ruby-saml 0.8.3 → 0.8.4

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of ruby-saml might be problematic. Click here for more details.

Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/changelog.md +3 -0
  3. data/lib/onelogin/ruby-saml/utils.rb +1 -1
  4. data/lib/onelogin/ruby-saml/version.rb +1 -1
  5. data/test/utils_test.rb +41 -0
  6. metadata +4 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: f4097d7f4bcd13aa1ca745797b87159cc5980617
4
- data.tar.gz: 9b70f265ae75b3dafe2884b001f138d3e21e515b
3
+ metadata.gz: f485d8f86fc7bab5dccd17139c2b4c47f06d2ca7
4
+ data.tar.gz: b01df64b87b3eb6f6765960dc8bc4a5f7c4349dc
5
5
  SHA512:
6
- metadata.gz: 00c0b519afbb725de8464e61676681abfc6235fdc6756f87384623a044d7fc5ccb9a939d051229da9dc946e4a2983de9d970729c7e6ac27fa84c5cffad3ced51
7
- data.tar.gz: 6dc1aaa0d3c472374ae20f7a6d401df09899b9e44c93fe71f149bf299cc8b26f199949703424a13c6a4b3f83cde856ed38f3ecbf283ab8e48066646af655989b
6
+ metadata.gz: 88de3d60dadfb99be4e9158aaedae71165144150b8f88104c2cc130567ca61f859eebf0ca39ca44f4da56dbd1f36f2bfb8cbb66e2337a4da8cb3359703432cef
7
+ data.tar.gz: 2c4fce97b7b9ff0c4763199dd6b0a3f926fcc349617e5d2b5b717f5a131856fa2736ba85992ecf9a256801875ff6e919961363a1031652c52a1d80b2b742d66e
data/changelog.md CHANGED
@@ -1,5 +1,8 @@
1
1
  # RubySaml Changelog
2
2
 
3
+ ### 0.8.4 (March 5, 2018)
4
+ * Improve the fix for CVE-2017-11428 to parse CDATA properly
5
+
3
6
  ### 0.8.3 (Feb 27, 2018)
4
7
  * Fix vulnerability CVE-2017-11428. Process text of nodes properly, ignoring comments
5
8
  * Fix DigestMethod lookup bug #144
data/lib/onelogin/ruby-saml/utils.rb CHANGED
@@ -8,7 +8,7 @@ module OneLogin
8
8
  # that there all children other than text nodes can be ignored (e.g. comments). If nil is
9
9
  # passed, nil will be returned.
10
10
  def self.element_text(element)
11
- element.texts.join if element
11
+ element.texts.map(&:value).join if element
12
12
  end
13
13
  end
14
14
  end
data/lib/onelogin/ruby-saml/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module OneLogin
2
2
  module RubySaml
3
- VERSION = '0.8.3'
3
+ VERSION = '0.8.4'
4
4
  end
5
5
  end
data/test/utils_test.rb ADDED
@@ -0,0 +1,41 @@
1
+ require File.expand_path(File.join(File.dirname(__FILE__), "test_helper"))
2
+
3
+ class UtilsTest < Test::Unit::TestCase
4
+ context "Utils" do
5
+ context 'element_text' do
6
+ should 'returns the element text' do
7
+ element = REXML::Document.new('<element>element text</element>').elements.first
8
+ assert_equal 'element text', OneLogin::RubySaml::Utils.element_text(element)
9
+ end
10
+
11
+ should 'returns all segments of the element text' do
12
+ element = REXML::Document.new('<element>element <!-- comment -->text</element>').elements.first
13
+ assert_equal 'element text', OneLogin::RubySaml::Utils.element_text(element)
14
+ end
15
+
16
+ should 'returns normalized element text' do
17
+ element = REXML::Document.new('<element>element &amp; text</element>').elements.first
18
+ assert_equal 'element & text', OneLogin::RubySaml::Utils.element_text(element)
19
+ end
20
+
21
+ should 'returns the CDATA element text' do
22
+ element = REXML::Document.new('<element><![CDATA[element & text]]></element>').elements.first
23
+ assert_equal 'element & text', OneLogin::RubySaml::Utils.element_text(element)
24
+ end
25
+
26
+ should 'returns the element text with newlines and additional whitespace' do
27
+ element = REXML::Document.new("<element> element \n text </element>").elements.first
28
+ assert_equal " element \n text ", OneLogin::RubySaml::Utils.element_text(element)
29
+ end
30
+
31
+ should 'returns nil when element is nil' do
32
+ assert_nil OneLogin::RubySaml::Utils.element_text(nil)
33
+ end
34
+
35
+ should 'returns empty string when element has no text' do
36
+ element = REXML::Document.new('<element></element>').elements.first
37
+ assert_equal '', OneLogin::RubySaml::Utils.element_text(element)
38
+ end
39
+ end
40
+ end
41
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ruby-saml
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.8.3
4
+ version: 0.8.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - OneLogin LLC
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-02-27 00:00:00.000000000 Z
11
+ date: 2018-03-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: uuid
@@ -99,6 +99,7 @@ files:
99
99
  - test/responses/wrapped_response_2.xml.base64
100
100
  - test/settings_test.rb
101
101
  - test/test_helper.rb
102
+ - test/utils_test.rb
102
103
  - test/xml_security_test.rb
103
104
  homepage: http://github.com/onelogin/ruby-saml
104
105
  licenses: []
@@ -153,4 +154,5 @@ test_files:
153
154
  - test/responses/wrapped_response_2.xml.base64
154
155
  - test/settings_test.rb
155
156
  - test/test_helper.rb
157
+ - test/utils_test.rb
156
158
  - test/xml_security_test.rb