Merged V4.1-BUG-FIX to HEAD

39828: Merged V4.1 to V4.1-BUG-FIX
      39827: Merged PATCHES/V4.0.2 to V4.1
         39825: ALF-13453 / ALF-13844: Merged V3.4-BUG-FIX to PATCHES/V4.0.2
            39823: ALF-13552, ALF-13978: Reverse merged the following revisions - won't fix due to regressions and not a serious vulnerability
               35341: ALF-13552: Merged V4.0 to V3.4
                  35296: ALF-13453: Merged V4.0-BUG-FIX to V4.0
                     35295: Fix for ALF-13453: Remote Code Execution (can create reverse shell)
                  35304: ALF-13453: Extra fix to ensure xalan namespace isn't declared with global scope and can't be hijacked by an input stylesheet
                  35307: ALF-13453: Duplicated extra fix to duplicate code in XSLTRenderingEngine!
               36101: ALF-13978: Merged V4.0-BUG-FIX to V3.4
                  36014: ALF-13844: XSLT Filtering Not 100% Secure
                     - added more namespaces to the security filter.
                     - verified that include/import uses the security filter.
               36108: ALF-13978: Fixed compilation errors
            39824: ALF-13552, ALF-13978: Fixed compilation errors


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@39829 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

source/java/org/alfresco/repo/rendition/executer/XSLTRenderingEngineTest.java

@@ -35,7 +35,6 @@ import org.alfresco.service.cmr.repository.ContentWriter;
 import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.service.cmr.repository.NodeService;
 import org.alfresco.service.cmr.repository.StoreRef;
-import org.alfresco.service.cmr.repository.TemplateException;
 import org.alfresco.service.cmr.repository.TemplateProcessor;
 import org.alfresco.service.cmr.repository.TemplateService;
 import org.alfresco.service.cmr.search.ResultSet;
@@ -46,7 +45,6 @@ import org.alfresco.util.GUID;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
-
 /**
  * @author Brian
  * 
@@ -84,62 +82,6 @@ public class XSLTRenderingEngineTest extends BaseAlfrescoSpringTest
                 "/app:company_home");
         this.companyHome = rs.getNodeRef(0);
     }
-    
-    public void testSecurityFilter() throws Exception
-    {
-    	try
-        {
-            FileInfo file = createXmlFile(companyHome);
-            FileInfo xslFile = createXmlFile(companyHome, insecureVerySimpleXSLT);
-
-            RenditionDefinition def = renditionService.createRenditionDefinition(QName.createQName("Test"), XSLTRenderingEngine.NAME);
-            def.setParameterValue(XSLTRenderingEngine.PARAM_TEMPLATE_NODE, xslFile.getNodeRef());
-
-            ChildAssociationRef rendition = renditionService.render(file.getNodeRef(), def);
-            log.error("This insecure template should not process!");
-            fail();
-          
-        }
-    	catch (TemplateException e) 
-    	{
-    		//pass!
-    	}
-        catch (Exception ex)
-        {
-
-        	log.error("Error!", ex);
-        	fail();
-        }
-    }
-    
-    public void testIncludeSecurityFilter() throws Exception 
-    {
-    	try
-    	{
-            FileInfo file = createXmlFile(companyHome);
-            FileInfo insecureXSLFile = createXmlFile(companyHome, insecureVerySimpleXSLT);
-
-            String includeInsecureXSLFile = String.format(insecureIncludeVerySimpleXSLT, insecureXSLFile.getName());
-            FileInfo xslFile = createXmlFile(companyHome, includeInsecureXSLFile);
-            
-            RenditionDefinition def = renditionService.createRenditionDefinition(QName.createQName("Test"), XSLTRenderingEngine.NAME);
-            def.setParameterValue(XSLTRenderingEngine.PARAM_TEMPLATE_NODE, xslFile.getNodeRef());
-
-            ChildAssociationRef rendition = renditionService.render(file.getNodeRef(), def);
-            log.error("This insecure include template should not process!");
-    		fail();
-    	}
-    	catch (TemplateException e) 
-    	{
-    		//pass!
-    	}
-        catch (Exception ex)
-        {
-
-        	log.error("Error!", ex);
-        	fail();
-        }
-    }
 
     public void testSimplestStringTemplate() throws Exception
     {
@@ -376,23 +318,6 @@ public class XSLTRenderingEngineTest extends BaseAlfrescoSpringTest
     "<xsl:template match=\"/\">" + "<xsl:for-each select=\"/nutrition/food\">"
     + "<xsl:value-of select=\"name\"/>" + "</xsl:for-each>" + "</xsl:template>" + "</xsl:stylesheet>";
 
-    private String insecureVerySimpleXSLT = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" + "<xsl:stylesheet version=\"1.0\"  "
-    + "xmlns:xsl=\"http://www.w3.org/1999/XSL/Transform\" "
-    + "xmlns:rt=\"http://xml.apache.org/xalan/java/java.lang.Runtime\"> "
-    + "xmlns:fn=\"http://www.w3.org/2005/02/xpath-functions\"> " + "<xsl:output method=\"text\" />" +
-
-    "<xsl:preserve-space elements=\"*\"/>" +
-
-    "<xsl:template match=\"/\">" + "<xsl:for-each select=\"/nutrition/food\">"
-    + "<xsl:value-of select=\"name\"/>" + "</xsl:for-each>" + "</xsl:template>" + "</xsl:stylesheet>";
-
-    private String insecureIncludeVerySimpleXSLT = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" + "<xsl:stylesheet version=\"1.0\"  "
-    + "xmlns:xsl=\"http://www.w3.org/1999/XSL/Transform\" >"
-    + "<xsl:template match=\"/\">"		
-	+ "</xsl:template>"
-    + "<xsl:include href=\"%1$s\"/>"
-    + "</xsl:stylesheet>";
-    
     private String callParseXmlDocument = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" + "<xsl:stylesheet version=\"1.0\"  "
     + "xmlns:xsl=\"http://www.w3.org/1999/XSL/Transform\" "
     + "xmlns:fn=\"http://www.w3.org/2005/02/xpath-functions\"> " + "<xsl:output method=\"text\" />" +