ruby-saml 0.9.2 → 0.9.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of ruby-saml might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/changelog.md +4 -0
- data/lib/onelogin/ruby-saml/idp_metadata_parser.rb +2 -2
- data/lib/onelogin/ruby-saml/logoutresponse.rb +1 -1
- data/lib/onelogin/ruby-saml/response.rb +4 -4
- data/lib/onelogin/ruby-saml/slo_logoutrequest.rb +2 -2
- data/lib/onelogin/ruby-saml/utils.rb +6 -1
- data/lib/onelogin/ruby-saml/version.rb +1 -1
- data/lib/xml_security.rb +4 -3
- data/test/response_test.rb +15 -7
- data/test/responses/response_node_text_attack.xml.base64 +1 -0
- metadata +5 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 573fb055ce99a95923ac659b58226dc511813b16
|
|
4
|
+
data.tar.gz: 0421758aea7faed852223275d20afc55b50f2114
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2b4c1aeab1619e8f9a25edc5e49cad974f6ca11f33546a77ae60f548ee8d97f03d9f17622124a1343da3c27c75c465b33757abde593a745d5d42714843f4cd3b
|
|
7
|
+
data.tar.gz: 2e1e414280a4098a36be4a2be9d32845b941e087df5d799e779a42e548aa19b61b6efe5c230146ef8894f1eba574745415f7d538d47a840868b60742b342874e
|
data/changelog.md
CHANGED
|
@@ -1,4 +1,8 @@
|
|
|
1
1
|
# RubySaml Changelog
|
|
2
|
+
|
|
3
|
+
### 0.9.3 (Feb 27, 2018)
|
|
4
|
+
* Fix vulnerability CVE-2017-11428. Process text of nodes properly, ignoring comments
|
|
5
|
+
|
|
2
6
|
### 0.9.2 (Apr 28, 2015)
|
|
3
7
|
* [#216](https://github.com/onelogin/ruby-saml/pull/216) Add fingerprint algorithm support
|
|
4
8
|
* [#218](https://github.com/onelogin/ruby-saml/pull/218) Update README.md
|
|
@@ -73,7 +73,7 @@ module OneLogin
|
|
|
73
73
|
|
|
74
74
|
def idp_name_id_format
|
|
75
75
|
node = REXML::XPath.first(document, "/md:EntityDescriptor/md:IDPSSODescriptor/md:NameIDFormat", { "md" => METADATA })
|
|
76
|
-
|
|
76
|
+
Utils.element_text(node)
|
|
77
77
|
end
|
|
78
78
|
|
|
79
79
|
def single_signon_service_url
|
|
@@ -89,7 +89,7 @@ module OneLogin
|
|
|
89
89
|
def certificate
|
|
90
90
|
@certificate ||= begin
|
|
91
91
|
node = REXML::XPath.first(document, "/md:EntityDescriptor/md:IDPSSODescriptor/md:KeyDescriptor[@use='signing']/ds:KeyInfo/ds:X509Data/ds:X509Certificate", { "md" => METADATA, "ds" => DSIG })
|
|
92
|
-
Base64.decode64(node
|
|
92
|
+
Base64.decode64(Utils.element_text(node)) if node
|
|
93
93
|
end
|
|
94
94
|
end
|
|
95
95
|
|
|
@@ -58,7 +58,7 @@ module OneLogin
|
|
|
58
58
|
@issuer ||= begin
|
|
59
59
|
node = REXML::XPath.first(document, "/p:LogoutResponse/a:Issuer", { "p" => PROTOCOL, "a" => ASSERTION })
|
|
60
60
|
node ||= REXML::XPath.first(document, "/p:LogoutResponse/a:Assertion/a:Issuer", { "p" => PROTOCOL, "a" => ASSERTION })
|
|
61
|
-
|
|
61
|
+
Utils.element_text(node)
|
|
62
62
|
end
|
|
63
63
|
end
|
|
64
64
|
|
|
@@ -45,7 +45,7 @@ module OneLogin
|
|
|
45
45
|
def name_id
|
|
46
46
|
@name_id ||= begin
|
|
47
47
|
node = xpath_first_from_signed_assertion('/a:Subject/a:NameID')
|
|
48
|
-
|
|
48
|
+
Utils.element_text(node)
