[ISSUE-103]: Migrate away from log4j 1.x

[ThirumlaDevi]

ISSUE-103

Description of the fix:

The following points were considered before coming up with the solution:

• This vulnerability doesn't exit in log4j version >= 2.8.2. Click here for reference
• Apart from the vulnerability the project was also using the deprecated log4j version 1.x, which has other vulnerabilities

Solution:
As an overall solution to fix log4j related vulnerabilities, i have updated the log4j package to recent stable 2.x version. This migration document provided by the official website was used as an overall reference.

File changes made

Added

• included maven dependency for 2.14.1 version of log4j-core and log4j-1.2-api to include imports from these libraries

Changed

• Updated log4j.xml configuration to the format accepted by log4j2 version
• Replaced maven dependency reference of log4j with log4j2 in libs/sparkpost-lib/pom.xml and apps/sparkpost-documentor-app/pom.xml
• Replaced deprecated Logger.getLogger command with LogManager.getLogger command in classes belonging to apps/sparkpost-samples-app/src/main/java/com/sparkpost package.
  • Click here for this solution reference
• Replaced deprecated Logger.getRootLogger().setLevel command with Configurator.setRootLevel command upon migration in all of the BeforeClass methods in the integration tests and in classes belonging to apps/sparkpost-samples-app/src/main/java/com/sparkpost package.
  • Click here for this solution reference
• Updated log4j.properties to refer to newly included log4j2 package for appender type, target and log pattern
• Replaced deprecated BasicConfigurator.configure() command with Configurator.initialize(new DefaultConfiguration()) command in helpers/SparkPostBaseApp.java file.
  • Click here for this solution reference

Testing done

• Checked if mvn clean install command runs successfully and tests are all passing on migration

• Checked if on including a logging statement in debug level in one of the tests, it prints the log statement in the pattern configured