DEV Community

Alan Richardson for Secure Code Warrior

Posted on • Edited on • Originally published at securecodewarrior.com

Migrating from System.out.println to a Logger in Java

When writing the code below I made a bunch of mistakes:

~~~~
private String getCountdownString() {

    String output = "";
    String prefix="";

    for(int countdown = 10; countdown > 0; countdown-- ){

        output = output + prefix + countdown;

        System.out.println(output);

        prefix=", ";
    }

    System.out.println(output);

    return output;
}
Enter fullscreen mode Exit fullscreen mode

~~~~

Initially, I had countdown++ and the loop didn't finish.

And I used countdown > 1 so didn't get the output I wanted.

In the end, I littered my code with System.out.println to help me debug.

And I realised, I really need to learn how to use a logger.

Research

Fortunately, I read through the Sensei documentation and decided to use the "Getting Started" guide to help me create a recipe to convert from System.out.println and encourage me to use a logger:

  • java.util.logging.Logger

Video - Using Sensei to convert System.out.println to a Logger

Creating a Recipe

The first thing I do is click on the println then alt+enter to create a new recipe.

Create a new recipe popup

I create it with the following details:

Name: Logger: use logger instead of println
Description: use logger - stop using System.out.println
Level: Error
Enter fullscreen mode Exit fullscreen mode

And I'll start by matching methodcall with the name println

~~~~
search:
methodcall:
name: "println"
~~~~

And the preview shows me all the matches in my code.

Search for println

I can see that all the matches in my code are for System.out.println but I don't trust that long term this will be the only match. I want to match a more qualified statement I want to change.

I expand the matcher to search for a methodcall on a field named out in the class System.

~~~~
search:
methodcall:
name: "println"
"on":
field:
in:
class:
name: "System"
name: "out"
~~~~

I could, if I wanted, fully qualify the System name to java.lang.System

Fully Qualified Search

Amending the Code to log

Next, I want to create the QuickFix.

First I want to amend the line of code that logs the output:

availableFixes:
- name: "use Logger"
  actions:
  - rewrite:
      to: "logger.log(Level.INFO, {{{ arguments.0 }}})"
Enter fullscreen mode Exit fullscreen mode

I don't have to remember the mustache format. I used the Show Variables in the GUI to show me the argument and double-clicked on it. Then the GUI filled in the appropriate matching mustache template.

Mustache variables in the GUI

When I try it out, I can see that I still have to alt+enter to import the Level enum. But if I amend my QuickFix to have a fully qualified item then Sensei will add the import for me e.g.

  • It will replace System.out.println(output); with

~~~~
logger.log(Level.INFO, output);
~~~~

  • And add an import for the enum:

~~~~
import java.util.logging.Level;
~~~~

  • If I rewrite to:
logger.log(java.util.logging.Level.INFO, {{{ arguments.0 }}})
Enter fullscreen mode Exit fullscreen mode

And this will work, but I will still have to remember the syntax to instantiate the logger in the first place.

Code rewrite rule

Amending the code to add the logger field

I can amend my QuickFix to create the logger field for me as well.

I will code the logger first, and then add that to my recipe so I never have to code it again.

~~~~
Logger logger2 = Logger.getLogger(SysOutTest.class.getName());
~~~~

I tend to write the code first because then I can use IntelliJ code completion and syntax checking to make sure I get it right. As a side-effect, it will then be in the code preview when I edit the recipe to add the QuickFix lines that will create that code.

And when I write the code, I want to use a different field name (here I'm using logger2) because Sensei is clever enough not to add a duplicate field, so I have to fool it by using a different name.

So I'll amend the recipe to create this code by adding a field called logger.

availableFixes:
- name: "use Logger"
  actions:
  - rewrite:
      to: "logger.log(java.util.logging.Level.INFO, {{{ arguments.0 }}})"
  - addField:
      field: "java.util.logging.Logger logger = Logger.getLogger({{{ containingClass.name\
        \ }}}.class.getName())"
      target: "parentClass"
Enter fullscreen mode Exit fullscreen mode

Note that I changed SysOutTest to be a mustache variable so that it picks up the name of any class I use this recipe in. And again, I didn't remember the mustache syntax, I used the GUI show variables to find the replacement I needed.

And by fully qualifying the Logger to java.util.logging.Logger, Sensei will add the import and write the line of code that I want i.e.

~~~~
Logger logger = Logger.getLogger(SysOutTest.class.getName());
~~~~

Seeing The Results of a QuickFix

One useful thing about this recipe is that because it will only add the logger field once, I can use this on any existing code where I have used System.out.println and use Sensei to change all the occurrences in my code.

Replace All println for Logger

Next Steps

Once I get used to this, I'll eventually train myself away from using System.out.println.

And I can use Sensei to help me proactively write code by creating a second recipe which helps me create a logger.

e.g. I can match on a class, where there is no field called logger, and add one.

I created a recipe of level Information

Name: Logger: add logger
Description: Add logger to class
Level: Information
Enter fullscreen mode Exit fullscreen mode

To match on a class without a logger field:

~~~~
search:
class:
without:
child:
field:
name: "logger"
~~~~

And then I will reuse part of the QuickFix we saw earlier

availableFixes:
  - name: "Add Logger"
    actions:
      - addField:
          field: "java.util.logging.Logger logger = Logger.getLogger({{{ containingClass.name\
        \ }}}.class.getName())"
          target: "self"
Enter fullscreen mode Exit fullscreen mode

Note the difference in target here compared to the first QuickFix. This uses self because our Search matched the class. The first QuickFix uses parentClass because we matched code within the class itself.

Summary

This represents one of the key flows associated with using Sensei to help improve your personal programming skillset:

  • create a recipe to help with your immediate 'best practice'
  • once you know how to use that best practice... create a recipe to make your workflow faster

You can install Sensei from within IntelliJ using "Preferences \ Plugins" (Mac) or "Settings \ Plugins" (Windows) then just search for “sensei secure code”. More Install Instructions

The source code and recipes for this can be found in the sensei-blog-examples repository in the Secure Code Warrior GitHub account, in the pojoexamples module test folder.

Top comments (0)