ruby-saml-mod 0.3.2 → 0.3.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/onelogin/saml.rb +8 -0
- data/lib/onelogin/saml/base_assertion.rb +12 -2
- data/spec/logout_response_spec.rb +6 -0
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d02bac8c935c4d507958fe156c40594db905fe48
|
|
4
|
+
data.tar.gz: 46e0b658bb92f769a0a4f10df098ebd912be9ec8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: afef8cf1ea14e68263dded8a98ef44bb1bca63c94322386e23ffe67eb60d64bd07f98dae75d15d72b6b3a1fd1fea144da84fc6ea75ee5ce719e7a2abbeba19f0
|
|
7
|
+
data.tar.gz: e350bcbfba23e2ca8facac0dcba29a3b0373865461007c2a316b07a0bd01b584b6fa0e1fa1ce49ca6462e55198a38e1f3cab3c7d441392b2e0befd56be2470be
|
data/lib/onelogin/saml.rb
CHANGED
|
@@ -33,6 +33,14 @@ module Onelogin
|
|
|
33
33
|
"urn:oid:1.3.6.1.4.1.5923.1.2.1.5" => "eduOrgSuperiorURI",
|
|
34
34
|
"urn:oid:1.3.6.1.4.1.5923.1.2.1.6" => "eduOrgWhitePagesURI",
|
|
35
35
|
}
|
|
36
|
+
|
|
37
|
+
module Saml
|
|
38
|
+
class << self
|
|
39
|
+
def config
|
|
40
|
+
@config ||= { max_message_size: 1024 * 1024 }
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
end
|
|
36
44
|
end
|
|
37
45
|
|
|
38
46
|
require 'onelogin/saml/base_assertion'
|
|
@@ -58,13 +58,23 @@ module Onelogin::Saml
|
|
|
58
58
|
end
|
|
59
59
|
|
|
60
60
|
def self.parse(raw_assertion, settings = nil)
|
|
61
|
+
raise "SAML assertion too large" if raw_assertion.bytesize > Onelogin::Saml.config[:max_message_size]
|
|
61
62
|
assertion = new
|
|
62
63
|
assertion.base64_assertion = raw_assertion
|
|
63
64
|
|
|
64
65
|
decoded_xml = Base64.decode64(raw_assertion)
|
|
65
|
-
zlib = Zlib::Inflate.new
|
|
66
|
+
zlib = Zlib::Inflate.new
|
|
66
67
|
|
|
67
|
-
|
|
68
|
+
xml = ''
|
|
69
|
+
# do it in 1K slices, so we can protect against bombs
|
|
70
|
+
(0..decoded_xml.bytesize / 1024).each do |i|
|
|
71
|
+
xml.concat(zlib.inflate(decoded_xml.byteslice(i * 1024, 1024)))
|
|
72
|
+
raise "SAML assertion too large" if xml.bytesize > Onelogin::Saml.config[:max_message_size]
|
|
73
|
+
end
|
|
74
|
+
xml.concat(zlib.finish)
|
|
75
|
+
raise "SAML assertion too large" if xml.bytesize > Onelogin::Saml.config[:max_message_size]
|
|
76
|
+
|
|
77
|
+
assertion.xml = xml
|
|
68
78
|
|
|
69
79
|
assertion.process(settings) if settings
|
|
70
80
|
assertion
|
|
@@ -24,6 +24,12 @@ describe Onelogin::Saml::LogoutResponse do
|
|
|
24
24
|
Onelogin::Saml::LogoutResponse::generate(in_response_to, settings).document
|
|
25
25
|
end
|
|
26
26
|
|
|
27
|
+
it "protects against deflate bombs" do
|
|
28
|
+
# this decompresses to 2MB of NULLs
|
|
29
|
+
bomb = "eJztwTEBAAAAwqD1T20MH6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvgYB4AAB"
|
|
30
|
+
expect { Onelogin::Saml::LogoutResponse.parse(bomb) }.to raise_error("SAML assertion too large")
|
|
31
|
+
end
|
|
32
|
+
|
|
27
33
|
it "includes destination in the saml:LogoutRequest attributes" do
|
|
28
34
|
value = xml.at_xpath('/samlp:LogoutResponse', Onelogin::NAMESPACES)['Destination']
|
|
29
35
|
expect(value).to eq "http://idp.example.com/saml2?existing=param&existing=param"
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ruby-saml-mod
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.3.
|
|
4
|
+
version: 0.3.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- OneLogin LLC
|
|
@@ -14,7 +14,7 @@ authors:
|
|
|
14
14
|
autorequire:
|
|
15
15
|
bindir: bin
|
|
16
16
|
cert_chain: []
|
|
17
|
-
date: 2017-
|
|
17
|
+
date: 2017-03-23 00:00:00.000000000 Z
|
|
18
18
|
dependencies:
|
|
19
19
|
- !ruby/object:Gem::Dependency
|
|
20
20
|
name: nokogiri
|
|
@@ -138,7 +138,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
138
138
|
version: '0'
|
|
139
139
|
requirements: []
|
|
140
140
|
rubyforge_project:
|
|
141
|
-
rubygems_version: 2.6.
|
|
141
|
+
rubygems_version: 2.6.11
|
|
142
142
|
signing_key:
|
|
143
143
|
specification_version: 4
|
|
144
144
|
summary: Ruby library for SAML service providers
|