml
  45. .gitattributes
  46. .gitignore
  47. .java-version
  48. .logging-parent-bom-activator
  49. antora-playbook.yaml
  50. BUILDING.adoc
  51. CODE_OF_CONDUCT.adoc
  52. FUZZING.adoc
  53. LICENSE.txt
  54. mvnw
  55. mvnw.cmd
  56. NOTICE.txt
  57. oss-fuzz-build.sh
  58. package.json
  59. pom.xml
  60. README.adoc
  61. RELEASE-NOTES.adoc
  62. SECURITY.adoc
  63. spotbugs-exclude.xml