Merged HEAD-BUG-FIX (5.1/Cloud) to HEAD (5.1/Cloud)

96603: Merged 5.0.N (5.0.2) to HEAD-BUG-FIX (5.1/Cloud)
      96403: Merged 5.0.1 (5.0.1) to 5.0.N (5.0.2)
         96402: Merged 5.0.0 (5.0.0.6) to 5.0.1 (5.0.1)
            96290: MNT-13291 : [Security] XSS in /ModuleDeployment
               - Escape url.service in html.status.ftl
            96295: MNT-13291 : [Security] XSS in /ModuleDeployment
               - Added XssVulnerabilityEnterpriseTest to enterprise-remote-api
            96364: MNT-13291 : [Security] XSS in /ModuleDeployment
               - Escape args.authenticatorName to avoid XSS
            96365: MNT-13291 : [Security] XSS in /ModuleDeployment
               - Escape args.authenticatorName in enterprise webscripts. Use js_string to encode JavaScript


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@96676 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

source/test-java/org/alfresco/repo/web/scripts/XssVulnerabilityTest.java

@@ -27,7 +27,6 @@ import java.util.Set;
 
 import org.alfresco.error.AlfrescoRuntimeException;
 import org.alfresco.repo.security.authentication.AuthenticationUtil;
-import org.alfresco.repo.web.scripts.tenant.TenantAdminSystemTest;
 import org.alfresco.rest.framework.core.exceptions.InvalidArgumentException;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -55,7 +54,7 @@ import org.springframework.extensions.webscripts.WebScriptException;
  */
 public class XssVulnerabilityTest extends BaseWebScriptTest 
 {
-    private static Log logger = LogFactory.getLog(TenantAdminSystemTest.class);
+    private Log logger = LogFactory.getLog(XssVulnerabilityTest.class);
 
     private DeclarativeRegistry webscriptsRegistry;
 
@@ -92,6 +91,11 @@ public class XssVulnerabilityTest extends BaseWebScriptTest
         super.tearDown();
     }
 
+    protected Log getLogger()
+    {
+        return logger;
+    }
+
     public void testXssVulnerability() throws Throwable
     {
         webscriptsRegistry.reset();
@@ -100,9 +104,9 @@ public class XssVulnerabilityTest extends BaseWebScriptTest
         LinkedList<String> vulnerabileURLS = new LinkedList<String>();
         for(WebScript ws : webscriptsRegistry.getWebScripts())
         {
-            if (logger.isDebugEnabled())
+            if (getLogger().isDebugEnabled())
             {
-                logger.debug("progress: " + ++i + "/" + scriptsSize);
+                getLogger().debug("progress: " + ++i + "/" + scriptsSize);
             }
 
             Description wsDesc = ws.getDescription();
@@ -166,16 +170,16 @@ public class XssVulnerabilityTest extends BaseWebScriptTest
             }
         }
 
-        if (logger.isDebugEnabled())
+        if (getLogger().isDebugEnabled())
         {
-            logger.debug("OK html responses count: " + successCount);
+            getLogger().debug("OK html responses count: " + successCount);
-            logger.debug("Webscript errors count: " + wserrcount);
+            getLogger().debug("Webscript errors count: " + wserrcount);
-            logger.debug("Vulnerabile URLs count: " + vulnCount);
+            getLogger().debug("Vulnerabile URLs count: " + vulnCount);
         }
 
         for (String url : vulnerabileURLS)
         {
-            logger.warn("Vulnerabile URL: " + url);
+            getLogger().warn("Vulnerabile URL: " + url);
         }
         assertTrue("Vulnerabile URLs found: " + vulnerabileURLS, vulnerabileURLS.size() == 0);
     }