Merged HEAD-BUG-FIX (5.1/Cloud) to HEAD (5.1/Cloud)

96603: Merged 5.0.N (5.0.2) to HEAD-BUG-FIX (5.1/Cloud) 96403: Merged 5.0.1 (5.0.1) to 5.0.N (5.0.2) 96402: Merged 5.0.0 (5.0.0.6) to 5.0.1 (5.0.1) 96290: MNT-13291 : [Security] XSS in /ModuleDeployment - Escape url.service in html.status.ftl 96295: MNT-13291 : [Security] XSS in /ModuleDeployment - Added XssVulnerabilityEnterpriseTest to enterprise-remote-api 96364: MNT-13291 : [Security] XSS in /ModuleDeployment - Escape args.authenticatorName to avoid XSS 96365: MNT-13291 : [Security] XSS in /ModuleDeployment - Escape args.authenticatorName in enterprise webscripts. Use js_string to encode JavaScript git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@96676 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-08-14 17:58:59 +00:00 · 2015-02-10 13:19:10 +00:00
parent 82126fa6f0
commit 65514834c1
1 changed files with 13 additions and 9 deletions
--- a/source/test-java/org/alfresco/repo/web/scripts/XssVulnerabilityTest.java
+++ b/source/test-java/org/alfresco/repo/web/scripts/XssVulnerabilityTest.java
@@ -27,7 +27,6 @@ import java.util.Set;

 import org.alfresco.error.AlfrescoRuntimeException;
 import org.alfresco.repo.security.authentication.AuthenticationUtil;
-import org.alfresco.repo.web.scripts.tenant.TenantAdminSystemTest;
 import org.alfresco.rest.framework.core.exceptions.InvalidArgumentException;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -55,7 +54,7 @@ import org.springframework.extensions.webscripts.WebScriptException;
 */
 public class XssVulnerabilityTest extends BaseWebScriptTest 
 {
-    private static Log logger = LogFactory.getLog(TenantAdminSystemTest.class);
+    private Log logger = LogFactory.getLog(XssVulnerabilityTest.class);

    private DeclarativeRegistry webscriptsRegistry;

@@ -92,6 +91,11 @@ public class XssVulnerabilityTest extends BaseWebScriptTest
        super.tearDown();
    }

+    protected Log getLogger()
+    {
+        return logger;
+    }
+
    public void testXssVulnerability() throws Throwable
    {
        webscriptsRegistry.reset();
@@ -100,9 +104,9 @@ public class XssVulnerabilityTest extends BaseWebScriptTest
        LinkedList<String> vulnerabileURLS = new LinkedList<String>();
        for(WebScript ws : webscriptsRegistry.getWebScripts())
        {
-            if (logger.isDebugEnabled())
+            if (getLogger().isDebugEnabled())
            {
-                logger.debug("progress: " + ++i + "/" + scriptsSize);
+                getLogger().debug("progress: " + ++i + "/" + scriptsSize);
            }

            Description wsDesc = ws.getDescription();
@@ -166,16 +170,16 @@ public class XssVulnerabilityTest extends BaseWebScriptTest
            }
        }

-        if (logger.isDebugEnabled())
+        if (getLogger().isDebugEnabled())
        {
-            logger.debug("OK html responses count: " + successCount);
-            logger.debug("Webscript errors count: " + wserrcount);
-            logger.debug("Vulnerabile URLs count: " + vulnCount);
+            getLogger().debug("OK html responses count: " + successCount);
+            getLogger().debug("Webscript errors count: " + wserrcount);
+            getLogger().debug("Vulnerabile URLs count: " + vulnCount);
        }

        for (String url : vulnerabileURLS)
        {
-            logger.warn("Vulnerabile URL: " + url);
+            getLogger().warn("Vulnerabile URL: " + url);
        }
        assertTrue("Vulnerabile URLs found: " + vulnerabileURLS, vulnerabileURLS.size() == 0);
    }