ruby-saml-mod 0.3.2 → 0.3.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/onelogin/saml.rb +8 -0
- data/lib/onelogin/saml/base_assertion.rb +12 -2
- data/spec/logout_response_spec.rb +6 -0
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d02bac8c935c4d507958fe156c40594db905fe48
|
|
4
|
+
data.tar.gz: 46e0b658bb92f769a0a4f10df098ebd912be9ec8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: afef8cf1ea14e68263dded8a98ef44bb1bca63c94322386e23ffe67eb60d64bd07f98dae75d15d72b6b3a1fd1fea144da84fc6ea75ee5ce719e7a2abbeba19f0
|
|
7
|
+
data.tar.gz: e350bcbfba23e2ca8facac0dcba29a3b0373865461007c2a316b07a0bd01b584b6fa0e1fa1ce49ca6462e55198a38e1f3cab3c7d441392b2e0befd56be2470be
|
data/lib/onelogin/saml.rb
CHANGED
|
@@ -33,6 +33,14 @@ module Onelogin
|
|
|
33
33
|
"urn:oid:1.3.6.1.4.1.5923.1.2.1.5" => "eduOrgSuperiorURI",
|
|
34
34
|
"urn:oid:1.3.6.1.4.1.5923.1.2.1.6" => "eduOrgWhitePagesURI",
|
|
35
35
|
}
|
|
36
|
+
|
|
37
|
+
module Saml
|
|
38
|
+
class << self
|
|
39
|
+
def config
|
|
40
|
+
@config ||= { max_message_size: 1024 * 1024 }
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
end
|
|
36
44
|
end
|
|
37
45
|
|
|
38
46
|
require 'onelogin/saml/base_assertion'
|
|
@@ -58,13 +58,23 @@ module Onelogin::Saml
|
|
|
58
58
|
end
|
|
59
59
|
|
|
60
60
|
def self.parse(raw_assertion, settings = nil)
|
|
61
|
+
raise "SAML assertion too large" if raw_assertion.bytesize > Onelogin::Saml.config[:max_message_size]
|
|
61
62
|
assertion = new
|
|
62
63
|
assertion.base64_assertion = raw_assertion
|
|
63
64
|
|
|
64
65
|
decoded_xml = Base64.decode64(raw_assertion)
|
|
65
|
-
zlib = Zlib::Inflate.new
|
|
66
|
+
zlib = Zlib::Inflate.new
|
|
66
67
|
|
|
67
|
-
|
|
68
|
+
xml = ''
|
|
69
|
+
# do it in 1K slices, so we can protect against bombs
|
|
70
|
+
(0..decoded_xml.bytesize / 1024).each do |i|
|
|
71
|
+
xml.concat(zlib.inflate(decoded_xml.byteslice(i * 1024, 1024)))
|
|
72
|
+
raise "SAML assertion too large" if xml.bytesize > Onelogin::Saml.config[:max_message_size]
|
|
73
|
+
end
|
|
74
|
+
xml.concat(zlib.finish)
|
|
75
|
+
raise "SAML assertion too large" if xml.bytesize > Onelogin::Saml.config[:max_message_size]
|
|
76
|
+
|
|
77
|
+
assertion.xml = xml
|
|
68
78
|
|
|
69
79
|
assertion.process(settings) if settings
|
|
70
80
|
assertion
|
|
@@ -24,6 +24,12 @@ describe Onelogin::Saml::LogoutResponse do
|
|
|
24
24
|
Onelogin::Saml::LogoutResponse::generate(in_response_to, settings).document
|
|
25
25
|
end
|
|
26
26
|
|
|
27
|
+
it "protects against deflate bombs" do
|
|
28
|
+
# this decompresses to 2MB of NULLs
|
|
29
|
+
bomb = "eJztwTEBAAAAwqD1T20MH6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvgYB4AAB"
|
|
30
|
+
expect { Onelogin::Saml::LogoutResponse.parse(bomb) }.to raise_error("SAML assertion too large")
|
|
31
|
+
end
|
|
32
|
+
|
|
27
33
|
it "includes destination in the saml:LogoutRequest attributes" do
|
|
28
34
|
value = xml.at_xpath('/samlp:LogoutResponse', Onelogin::NAMESPACES)['Destination']
|
|
29
35
|
expect(value).to eq "http://idp.example.com/saml2?existing=param&existing=param"
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ruby-saml-mod
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.3.
|
|
4
|
+
version: 0.3.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- OneLogin LLC
|
|
@@ -14,7 +14,7 @@ authors:
|
|
|
14
14
|
autorequire:
|
|
15
15
|
bindir: bin
|
|
16
16
|
cert_chain: []
|
|
17
|
-
date: 2017-
|
|
17
|
+
date: 2017-03-23 00:00:00.000000000 Z
|
|
18
18
|
dependencies:
|
|
19
19
|
- !ruby/object:Gem::Dependency
|
|
20
20
|
name: nokogiri
|
|
@@ -138,7 +138,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
138
138
|
version: '0'
|
|
139
139
|
requirements: []
|
|
140
140
|
rubyforge_project:
|
|
141
|
-
rubygems_version: 2.6.
|
|
141
|
+
rubygems_version: 2.6.11
|
|
142
142
|
signing_key:
|
|
143
143
|
specification_version: 4
|
|
144
144
|
summary: Ruby library for SAML service providers
|