|
|
49
49
|
end
|
|
50
50
|
end
|
|
51
51
|
|
|
@@ -79,7 +79,7 @@ module OneLogin
|
|
|
79
79
|
values = attr_element.elements.collect{|e|
|
|
80
80
|
# SAMLCore requires that nil AttributeValues MUST contain xsi:nil XML attribute set to "true" or "1"
|
|
81
81
|
# otherwise the value is to be regarded as empty.
|
|
82
|
-
["true", "1"].include?(e.attributes['xsi:nil']) ? nil : e
|
|
82
|
+
["true", "1"].include?(e.attributes['xsi:nil']) ? nil : Utils.element_text(e)
|
|
83
83
|
}
|
|
84
84
|
|
|
85
85
|
attributes.add(name, values)
|
|
@@ -108,7 +108,7 @@ module OneLogin
|
|
|
108
108
|
def status_message
|
|
109
109
|
@status_message ||= begin
|
|
110
110
|
node = REXML::XPath.first(document, "/p:Response/p:Status/p:StatusMessage", { "p" => PROTOCOL, "a" => ASSERTION })
|
|
111
|
-
|
|
111
|
+
Utils.element_text(node)
|
|
112
112
|
end
|
|
113
113
|
end
|
|
114
114
|
|
|
@@ -129,7 +129,7 @@ module OneLogin
|
|
|
129
129
|
@issuer ||= begin
|
|
130
130
|
node = REXML::XPath.first(document, "/p:Response/a:Issuer", { "p" => PROTOCOL, "a" => ASSERTION })
|
|
131
131
|
node ||= xpath_first_from_signed_assertion('/a:Issuer')
|
|
132
|
-
|
|
132
|
+
Utils.element_text(node)
|
|
133
133
|
end
|
|
134
134
|
end
|
|
135
135
|
|
|
@@ -31,7 +31,7 @@ module OneLogin
|
|
|
31
31
|
def name_id
|
|
32
32
|
@name_id ||= begin
|
|
33
33
|
node = REXML::XPath.first(document, "/p:LogoutRequest/a:NameID", { "p" => PROTOCOL, "a" => ASSERTION })
|
|
34
|
-
|
|
34
|
+
Utils.element_text(node)
|
|
35
35
|
end
|
|
36
36
|
end
|
|
37
37
|
|
|
@@ -46,7 +46,7 @@ module OneLogin
|
|
|
46
46
|
def issuer
|
|
47
47
|
@issuer ||= begin
|
|
48
48
|
node = REXML::XPath.first(document, "/p:LogoutRequest/a:Issuer", { "p" => PROTOCOL, "a" => ASSERTION })
|
|
49
|
-
|
|
49
|
+
Utils.element_text(node)
