Upgrade logback and SLF4j

Logback 1.1.x suffers from https://nvd.nist.gov/vuln/detail/CVE-2017-5929,
which has been fixed in 1.2.0. This vulnerability can't be exploited
because the Logback socket server is not enabled. Nevertheless
upgrading is a best practice.

2 files changed, 8 insertions, 3 deletions

diff --git a/server/sonar-process/src/main/java/org/sonar/process/logging/LogbackHelper.java b/server/sonar-process/src/main/java/org/sonar/process/logging/LogbackHelper.java
index 5cee5492ddb..a548f9d29c6 100644
--- a/server/sonar-process/src/main/java/org/sonar/process/logging/LogbackHelper.java
+++ b/server/sonar-process/src/main/java/org/sonar/process/logging/LogbackHelper.java
@@ -35,6 +35,7 @@ import ch.qos.logback.core.rolling.FixedWindowRollingPolicy;
 import ch.qos.logback.core.rolling.RollingFileAppender;
 import ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy;
 import ch.qos.logback.core.rolling.TimeBasedRollingPolicy;
+import ch.qos.logback.core.util.FileSize;
 import java.io.File;
 import java.util.Arrays;
 import java.util.Collection;
@@ -342,7 +343,8 @@ public class LogbackHelper extends AbstractLogHelper {
       String filePath = new File(logsDir, filenamePrefix + ".log").getAbsolutePath();
       appender.setFile(filePath);
 
-      SizeBasedTriggeringPolicy<ILoggingEvent> trigger = new SizeBasedTriggeringPolicy<>(size);
+      SizeBasedTriggeringPolicy<ILoggingEvent> trigger = new SizeBasedTriggeringPolicy<>();
+      trigger.setMaxFileSize(FileSize.valueOf(size));
       trigger.setContext(context);
       trigger.start();
       appender.setTriggeringPolicy(trigger);
diff --git a/server/sonar-process/src/test/java/org/sonar/process/logging/LogbackHelperTest.java b/server/sonar-process/src/test/java/org/sonar/process/logging/LogbackHelperTest.java
index 2f6643bdb29..434372dcd5e 100644
--- a/server/sonar-process/src/test/java/org/sonar/process/logging/LogbackHelperTest.java
+++ b/server/sonar-process/src/test/java/org/sonar/process/logging/LogbackHelperTest.java
@@ -32,6 +32,7 @@ import ch.qos.logback.core.rolling.FixedWindowRollingPolicy;
 import ch.qos.logback.core.rolling.RollingFileAppender;
 import ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy;
 import ch.qos.logback.core.rolling.TimeBasedRollingPolicy;
+import ch.qos.logback.core.util.FileSize;
 import com.google.common.collect.ImmutableList;
 import com.tngtech.java.junit.dataprovider.DataProvider;
 import com.tngtech.java.junit.dataprovider.DataProviderRunner;
@@ -41,6 +42,7 @@ import java.util.ArrayList;
 import java.util.List;
 import java.util.Properties;
 import org.apache.commons.lang.RandomStringUtils;
+import org.apache.commons.lang.reflect.FieldUtils;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Rule;
@@ -238,7 +240,7 @@ public class LogbackHelperTest {
   }
 
   @Test
-  public void createRollingPolicy_size() {
+  public void createRollingPolicy_size() throws Exception {
     props.set("sonar.log.rollingPolicy", "size:1MB");
     props.set("sonar.log.maxFiles", "20");
     LoggerContext ctx = underTest.getRootContext();
@@ -253,7 +255,8 @@ public class LogbackHelperTest {
     assertThat(rollingPolicy.getMaxIndex()).isEqualTo(20);
     assertThat(rollingPolicy.getFileNamePattern()).endsWith("sonar.%i.log");
     SizeBasedTriggeringPolicy triggeringPolicy = (SizeBasedTriggeringPolicy) fileAppender.getTriggeringPolicy();
-    assertThat(triggeringPolicy.getMaxFileSize()).isEqualTo("1MB");
+    FileSize maxFileSize = (FileSize)FieldUtils.readField(triggeringPolicy, "maxFileSize", true);
+    assertThat(maxFileSize.getSize()).isEqualTo(1024L * 1024);
   }
 
   @Test