[logback-user] Substituting class/method names in logback log files with original names when deploying obfuscated code

Christopher BROWN brown at reflexe.fr
Mon Dec 5 12:26:09 CET 2011


I've not yet found an answer to my question (I did get some suggestions
back but no solution), so if anyone can help...

So far, by investigating myself, it appears that I could either replace
PatternLayout (but that means basically forking code with all the
associated drawbacks) or use something like ClassicConverter (but I didn't
see how do override just the parts of the layout I need, the ANSI colour
example wraps the whole line... maybe I missed something).  The conversion
word "replace" doesn't seem to be a scalable solution (and furthermore,
it's static whereas the application is OSGi-based therefore JARs can be
reloaded at runtime with modified contents).

I'm stuck!

One suggestion I did get back was to keep the obfuscated code mapping
outside of the runtime environment, and decode "in house" stacktraces when
a customer sends us log files containing stacktraces with obfuscated
class/method names.  This suggestion does not provide the solution, as we
can't be sure that we match versions (version reported by customer and
version of class/method name mappings), so the "package the mapping file in
the JAR" is still the most reliable from that point of view.

Also, another reply pointed out that if the mapping is in the JAR, then it
effectively renders useless the obfuscation: regarding that remark, yes, it
makes it easier to restore the original source code, however the aim isn't
a naive "total security" approach, it's primarily to discourage casual use
and most of all, to encourage our customers not to link to obfuscated code,
as we deliver a public non-obfuscated API, and it's a way of discouraging
people taking shortcuts (because they unfortunately do and they can end up
making their own code more prone to breakage by fiddling with internals and
by having things change during upgrades).

So a solution remains relevant.


On 28 November 2011 16:31, Christopher BROWN <brown at reflexe.fr> wrote:

> Hello,
> What would be the best way to handle logging with logback when deploying
> obfuscated code?
> For example, with YGuard, when the obfuscator runs, it outputs a mapping
> file of obfuscated code (class names, method names, etc) to unobfuscated
> code.  When a stacktrace or just any logging trace is output, the
> class/method names are obviously obfuscated.  As it's possible to deploy
> this mapping with the code, say embedded in the same ".jar", all the
> information I would need is available.
> Without too much re-writing of code (default formatting with logback),
> what would be the best way to dynamically replace matching class/method
> names?
> Thanks,
> Christopher
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.qos.ch/pipermail/logback-user/attachments/20111205/53622435/attachment.html>

More information about the Logback-user mailing list