|
|
50
50
|
end
|
|
51
51
|
end
|
|
52
52
|
|
|
@@ -38,7 +38,12 @@ module OneLogin
|
|
|
38
38
|
end
|
|
39
39
|
end
|
|
40
40
|
end
|
|
41
|
-
|
|
41
|
+
# Given a REXML::Element instance, return the concatenation of all child text nodes. Assumes
|
|
42
|
+
# that there all children other than text nodes can be ignored (e.g. comments). If nil is
|
|
43
|
+
# passed, nil will be returned.
|
|
44
|
+
def self.element_text(element)
|
|
45
|
+
element.texts.join if element
|
|
46
|
+
end
|
|
42
47
|
end
|
|
43
48
|
end
|
|
44
49
|
end
|
data/lib/xml_security.rb
CHANGED
|
@@ -29,6 +29,7 @@ require "openssl"
|
|
|
29
29
|
require 'nokogiri'
|
|
30
30
|
require "digest/sha1"
|
|
31
31
|
require "digest/sha2"
|
|
32
|
+
require "onelogin/ruby-saml/utils"
|
|
32
33
|
require "onelogin/ruby-saml/validation_error"
|
|
33
34
|
|
|
34
35
|
module XMLSecurity
|
|
@@ -192,7 +193,7 @@ module XMLSecurity
|
|
|
192
193
|
raise OneLogin::RubySaml::ValidationError.new("Certificate element missing in response (ds:X509Certificate)")
|
|
193
194
|
end
|
|
194
195
|
end
|
|
195
|
-
base64_cert = cert_element
|
|
196
|
+
base64_cert = OneLogin::RubySaml::Utils.element_text(cert_element)
|
|
196
197
|
cert_text = Base64.decode64(base64_cert)
|
|
197
198
|
cert = OpenSSL::X509::Certificate.new(cert_text)
|
|
198
199
|
|
|
@@ -248,7 +249,7 @@ module XMLSecurity
|
|
|
248
249
|
digest_algorithm = algorithm(REXML::XPath.first(ref, "//ds:DigestMethod", 'ds' => DSIG))
|
|
249
250
|
|
|
250
251
|
hash = digest_algorithm.digest(canon_hashed_element)
|
|
251
|
-
digest_value = Base64.decode64(REXML::XPath.first(ref, "//ds:DigestValue", {"ds"=>DSIG})
|
|
252
|
+
digest_value = Base64.decode64(OneLogin::RubySaml::Utils.element_text(REXML::XPath.first(ref, "//ds:DigestValue", {"ds"=>DSIG})))
|
|
252
253
|
|
|
253
254
|
unless digests_match?(hash, digest_value)
|
|
254
255
|
@errors << "Digest mismatch"
|
|
@@ -256,7 +257,7 @@ module XMLSecurity
|
|
|
256
257
|
end
|
|
257
258
|
end
|
|
258
259
|
|
|
259
|
-
base64_signature = REXML::XPath.first(@sig_element, "//ds:SignatureValue", {"ds"=>DSIG})
|
|
260
|
+
base64_signature = OneLogin::RubySaml::Utils.element_text(REXML::XPath.first(@sig_element, "//ds:SignatureValue", {"ds"=>DSIG}))
|
|
260
261
|
signature = Base64.decode64(base64_signature)
|
|
261
262
|
|
|
262
263
|
# get certificate object
|
data/test/response_test.rb
CHANGED
|
@@ -124,6 +124,14 @@ class RubySamlTest < Minitest::Test
|
|
|
124
124
|
assert_equal response.name_id, "test@onelogin.com"
|
|
125
125
|
end
|
|
126
126
|
|
|
127
|
+
it "Prevent node text with comment (VU#475445) attack" do
|
|
128
|
+
response_doc = File.read(File.join(File.dirname(__FILE__), "responses", 'response_node_text_attack.xml.base64'))
|
|
129
|
+
response = OneLogin::RubySaml::Response.new(response_doc)
|
|
130
|
+
|
|
131
|
+
assert_equal "support@onelogin.com", response.name_id
|
|
132
|
+
assert_equal "smith", response.attributes["surname"]
|
|
133
|
+
end
|
|
134
|
+
|
|
127
135
|
it "support dynamic namespace resolution on signature elements" do
