ruby-saml 1.12.3 → 1.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.


This version of ruby-saml might be problematic. Click here for more details.

data/lib/xml_security.rb CHANGED
@@ -159,15 +159,13 @@ module XMLSecurity
159
159
  x509_cert_element.text = Base64.encode64(certificate.to_der).gsub(/\n/, "")
160
160
 
161
161
  # add the signature
162
- issuer_element = self.elements["//saml:Issuer"]
162
+ issuer_element = elements["//saml:Issuer"]
163
163
  if issuer_element
164
- self.root.insert_after issuer_element, signature_element
164
+ root.insert_after(issuer_element, signature_element)
165
+ elsif first_child = root.children[0]
166
+ root.insert_before(first_child, signature_element)
165
167
  else
166
- if sp_sso_descriptor = self.elements["/md:EntityDescriptor"]
167
- self.root.insert_before sp_sso_descriptor, signature_element
168
- else
169
- self.root.add_element(signature_element)
170
- end
168
+ root.add_element(signature_element)
171
169
  end
172
170
  end
173
171
 
@@ -312,30 +310,17 @@ module XMLSecurity
312
310
  canon_string = noko_signed_info_element.canonicalize(canon_algorithm)
313
311
  noko_sig_element.remove
314
312
 
315
- # get signed info
316
- signed_info_element = REXML::XPath.first(
317
- sig_element,
318
- "./ds:SignedInfo",
319
- { "ds" => DSIG }
320
- )
321
-
322
313
  # get inclusive namespaces
323
314
  inclusive_namespaces = extract_inclusive_namespaces
324
315
 
325
316
  # check digests
326
- ref = REXML::XPath.first(signed_info_element, "./ds:Reference", {"ds"=>DSIG})
327
-
328
- reference_nodes = document.xpath("//*[@ID=$id]", nil, { 'id' => extract_signed_element_id })
317
+ ref = REXML::XPath.first(sig_element, "//ds:Reference", {"ds"=>DSIG})
329
318
 
330
- if reference_nodes.length > 1 # ensures no elements with same ID to prevent signature wrapping attack.
331
- return append_error("Duplicated IDs found", soft)
332
- end
333
-
334
- hashed_element = reference_nodes[0]
319
+ hashed_element = document.at_xpath("//*[@ID=$id]", nil, { 'id' => extract_signed_element_id })
335
320
 
336
321
  canon_algorithm = canon_algorithm REXML::XPath.first(
337
- signed_info_element,
338
- './ds:CanonicalizationMethod',
322
+ ref,
323
+ '//ds:CanonicalizationMethod',
339
324
  { "ds" => DSIG }
340
325
  )
341
326
 
@@ -345,13 +330,13 @@ module XMLSecurity
345
330
 
346
331
  digest_algorithm = algorithm(REXML::XPath.first(
347
332
  ref,
348
- "./ds:DigestMethod",
333
+ "//ds:DigestMethod",
349
334
  { "ds" => DSIG }
350
335
  ))
351
336
  hash = digest_algorithm.digest(canon_hashed_element)
352
337
  encoded_digest_value = REXML::XPath.first(
353
338
  ref,
354
- "./ds:DigestValue",
339
+ "//ds:DigestValue",
355
340
  { "ds" => DSIG }
356
341
  )
357
342
  digest_value = Base64.decode64(OneLogin::RubySaml::Utils.element_text(encoded_digest_value))
@@ -377,7 +362,7 @@ module XMLSecurity
377
362
  def process_transforms(ref, canon_algorithm)
378
363
  transforms = REXML::XPath.match(
379
364
  ref,
380
- "./ds:Transforms/ds:Transform",
365
+ "//ds:Transforms/ds:Transform",
381
366
  { "ds" => DSIG }
382
367
  )
383
368
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ruby-saml
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.12.3
4
+ version: 1.13.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - OneLogin LLC
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-09-10 00:00:00.000000000 Z
11
+ date: 2021-09-06 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: nokogiri
@@ -173,13 +173,14 @@ extra_rdoc_files:
173
173
  - README.md
174
174
  files:
175
175
  - ".document"
176
+ - ".github/workflows/test.yml"
176
177
  - ".gitignore"
177
- - ".travis.yml"
178
+ - CHANGELOG.md
178
179
  - Gemfile
179
180
  - LICENSE
180
181
  - README.md
181
182
  - Rakefile
182
- - changelog.md
183
+ - UPGRADING.md
183
184
  - gemfiles/nokogiri-1.5.gemfile
184
185
  - lib/onelogin/ruby-saml.rb
185
186
  - lib/onelogin/ruby-saml/attribute_service.rb
@@ -220,7 +221,7 @@ homepage: https://github.com/onelogin/ruby-saml
220
221
  licenses:
221
222
  - MIT
222
223
  metadata: {}
223
- post_install_message:
224
+ post_install_message:
224
225
  rdoc_options:
225
226
  - "--charset=UTF-8"
226
227
  require_paths:
@@ -236,8 +237,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
236
237
  - !ruby/object:Gem::Version
237
238
  version: '0'
238
239
  requirements: []
239
- rubygems_version: 3.3.26
240
- signing_key:
240
+ rubyforge_project:
241
+ rubygems_version: 2.5.2.1
242
+ signing_key:
241
243
  specification_version: 4
242
244
  summary: SAML Ruby Tookit
243
245
  test_files: []
data/.travis.yml DELETED
@@ -1,48 +0,0 @@
1
- language: ruby
2
- rvm:
3
- - 1.9.3
4
- - 2.0.0
5
- - 2.1.10
6
- - 2.2.10
7
- - 2.3.8
8
- - 2.4.6
9
- - 2.5.8
10
- - 2.6.6
11
- - 2.7.2
12
- - 3.0.0
13
- - jruby-1.7.27
14
- - jruby-9.1.17.0
15
- - jruby-9.2.13.0
16
- gemfile:
17
- - Gemfile
18
- - gemfiles/nokogiri-1.5.gemfile
19
- before_install:
20
- - gem update bundler
21
- matrix:
22
- exclude:
23
- - rvm: jruby-1.7.27
24
- gemfile: gemfiles/nokogiri-1.5.gemfile
25
- - rvm: jruby-9.1.17.0
26
- gemfile: gemfiles/nokogiri-1.5.gemfile
27
- - rvm: jruby-9.2.13.0
28
- gemfile: gemfiles/nokogiri-1.5.gemfile
29
- - rvm: 2.1.5
30
- gemfile: gemfiles/nokogiri-1.5.gemfile
31
- - rvm: 2.1.10
32
- gemfile: gemfiles/nokogiri-1.5.gemfile
33
- - rvm: 2.2.10
34
- gemfile: gemfiles/nokogiri-1.5.gemfile
35
- - rvm: 2.3.8
36
- gemfile: gemfiles/nokogiri-1.5.gemfile
37
- - rvm: 2.4.6
38
- gemfile: gemfiles/nokogiri-1.5.gemfile
39
- - rvm: 2.5.8
40
- gemfile: gemfiles/nokogiri-1.5.gemfile
41
- - rvm: 2.6.6
42
- gemfile: gemfiles/nokogiri-1.5.gemfile
43
- - rvm: 2.7.2
44
- gemfile: gemfiles/nokogiri-1.5.gemfile
45
- - rvm: 3.0.0
46
- gemfile: gemfiles/nokogiri-1.5.gemfile
47
- env:
48
- - JRUBY_OPTS="--debug"