Disable more potentialy unsafe networking code in log4j.net.

Disables
* SocketNode
* TelnetAppender

Adds tests for the remaining behavior.

Adds warnings
* for SyslogAppender if logging to a non-loopback address
* deprecation for SocketAppender since it's the client side of the
  disabled server code

Normalizes warnings in other net code to use LogLog.error()
consistently and removes internal use of log4j Logger objects.

Author: lsimons

src/main/java/org/apache/log4j/helpers/SyslogWriter.java

@@ -92,6 +92,10 @@ public class SyslogWriter extends Writer {
 
     try {      
       this.address = InetAddress.getByName(host);
+      if(!this.address.isLoopbackAddress()) {
+        LogLog.warn("WARN-LOG4J-NETWORKING-REMOTE-SYSLOG: logging to remote syslog host '" +
+            syslogHost + "'! Syslog is an unencrypted protocol.");
+      }
     }
     catch (UnknownHostException e) {
       LogLog.error("Could not find " + host +

src/main/java/org/apache/log4j/net/JMSAppender.java

@@ -42,7 +42,7 @@ public class JMSAppender extends AppenderSkeleton {
 
   static final String JMS_UNSUPPORTED =
       "ERROR-LOG4J-NETWORKING-UNSUPPORTED: JMS unsupported!" +
-      " This is a breaking change in Log4J >=1.2.18. Change your config to stop using JMS!";
+      " This is a breaking change in Log4J 1 >=1.2.18. Change your config to stop using JMS!";
 
   public
   JMSAppender() {

src/main/java/org/apache/log4j/net/JMSSink.java

@@ -17,7 +17,7 @@
 
 package org.apache.log4j.net;
 
-import org.apache.log4j.Logger;
+import org.apache.log4j.helpers.LogLog;
 
 import javax.naming.Context;
 import javax.naming.NamingException;
@@ -34,25 +34,23 @@
  */
 public class JMSSink implements javax.jms.MessageListener {
 
-  static Logger logger = Logger.getLogger(JMSSink.class);
-
   static public void main(String[] args) throws Exception {
     usage();
   }
 
   /** @noinspection unused*/
   public JMSSink(String tcfBindingName, String topicBindingName, String username,
                  String password) {
-    logger.error(JMSAppender.JMS_UNSUPPORTED);
+    LogLog.error(JMSAppender.JMS_UNSUPPORTED);
   }
 
   public void onMessage(javax.jms.Message message) {
-    logger.error(JMSAppender.JMS_UNSUPPORTED);
+    LogLog.error(JMSAppender.JMS_UNSUPPORTED);
   }
 
-  /** @noinspection unused*/
+  /** @noinspection unused, UnusedReturnValue, SameParameterValue */
   protected static Object lookup(Context ctx, String name) throws NamingException {
-    logger.error(JMSAppender.JMS_UNSUPPORTED);
+    LogLog.error(JMSAppender.JMS_UNSUPPORTED);
     throw new NamingException(JMSAppender.JMS_UNSUPPORTED);
   }
 

src/main/java/org/apache/log4j/net/SimpleSocketServer.java

@@ -31,7 +31,7 @@ public class SimpleSocketServer  {
 
   static final String SOCKET_SERVER_UNSUPPORTED =
       "ERROR-LOG4J-NETWORKING-UNSUPPORTED: SimpleSocketServer unsupported!" +
-      " This is a breaking change in Log4J >=1.2.18. Stop using this class!";
+      " This is a breaking change in Log4J 1 >=1.2.18. Stop using this class!";
 
   public
   static

src/main/java/org/apache/log4j/net/SocketAppender.java

@@ -97,6 +97,10 @@ is slow but still faster than the rate of (log) event production
      </ul>
 
     @author  Ceki G&uuml;lc&uuml;
+    @deprecated
+      The server side of the log4j socket protocol has been disabled
+      in Log4j >= 1.2.18. Change your config to ship logs using a
+      modern and secure protocol!
     @since 0.8.4 */
 
 public class SocketAppender extends AppenderSkeleton {

src/main/java/org/apache/log4j/net/SocketHubAppender.java

@@ -39,7 +39,7 @@ public class SocketHubAppender extends AppenderSkeleton {
 
   static final String SOCKET_HUB_UNSUPPORTED =
       "ERROR-LOG4J-NETWORKING-UNSUPPORTED: SocketHubAppender unsupported!" +
-          " This is a breaking change in Log4J >=1.2.18. Stop using this class!";
+          " This is a breaking change in Log4J 1 >=1.2.18. Stop using this class!";
 
   /**
      The default port number of the ServerSocket will be created on. */

src/main/java/org/apache/log4j/net/SocketNode.java

@@ -17,108 +17,38 @@
 
 package org.apache.log4j.net;
 
-import java.io.BufferedInputStream;
-import java.io.IOException;
-import java.io.InterruptedIOException;
-import java.io.ObjectInputStream;
 import java.net.Socket;
 
-import org.apache.log4j.Logger;
+import org.apache.log4j.helpers.LogLog;
 import org.apache.log4j.spi.LoggerRepository;
 import org.apache.log4j.spi.LoggingEvent;
 
 // Contributors:  Moses Hohman <mmhohman@rainbow.uchicago.edu>
 
 /**
    Read {@link LoggingEvent} objects sent from a remote client using
-   Sockets (TCP). These logging events are logged according to local
-   policy, as if they were generated locally.
+   Sockets (TCP) in Log4j up to 1.2.17.
 