|
|
128
136
|
response = OneLogin::RubySaml::Response.new(fixture("no_signature_ns.xml"))
|
|
129
137
|
response.stubs(:conditions).returns(nil)
|
|
@@ -335,14 +343,14 @@ class RubySamlTest < Minitest::Test
|
|
|
335
343
|
|
|
336
344
|
it "check what happens when trying retrieve attribute that does not exists" do
|
|
337
345
|
response = OneLogin::RubySaml::Response.new(fixture(:response_with_multiple_attribute_values))
|
|
338
|
-
|
|
339
|
-
|
|
340
|
-
|
|
346
|
+
assert_nil response.attributes[:attribute_not_exists]
|
|
347
|
+
assert_nil response.attributes.single(:attribute_not_exists)
|
|
348
|
+
assert_nil response.attributes.multi(:attribute_not_exists)
|
|
341
349
|
|
|
342
350
|
OneLogin::RubySaml::Attributes.single_value_compatibility = false
|
|
343
|
-
|
|
344
|
-
|
|
345
|
-
|
|
351
|
+
assert_nil response.attributes[:attribute_not_exists]
|
|
352
|
+
assert_nil response.attributes.single(:attribute_not_exists)
|
|
353
|
+
assert_nil response.attributes.multi(:attribute_not_exists)
|
|
346
354
|
OneLogin::RubySaml::Attributes.single_value_compatibility = true
|
|
347
355
|
end
|
|
348
356
|
|
|
@@ -383,7 +391,7 @@ class RubySamlTest < Minitest::Test
|
|
|
383
391
|
malicious_response_document = fixture('response_eval', false)
|
|
384
392
|
response = OneLogin::RubySaml::Response.new(malicious_response_document)
|
|
385
393
|
response.send(:xpath_first_from_signed_assertion)
|
|
386
|
-
|
|
394
|
+
assert_nil $evalled
|
|
387
395
|
end
|
|
388
396
|
end
|
|
389
397
|
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIElEPSJHT1NBTUxSMTI5MDExNzQ1NzE3OTQiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDEwLTExLTE4VDIxOjU3OjM3WiIgRGVzdGluYXRpb249IntyZWNpcGllbnR9Ij4NCiAgPHNhbWxwOlN0YXR1cz4NCiAgICA8c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+PC9zYW1scDpTdGF0dXM+DQogIDxzYW1sOkFzc2VydGlvbiB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIFZlcnNpb249IjIuMCIgSUQ9InBmeGE0NjU3NGRmLWIzYjAtYTA2YS0yM2M4LTYzNjQxMzE5ODc3MiIgSXNzdWVJbnN0YW50PSIyMDEwLTExLTE4VDIxOjU3OjM3WiI+DQogICAgPHNhbWw6SXNzdWVyPmh0dHBzOi8vYXBwLm9uZWxvZ2luLmNvbS9zYW1sL21ldGFkYXRhLzEzNTkwPC9zYW1sOklzc3Vlcj4NCiAgICA8ZHM6U2lnbmF0dXJlIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCiAgICAgIDxkczpTaWduZWRJbmZvPg0KICAgICAgICA8ZHM6Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPg0KICAgICAgICA8ZHM6U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3JzYS1zaGExIi8+DQogICAgICAgIDxkczpSZWZlcmVuY2UgVVJJPSIjcGZ4YTQ2NTc0ZGYtYjNiMC1hMDZhLTIzYzgtNjM2NDEzMTk4NzcyIj4NCiAgICAgICAgICA8ZHM6VHJhbnNmb3Jtcz4NCiAgICAgICAgICAgIDxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPg0KICAgICAgICAgICAgPGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPg0KICAgICAgICAgIDwvZHM6VHJhbnNmb3Jtcz4NCiAgICAgICAgICA8ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiLz4NCiAgICAgICAgICA8ZHM6RGlnZXN0VmFsdWU+cEpRN01TL2VrNEtSUldHbXYvSDQzUmVIWU1zPTwvZHM6RGlnZXN0VmFsdWU+DQogICAgICAgIDwvZHM6UmVmZXJlbmNlPg0KICAgICAgPC9kczpTaWduZWRJbmZvPg0KICAgICAgPGRzOlNpZ25hdHVyZVZhbHVlPnlpdmVLY1BkRHB1RE5qNnNoclEzQUJ3ci9jQTNDcnlEMnBoRy94TFpzektXeFU1L