cats
Logback
cats | Logback | |
---|---|---|
22 | 20 | |
1,092 | 2,897 | |
1.1% | 0.5% | |
9.8 | 8.9 | |
4 days ago | 4 days ago | |
Java | Java | |
Apache License 2.0 | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
cats
- Ask HN: What Underrated Open Source Project Deserves More Recognition?
- Yet Another REST API Fuzzer
-
CWE Top Most Dangerous Software Weaknesses
Out of this frustration I've built: https://github.com/Endava/cats. It's for APIs, but mostly addressing exactly this case: don't use strings for everything, if you choose to use it though, make sure you add patterns for checking if things are valid, make sure you think about all the corner cases and all the weird characters that can brake you app, and so on.
-
API Security Testing
If the API has an OpenAPI spec available, you can use: https://github.com/Endava/cats
-
Cucumber Maintainer out of Job and future of the project is uncertain
This is why we need better tools which will give benefits for the added complexity. If you need to create both the feature files AND the code, it's just complexity with little benefits. But frameworks like https://github.com/karatelabs/karate or https://github.com/Endava/cats are hiding this complexity and remove the code layer entirely. Which, in my view, this is where you need to be in 2023, particularly for API testing.
-
Invisible Characters
I've built a tool specifically to test if these kind of characters will reach API backends: https://github.com/Endava/cats. My idea was that APIs should explicitly reject or sanitise input containing such characters.
- REST API fuzzer with minimum configuration
- Learnings from 5 Years of Tech Startup Code Audits
-
ce framework pentru fuzzing folositi ?
Cats by Endava
- am creat un web server in C imun la buffer overflows
Logback
- JHipster 8 - Analisando o código da nossa primeira aplicação monolítica - Parte 1/3
-
Logging in your API
Java -> Logback, Log4j2, JDK (Java Util Logging), Slf4j, e.t.c.
-
Spring Boot logging with Loki, Promtail, and Grafana (Loki stack)
This is a GitHub link to my demo app. It’s simple Spring Boot web app used to debugging various stuff. There are many ways to configure JSON logging in Spring Boot. I decided to use Logback because it is easy to configure and one of the most widely used logging library in the Java Community. To enable JSON logging we need to add below dependencies.
-
5 Best Logging Solutions for Java
Logback(https://logback.qos.ch/) is another non-commercial Java logging framework. It labels itself as a successor to the previously discussed Log4j framework.
-
Log4j: The Pain Just Keeps Going and Going
> Then apache decides to put new people on log4j, do a backward incompatible v2 design that nevertheless is worse than slf4j. Why?
slf4j itself isn't a logging framework. It's a facade to logging frameworks.
Simple Logging Facade for Java ( https://www.slf4j.org )
It needs a logging framework behind it - log4j, log4j2, logback, commons, JUL.
The question is "why do log4j2?"
Logback went from the log4j1.x path ( https://logback.qos.ch )
Log4j2 has a lot of features that weren't present when the project started ( https://en.wikipedia.org/wiki/Log4j#Apache_Log4j_2 ).
There is a licensing difference between Logback (LGPL) and Log4jx (Apache Commons).
-
E2E-Testing in CI Environment With Testcontainers
Also, I'd like you to pay attention to the log consumer. You see, when the E2E scenario fails, it's not always obvious why. Sometimes to understand the source of the problem you have to dig into containers' logs. Thankfully the log consumer allows us to forward a container's logs to any SLF4J logger instance. In this project, containers' logs are forwarded to regular text files (you can find the Logback configuration in the repository). Though it's much better to transfer logs to external logging facility (e.g. Kibana).
- 🛡️ This is how we maintain & release Secured Software on Github 🤖
- Creating an interface
-
How to Check if a Java Project Depends on A Vulnerable Version of Log4j
This shows that the MariaDB JDBC driver uses Logback as a logging framework. Although Logback is not affected by Log4Shell, it has a related vulnerability (of much lesser severity, no need to panic) fixed in version 1.2.8 and 1.3.0-alpha11. I checked the version used by the connector and found that it used 1.3.0-alpha10. Even though Logback is included as a test dependency in the MariaDB driver, I sent a pull request on GitHub to update it. I encourage you to do the same in any open-source project you find and that includes a vulnerable dependency.
-
Migrating off of Log4j 2.x
Dependencing on the project, changing the logger might range from easy peasy to a multi-week task. I'm ready to bet that in many (most?) cases, it'd actually be quite easy, so let's explore how to do it, using Logback as the target (there aren't that many alternatives actually).
What are some alternatives?
openapi-fuzzer - Black-box fuzzer that fuzzes APIs based on OpenAPI specification. Find bugs for free!
Apache Log4j 2 - Apache Log4j 2 is a versatile, feature-rich, efficient logging API and backend for Java.
restler-fuzzer - RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.
Logbook - An extensible Java library for HTTP request and response logging
mimic - [ab]using Unicode to create tragedy
Logstash - Logstash - transport and process your logs, events, or other data
RESTest - RESTest: Automated Black-Box Testing of RESTful Web APIs
tinylog - tinylog is a lightweight logging framework for Java, Kotlin, Scala, and Android
jcrapi2 - A Java Wrapper For Official Supercell Clash Royal Api
FizzBuzz Enterprise Edition - FizzBuzz Enterprise Edition is a no-nonsense implementation of FizzBuzz made by serious businessmen for serious business purposes.
mitmproxy2swagger - Automagically reverse-engineer REST APIs via capturing traffic
graylog - Free and open log management