RubyGems - ruby-saml - Versions diffs - 0.8.12 → 0.8.13 - Mend

ruby-saml 0.8.12 → 0.8.13

Potentially problematic release.

This version of ruby-saml might be problematic. Click here for more details.

Files changed (21) hide show

checksums.yaml +7 -7
data/lib/onelogin/ruby-saml/logoutresponse.rb +1 -24
data/lib/onelogin/ruby-saml/response.rb +3 -1
data/lib/onelogin/ruby-saml/utils.rb +65 -0
data/lib/onelogin/ruby-saml/version.rb +1 -1
data/lib/xml_security.rb +216 -86
data/test/certificates/ruby-saml-2.crt +15 -0
data/test/response_test.rb +20 -0
data/test/responses/adfs_response_xmlns.xml +45 -0
data/test/responses/invalids/multiple_signed.xml.base64 +1 -0
data/test/responses/invalids/no_signature.xml.base64 +1 -0
data/test/responses/invalids/response_with_concealed_signed_assertion.xml +51 -0
data/test/responses/invalids/response_with_doubled_signed_assertion.xml +49 -0
data/test/responses/invalids/signature_wrapping_attack.xml.base64 +1 -0
data/test/responses/response_with_signed_assertion_3.xml +30 -0
data/test/responses/response_with_signed_message_and_assertion.xml +34 -0
data/test/responses/response_with_undefined_recipient.xml.base64 +1 -0
data/test/responses/valid_response_without_x509certificate.xml.base64 +1 -0
data/test/test_helper.rb +62 -30
data/test/xml_security_test.rb +281 -37
metadata +70 -45