21sYUt0OGV3YlpPZEtLdnRPczJwSEJ5NUR1YTNrOTRBRnp4R3llbDVnT293bW95WEpyQU9ya1BPMHZsaTFWOG8zaFBQVVp3UmdTWDZROXBTMUNxUWdoS2lFYXNSeXlscXFKVWFQWXptT3pPRTgvWGxNa3dpV21PMD08L2RzOlNpZ25hdHVyZVZhbHVlPg0KICAgICAgPGRzOktleUluZm8+DQogICAgICAgIDxkczpYNTA5RGF0YT4NCiAgICAgICAgICA8ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUJyVENDQWFHZ0F3SUJBZ0lCQVRBREJnRUFNR2N4Q3pBSkJnTlZCQVlUQWxWVE1STXdFUVlEVlFRSURBcERZV3hwWm05eWJtbGhNUlV3RXdZRFZRUUhEQXhUWVc1MFlTQk5iMjVwWTJFeEVUQVBCZ05WQkFvTUNFOXVaVXh2WjJsdU1Sa3dGd1lEVlFRRERCQmhjSEF1YjI1bGJHOW5hVzR1WTI5dE1CNFhEVEV3TURNd09UQTVOVGcwTlZvWERURTFNRE13T1RBNU5UZzBOVm93WnpFTE1Ba0dBMVVFQmhNQ1ZWTXhFekFSQmdOVkJBZ01Da05oYkdsbWIzSnVhV0V4RlRBVEJnTlZCQWNNREZOaGJuUmhJRTF2Ym1sallURVJNQThHQTFVRUNnd0lUMjVsVEc5bmFXNHhHVEFYQmdOVkJBTU1FR0Z3Y0M1dmJtVnNiMmRwYmk1amIyMHdnWjh3RFFZSktvWklodmNOQVFFQkJRQURnWTBBTUlHSkFvR0JBT2pTdTFmalB5OGQ1dzRReUwxemQ0aEl3MU1ra2ZmNFdZL1RMRzhPWmtVNVlUU1dtbUhQRDVrdllINXVvWFMvNnFRODFxWHBSMndWOENUb3daSlVMZzA5ZGRSZFJuOFFzcWoxRnlPQzVzbEUzeTJiWjJvRnVhNzJvZi80OWZwdWpuRlQ2S25RNjFDQk1xbERvVFFxT1Q2MnZHSjhuUDZNWld2QTZzeHF1ZDVBZ01CQUFFd0F3WUJBQU1CQUE9PTwvZHM6WDUwOUNlcnRpZmljYXRlPg0KICAgICAgICA8L2RzOlg1MDlEYXRhPg0KICAgICAgPC9kczpLZXlJbmZvPg0KICAgIDwvZHM6U2lnbmF0dXJlPg0KICAgIDxzYW1sOlN1YmplY3Q+DQogICAgICA8c2FtbDpOYW1lSUQgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoxLjE6bmFtZWlkLWZvcm1hdDplbWFpbEFkZHJlc3MiPnN1cHBvcnQ8IS0tIGF0dGFjayEgLS0+QG9uZWxvZ2luLmNvbTwvc2FtbDpOYW1lSUQ+DQogICAgICA8c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciI+DQogICAgICAgIDxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjAxMC0xMS0xOFQyMjowMjozN1oiIFJlY2lwaWVudD0ie3JlY2lwaWVudH0iLz48L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj4NCiAgICA8L3NhbWw6U3ViamVjdD4NCiAgICA8c2FtbDpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxMC0xMS0xOFQyMTo1MjozN1oiIE5vdE9uT3JBZnRlcj0iMjAxMC0xMS0xOFQyMjowMjozN1oiPg0KICAgICAgPHNhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj4NCiAgICAgICAgPHNhbWw6QXVkaWVuY2U+e2F1ZGllbmNlfTwvc2FtbDpBdWRpZW5jZT4NCiAgICAgIDwvc2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPg0KICAgIDwvc2FtbDpDb25kaXRpb25zPg0KICAgIDxzYW1sOkF1dGhuU3RhdGVtZW50IEF1dGhuSW5zdGFudD0iMjAxMC0xMS0xOFQyMTo1NzozN1oiIFNlc3Npb25Ob3RPbk9yQWZ0ZXI9IjIwMTAtMTEtMTlUMjE6NTc6MzdaIiBTZXNzaW9uSW5kZXg9Il81MzFjMzJkMjgzYmRmZjdlMDRlNDg3YmNkYmM0ZGQ4ZCI+DQogICAgICA8c2FtbDpBdXRobkNvbnRleHQ+DQogICAgICAgIDxzYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkPC9zYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPg0KICAgICAgPC9zYW1sOkF1dGhuQ29udGV4dD4NCiAgICA8L3NhbWw6QXV0aG5TdGF0ZW1lbnQ+DQogICAgPHNhbWw6QXR0cmlidXRlU3RhdGVtZW50Pg0KICAgICAgPHNhbWw6QXR0cmlidXRlIE5hbWU9InN1cm5hbWUiPg0KICAgICAgICA8c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPnM8IS0tIGF0dGFjayEgLS0+bWl0aDwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT4NCiAgICAgIDwvc2FtbDpBdHRyaWJ1dGU+DQogICAgICA8c2FtbDpBdHRyaWJ1dGUgTmFtZT0iYW5vdGhlcl92YWx1ZSI+DQogICAgICAgIDxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+dmFsdWUxPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPg0KICAgICAgICA8c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPnZhbHVlMjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT4NCiAgICAgIDwvc2FtbDpBdHRyaWJ1dGU+DQogICAgICA8c2FtbDpBdHRyaWJ1dGUgTmFtZT0icm9sZSI+DQogICAgICAgIDxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+cm9sZTE8L3NhbWw6QXR0cmlidXRlVmFsdWU+DQogICAgICA8L3NhbWw6QXR0cmlidXRlPg0KICAgIDwvc2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+DQogICAgPHNhbWw6QXR0cmlidXRlU3RhdGVtZW50Pg0KICAgICAgPHNhbWw6QXR0cmlidXRlIE5hbWU9ImZpcnN0bmFtZSI+DQogICAgICAgIDxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+Ym9iPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPg0KICAgICAgPC9zYW1sOkF0dHJpYnV0ZT4gIA0KICAgICAgPHNhbWw6QXR0cmlidXRlIE5hbWU9ImF0dHJpYnV0ZV93aXRoX25pbF92YWx1ZSI+DQogICAgICAgIDxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOm5pbD0idHJ1ZSIvPg0KICAgICAgPC9zYW1sOkF0dHJpYnV0ZT4NCiAgICAgIDxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJhdHRyaWJ1dGVfd2l0aF9uaWxzX2FuZF9lbXB0eV9zdHJpbmdzIj4NCiAgICAgICAgPHNhbWw6QXR0cmlidXRlVmFsdWUvPg0KICAgICAgICA8c2FtbDpBdHRyaWJ1dGVWYWx1ZT52YWx1ZVByZXNlbnQ8L3NhbWw6QXR0cmlidXRlVmFsdWU+DQogICAgICAgIDxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOm5pbD0idHJ1ZSIvPg0KICAgICAgICA8c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTpuaWw9IjEiLz4NCiAgICAgIDwvc2FtbDpBdHRyaWJ1dGU+DQogICAgPC9zYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD4NCiAgPC9zYW1sOkFzc2VydGlvbj4NCjwvc2FtbHA6UmVzcG9uc2U+
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ruby-saml
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.9.
|
|
4
|
+
version: 0.9.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- OneLogin LLC
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2018-02-27 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: uuid
|
|
@@ -212,6 +212,7 @@ files:
|
|
|
212
212
|
- test/responses/response5.xml.base64
|
|
213
213
|
- test/responses/response_eval.xml
|
|
214
214
|
- test/responses/response_no_cert_and_encrypted_attrs.xml
|
|
215
|
+
- test/responses/response_node_text_attack.xml.base64
|
|
215
216
|
- test/responses/response_with_ampersands.xml
|
|
216
217
|
- test/responses/response_with_ampersands.xml.base64
|
|
217
218
|
- test/responses/response_with_multiple_attribute_values.xml
|
|
@@ -246,7 +247,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
246
247
|
version: '0'
|
|
247
248
|
requirements: []
|
|
248
249
|
rubyforge_project: http://www.rubygems.org/gems/ruby-saml
|
|
249
|
-
rubygems_version: 2.
|
|
250
|
+
rubygems_version: 2.5.2.1
|
|
250
251
|
signing_key:
|
|
251
252
|
specification_version: 4
|
|
252
253
|
summary: SAML Ruby Tookit
|
|
@@ -278,6 +279,7 @@ test_files:
|
|
|
278
279
|
- test/responses/response5.xml.base64
|
|
279
280
|
- test/responses/response_eval.xml
|
|
280
281
|
- test/responses/response_no_cert_and_encrypted_attrs.xml
|
|
282
|
+
- test/responses/response_node_text_attack.xml.base64
|
|
281
283
|
- test/responses/response_with_ampersands.xml
|
|
282
284
|
- test/responses/response_with_ampersands.xml.base64
|
|
283
285
|
- test/responses/response_with_multiple_attribute_values.xml
|