-   <p>For example, the socket node might decide to log events to a
-   local file and also resent them to a second socket node.
+   Changed in 1.2.18+ to complain about its use and do nothing else.
+   See <a href="https://logging.apache.org/log4j/1.2/">the log4j 1.2 homepage</a>
+   for more information on why JMS is disabled since 1.2.18.
 
-    @author  Ceki G&uuml;lc&uuml;
+   @author  Ceki G&uuml;lc&uuml;
 
-    @since 0.8.4
+   @since 0.8.4
+   @noinspection unused
 */
 public class SocketNode implements Runnable {
 
-  Socket socket;
-  LoggerRepository hierarchy;
-  ObjectInputStream ois;
-
-  static Logger logger = Logger.getLogger(SocketNode.class);
+  static final String SOCKET_NODE_UNSUPPORTED =
+      "ERROR-LOG4J-NETWORKING-UNSUPPORTED: SocketNode unsupported!" +
+      " This is a breaking change in Log4J 1 >=1.2.18. Stop using this class!";
 
   public SocketNode(Socket socket, LoggerRepository hierarchy) {
-    this.socket = socket;
-    this.hierarchy = hierarchy;
-    try {
-      ois = new ObjectInputStream(
-                         new BufferedInputStream(socket.getInputStream()));
-    } catch(InterruptedIOException e) {
-      Thread.currentThread().interrupt();
-      logger.error("Could not open ObjectInputStream to "+socket, e);
-    } catch(IOException e) {
-      logger.error("Could not open ObjectInputStream to "+socket, e);
-    } catch(RuntimeException e) {
-      logger.error("Could not open ObjectInputStream to "+socket, e);
-    }
+    LogLog.error(SOCKET_NODE_UNSUPPORTED);
   }
 
-  //public
-  //void finalize() {
-  //System.err.println("-------------------------Finalize called");
-  // System.err.flush();
-  //}
-
   public void run() {
-    LoggingEvent event;
-    Logger remoteLogger;
-
-    try {
-      if (ois != null) {
-          while(true) {
-	        // read an event from the wire
-	        event = (LoggingEvent) ois.readObject();
-	        // get a logger from the hierarchy. The name of the logger is taken to be the name contained in the event.
-	        remoteLogger = hierarchy.getLogger(event.getLoggerName());
-	        //event.logger = remoteLogger;
-	        // apply the logger-level filter
-	        if(event.getLevel().isGreaterOrEqual(remoteLogger.getEffectiveLevel())) {
-	        // finally log the event as if was generated locally
-	        remoteLogger.callAppenders(event);
-	      }
-        }
-      }
-    } catch(java.io.EOFException e) {
-      logger.info("Caught java.io.EOFException closing conneciton.");
-    } catch(java.net.SocketException e) {
-      logger.info("Caught java.net.SocketException closing conneciton.");
-    } catch(InterruptedIOException e) {
-      Thread.currentThread().interrupt();
-      logger.info("Caught java.io.InterruptedIOException: "+e);
-      logger.info("Closing connection.");
-    } catch(IOException e) {
-      logger.info("Caught java.io.IOException: "+e);
-      logger.info("Closing connection.");
-    } catch(Exception e) {
-      logger.error("Unexpected exception. Closing conneciton.", e);
-    } finally {
-      if (ois != null) {
-         try {
-            ois.close();
-         } catch(Exception e) {
-            logger.info("Could not close connection.", e);
-         }
-      }
-      if (socket != null) {
-        try {
-          socket.close();
-        } catch(InterruptedIOException e) {
-            Thread.currentThread().interrupt();
-        } catch(IOException ex) {
-        }
-      }
-    }
+    LogLog.error(SOCKET_NODE_UNSUPPORTED);
   }
 }

src/main/java/org/apache/log4j/net/SocketServer.java

@@ -17,17 +17,9 @@
 
 package org.apache.log4j.net;
 
-import java.io.File;
-import java.net.InetAddress;
-import java.util.Hashtable;
+import org.apache.log4j.helpers.LogLog;
 
-import org.apache.log4j.Hierarchy;
-import org.apache.log4j.Level;
-import org.apache.log4j.LogManager;
-import org.apache.log4j.Logger;
-import org.apache.log4j.PropertyConfigurator;
-import org.apache.log4j.spi.LoggerRepository;
-import org.apache.log4j.spi.RootLogger;
+import java.io.File;
 
 
 /**
@@ -45,9 +37,7 @@ public class SocketServer  {
 
   static final String SOCKET_SERVER_UNSUPPORTED =
       "ERROR-LOG4J-NETWORKING-UNSUPPORTED: SocketServer unsupported!" +
-      " This is a breaking change in Log4J >=1.2.18. Stop using this class!";
-
-  static Logger cat = Logger.getLogger(SocketServer.class);
+      " This is a breaking change in Log4J 1 >=1.2.18. Stop using this class!";
 
   public
   static
@@ -65,6 +55,6 @@ void usage() {
   /** @noinspection unused*/
   public
   SocketServer(File directory) {
-    cat.error(SOCKET_SERVER_UNSUPPORTED);
+    LogLog.error(SOCKET_SERVER_UNSUPPORTED);
   }
 }

src/main/java/org/apache/log4j/net/SyslogAppender.java

@@ -37,6 +37,9 @@
 /**
     Use SyslogAppender to send log messages to a remote syslog daemon.
 
+    Since Log4J 1.2.18, will log a warning if the remote syslog daemon
+    is not a local loopback (127.x.x.x or ::1/128).
+
     @author Ceki Gülcü
     @author Anders Kristensen
  */