RubyGems - ruby-saml - Versions diffs - 0.9.3 → 0.9.4 - Mend

ruby-saml 0.9.3 → 0.9.4

Potentially problematic release.

This version of ruby-saml might be problematic. Click here for more details.

Files changed (6) hide show

checksums.yaml +4 -4
data/changelog.md +3 -0
data/lib/onelogin/ruby-saml/utils.rb +1 -1
data/lib/onelogin/ruby-saml/version.rb +1 -1
data/test/utils_test.rb +41 -0
metadata +5 -3

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 573fb055ce99a95923ac659b58226dc511813b16
-  data.tar.gz: 0421758aea7faed852223275d20afc55b50f2114
+  metadata.gz: e6899da69ca7253760c8766c25579be80e078459
+  data.tar.gz: a38aa8ac9f56af0ecc11d2a41143570f3ba2c55f
 SHA512:
-  metadata.gz: 2b4c1aeab1619e8f9a25edc5e49cad974f6ca11f33546a77ae60f548ee8d97f03d9f17622124a1343da3c27c75c465b33757abde593a745d5d42714843f4cd3b
-  data.tar.gz: 2e1e414280a4098a36be4a2be9d32845b941e087df5d799e779a42e548aa19b61b6efe5c230146ef8894f1eba574745415f7d538d47a840868b60742b342874e
+  metadata.gz: 9bbe6c965d9d01e30e48e7378d98bfe0daae344f83e3a63349a51df674c9e59bf9f4d1304c01a3e040f1c1aabeb87040d2e1ee9a6866a7161c58fef251ecafcc
+  data.tar.gz: ee92e4423bedfb8889b56cb763754cdafd24e4f5ec42cd36e904169af827c14422412f0a5537899abab47a1a210bb9f960439b988f30ff343a1853954a85bafc

data/changelog.md CHANGED

@@ -1,5 +1,8 @@
 # RubySaml Changelog
+### 0.9.4 (March 5, 2018)
+* Improve the fix for CVE-2017-11428 to parse CDATA properly
 ### 0.9.3 (Feb 27, 2018)
 * Fix vulnerability CVE-2017-11428. Process text of nodes properly, ignoring comments

data/lib/onelogin/ruby-saml/utils.rb CHANGED

@@ -42,7 +42,7 @@ module OneLogin
       # that there all children other than text nodes can be ignored (e.g. comments). If nil is
       # passed, nil will be returned.
       def self.element_text(element)
-        element.texts.join if element
+        element.texts.map(&:value).join if element
       end
     end
   end

data/lib/onelogin/ruby-saml/version.rb CHANGED

@@ -1,5 +1,5 @@
 module OneLogin
   module RubySaml
-    VERSION = '0.9.3'
+    VERSION = '0.9.4'
   end
 end

data/test/utils_test.rb ADDED

@@ -0,0 +1,41 @@
+require File.expand_path(File.join(File.dirname(__FILE__), "test_helper"))
+class UtilsTest < Minitest::Test
+  describe "Utils" do
+    describe 'element_text' do
+      it 'returns the element text' do
+        element = REXML::Document.new('<element>element text</element>').elements.first
+        assert_equal 'element text', OneLogin::RubySaml::Utils.element_text(element)
+      end
+      it 'returns all segments of the element text' do
+        element = REXML::Document.new('<element>element <!-- comment -->text</element>').elements.first
+        assert_equal 'element text', OneLogin::RubySaml::Utils.element_text(element)
+      end
+      it 'returns normalized element text' do
+        element = REXML::Document.new('<element>element &amp; text</element>').elements.first
+        assert_equal 'element & text', OneLogin::RubySaml::Utils.element_text(element)
+      end
+      it 'returns the CDATA element text' do
+        element = REXML::Document.new('<element><![CDATA[element & text]]></element>').elements.first
+        assert_equal 'element & text', OneLogin::RubySaml::Utils.element_text(element)
+      end
+      it 'returns the element text with newlines and additional whitespace' do
+        element = REXML::Document.new("<element>  element \n text  </element>").elements.first
+        assert_equal "  element \n text  ", OneLogin::RubySaml::Utils.element_text(element)
+      end
+      it 'returns nil when element is nil' do
+        assert_nil OneLogin::RubySaml::Utils.element_text(nil)
+      end
+      it 'returns empty string when element has no text' do
+        element = REXML::Document.new('<element></element>').elements.first
+        assert_equal '', OneLogin::RubySaml::Utils.element_text(element)
+      end
+    end
+  end
+end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ruby-saml
 version: !ruby/object:Gem::Version
-  version: 0.9.3
+  version: 0.9.4
 platform: ruby
 authors:
 - OneLogin LLC
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-02-27 00:00:00.000000000 Z
+date: 2018-03-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: uuid
@@ -225,6 +225,7 @@ files:
 - test/slo_logoutrequest_test.rb
 - test/slo_logoutresponse_test.rb
 - test/test_helper.rb
+- test/utils_test.rb
 - test/xml_security_test.rb
 homepage: http://github.com/onelogin/ruby-saml
 licenses:
@@ -247,7 +248,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: http://www.rubygems.org/gems/ruby-saml
-rubygems_version: 2.5.2.1
+rubygems_version: 2.5.1
 signing_key:
 specification_version: 4
 summary: SAML Ruby Tookit
@@ -292,4 +293,5 @@ test_files:
 - test/slo_logoutrequest_test.rb
 - test/slo_logoutresponse_test.rb
 - test/test_helper.rb
+- test/utils_test.rb
 - test/xml_security_test.rb