metadata CHANGED

@@ -1,49 +1,54 @@
---- !ruby/object:Gem::Specification
+--- !ruby/object:Gem::Specification
 name: ruby-saml
-version: !ruby/object:Gem::Version
-  version: 0.8.12
+version: !ruby/object:Gem::Version
+  version: 0.8.13
 platform: ruby
-authors:
+authors:
 - OneLogin LLC
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-05-08 00:00:00 Z
-dependencies:
-- !ruby/object:Gem::Dependency
+date: 2020-07-23 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
   name: uuid
-  prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement
-    requirements:
-    - - ~>
-      - !ruby/object:Gem::Version
-        version: "2.3"
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.3'
   type: :runtime
-  version_requirements: *id001
-- !ruby/object:Gem::Dependency
-  name: nokogiri
   prerelease: false
-  requirement: &id002 !ruby/object:Gem::Requirement
-    requirements:
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.3'
+- !ruby/object:Gem::Dependency
+  name: nokogiri
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
     - - ">="
-      - !ruby/object:Gem::Version
+      - !ruby/object:Gem::Version
         version: 1.5.0
   type: :runtime
-  version_requirements: *id002
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.5.0
 description: SAML toolkit for Ruby on Rails
 email: support@onelogin.com
 executables: []
 extensions: []
-extra_rdoc_files:
+extra_rdoc_files:
 - LICENSE
 - README.md
-files:
-- .document
-- .gitignore
-- .travis.yml
+files:
+- ".document"
+- ".gitignore"
+- ".travis.yml"
 - Gemfile
 - LICENSE
 - README.md
@@ -71,6 +76,7 @@ files:
 - ruby-saml.gemspec
 - test/certificates/certificate1
 - test/certificates/r1_certificate2_base64
+- test/certificates/ruby-saml-2.crt
 - test/certificates/ruby-saml.crt
 - test/certificates/ruby-saml.key
 - test/logoutrequest_test.rb
@@ -81,7 +87,13 @@ files:
 - test/responses/adfs_response_sha256.xml
 - test/responses/adfs_response_sha384.xml
 - test/responses/adfs_response_sha512.xml
+- test/responses/adfs_response_xmlns.xml
 - test/responses/encrypted_new_attack.xml.base64
+- test/responses/invalids/multiple_signed.xml.base64
+- test/responses/invalids/no_signature.xml.base64
+- test/responses/invalids/response_with_concealed_signed_assertion.xml
+- test/responses/invalids/response_with_doubled_signed_assertion.xml
+- test/responses/invalids/signature_wrapping_attack.xml.base64
 - test/responses/logoutresponse_fixtures.rb
 - test/responses/no_signature_ns.xml
 - test/responses/open_saml_response.xml
@@ -99,10 +111,14 @@ files:
 - test/responses/response_with_doubled_signed_assertion.xml
 - test/responses/response_with_multiple_attribute_statements.xml
 - test/responses/response_with_multiple_attribute_values.xml
+- test/responses/response_with_signed_assertion_3.xml
+- test/responses/response_with_signed_message_and_assertion.xml
+- test/responses/response_with_undefined_recipient.xml.base64
 - test/responses/response_wrapped.xml.base64
 - test/responses/simple_saml_php.xml
 - test/responses/starfield_response.xml.base64
 - test/responses/valid_response.xml.base64
+- test/responses/valid_response_without_x509certificate.xml.base64
 - test/responses/wrapped_response_2.xml.base64
 - test/settings_test.rb
 - test/slo_logoutresponse_test.rb
@@ -111,33 +127,32 @@ files:
 - test/xml_security_test.rb
 homepage: http://github.com/onelogin/ruby-saml
 licenses: []
 metadata: {}
 post_install_message:
-rdoc_options:
-- --charset=UTF-8
-require_paths:
+rdoc_options:
+- "--charset=UTF-8"
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement
-  requirements:
-  - &id003
-    - ">="
-    - !ruby/object:Gem::Version
-      version: "0"
-required_rubygems_version: !ruby/object:Gem::Requirement
-  requirements:
-  - *id003
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
 requirements: []
 rubyforge_project: http://www.rubygems.org/gems/ruby-saml
-rubygems_version: 2.7.7
+rubygems_version: 2.4.8
 signing_key:
 specification_version: 4
 summary: SAML Ruby Tookit
-test_files:
+test_files:
 - test/certificates/certificate1
 - test/certificates/r1_certificate2_base64
+- test/certificates/ruby-saml-2.crt
 - test/certificates/ruby-saml.crt
 - test/certificates/ruby-saml.key
 - test/logoutrequest_test.rb
@@ -148,7 +163,13 @@ test_files:
 - test/responses/adfs_response_sha256.xml
 - test/responses/adfs_response_sha384.xml
 - test/responses/adfs_response_sha512.xml
+- test/responses/adfs_response_xmlns.xml
 - test/responses/encrypted_new_attack.xml.base64
+- test/responses/invalids/multiple_signed.xml.base64
+- test/responses/invalids/no_signature.xml.base64
+- test/responses/invalids/response_with_concealed_signed_assertion.xml
+- test/responses/invalids/response_with_doubled_signed_assertion.xml
+- test/responses/invalids/signature_wrapping_attack.xml.base64
 - test/responses/logoutresponse_fixtures.rb
 - test/responses/no_signature_ns.xml
 - test/responses/open_saml_response.xml
@@ -166,10 +187,14 @@ test_files:
 - test/responses/response_with_doubled_signed_assertion.xml
 - test/responses/response_with_multiple_attribute_statements.xml
 - test/responses/response_with_multiple_attribute_values.xml
+- test/responses/response_with_signed_assertion_3.xml
+- test/responses/response_with_signed_message_and_assertion.xml
+- test/responses/response_with_undefined_recipient.xml.base64
 - test/responses/response_wrapped.xml.base64
 - test/responses/simple_saml_php.xml
 - test/responses/starfield_response.xml.base64
 - test/responses/valid_response.xml.base64
+- test/responses/valid_response_without_x509certificate.xml.base64
 - test/responses/wrapped_response_2.xml.base64
 - test/settings_test.rb
 - test/slo_logoutresponse_test.rb