From 982f92406acb3ed1396a8c1d8a18841f008a1602 Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Tue, 12 Dec 2023 06:20:49 -0500
Subject: [PATCH] fix: reduce apache http logging resolves #6278

---
 .../org/owasp/dependencycheck/taskdefs/Purge.java    | 11 +++++++++--
 cli/src/main/resources/logback.xml                   |  1 +
 .../maven/BaseDependencyCheckMojo.java               | 12 ++++++++++--
 3 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/ant/src/main/java/org/owasp/dependencycheck/taskdefs/Purge.java b/ant/src/main/java/org/owasp/dependencycheck/taskdefs/Purge.java
index 4fee4596f70..72d47e7fca3 100644
--- a/ant/src/main/java/org/owasp/dependencycheck/taskdefs/Purge.java
+++ b/ant/src/main/java/org/owasp/dependencycheck/taskdefs/Purge.java
@@ -147,7 +147,7 @@ public void setHostedSuppressionsUrl(final String hostedSuppressionsUrl) {
      */
     @Override
     public final void execute() throws BuildException {
-        muteJCS();
+        muteNoisyLoggers();
         final ClassLoader current = Thread.currentThread().getContextClassLoader();
         try {
             Thread.currentThread().setContextClassLoader(getClass().getClassLoader());
@@ -161,9 +161,16 @@ public final void execute() throws BuildException {
     /**
      * Hacky method of muting the noisy logging from JCS.
      */
-    private void muteJCS() {
+    private void muteNoisyLoggers() {
         System.setProperty("jcs.logSystem", "slf4j");
         Slf4jAdapter.muteLogging(true);
+
+        final String[] noisyLoggers = {
+            "org.apache.hc"
+        };
+        for (String loggerName : noisyLoggers) {
+            System.setProperty("org.slf4j.simpleLogger.log." + loggerName, "error");
+        }
     }
 
     /**
diff --git a/cli/src/main/resources/logback.xml b/cli/src/main/resources/logback.xml
index c6a3bcd79b1..fef9b5c1b47 100644
--- a/cli/src/main/resources/logback.xml
+++ b/cli/src/main/resources/logback.xml
@@ -11,6 +11,7 @@
     </appender>
 
     <logger name="org.apache.commons.jcs" level="ERROR" />
+    <logger name="org.apache.hc" level="ERROR" />
 
     <root level="INFO">
         <appender-ref ref="console"/>
diff --git a/maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java b/maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
index d53ebca2dea..d2d60b33a31 100644
--- a/maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
+++ b/maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
@@ -88,6 +88,7 @@
 import java.util.Objects;
 import java.util.Optional;
 import java.util.Set;
+import java.util.logging.Level;
 import org.apache.maven.artifact.repository.ArtifactRepository;
 
 import org.apache.maven.artifact.resolver.filter.ExcludesArtifactFilter;
@@ -1929,7 +1930,7 @@ public ProjectBuildingRequest newResolveArtifactProjectBuildingRequest(MavenProj
      * fail the build
      */
     protected void runCheck() throws MojoExecutionException, MojoFailureException {
-        muteJCS();
+        muteNoisyLoggers();
         try (Engine engine = initializeEngine()) {
             ExceptionCollection exCol = null;
             if (scanDependencies) {
@@ -2498,11 +2499,18 @@ private String[] determineSuppressions() {
     /**
      * Hacky method of muting the noisy logging from JCS
      */
-    private void muteJCS() {
+    private void muteNoisyLoggers() {
         System.setProperty("jcs.logSystem", "slf4j");
         if (!getLog().isDebugEnabled()) {
             Slf4jAdapter.muteLogging(true);
         }
+
+        final String[] noisyLoggers = {
+            "org.apache.hc"
+        };
+        for (String loggerName : noisyLoggers) {
+            System.setProperty("org.slf4j.simpleLogger.log." + loggerName, "error");
+        }
     }
 
     /**