ruby-saml 1.6.1 → 1.6.2
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of ruby-saml might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/README.md +4 -0
- data/changelog.md +3 -0
- data/lib/onelogin/ruby-saml/idp_metadata_parser.rb +3 -3
- data/lib/onelogin/ruby-saml/logoutresponse.rb +2 -2
- data/lib/onelogin/ruby-saml/response.rb +13 -11
- data/lib/onelogin/ruby-saml/slo_logoutrequest.rb +3 -3
- data/lib/onelogin/ruby-saml/utils.rb +10 -2
- data/lib/onelogin/ruby-saml/version.rb +1 -1
- data/lib/xml_security.rb +7 -6
- data/test/response_test.rb +14 -0
- data/test/responses/response_node_text_attack.xml.base64 +1 -0
- metadata +5 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: befd20dcf4765f47d3ae11acbb6417a044c41a1e
|
|
4
|
+
data.tar.gz: a102f12788b1c569a3c4b484fc19014200fe1b9d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 53131ebe98c82fcb0e987b758e07e5a4ea289a9c33d37f57e7f0ae4c1d838b0377a3d255e77a2948c4c838164837b1c99b28b713c3f19cd73a0caee67fa47bda
|
|
7
|
+
data.tar.gz: 26403d0340303771f11bb855e2bb27d36e22d8a436643eaab4dacccd097b8f32307af87cff281af18ca4820cebe99c18beb62d3c2a348079de56d6bbc76daf4c
|
data/README.md
CHANGED
|
@@ -1,5 +1,9 @@
|
|
|
1
1
|
# Ruby SAML [](http://travis-ci.org/onelogin/ruby-saml) [](https://coveralls.io/r/onelogin/ruby-saml?branch=master%0A) [](http://badge.fury.io/rb/ruby-saml)
|
|
2
2
|
|
|
3
|
+
## Updating from 1.6.X to 1.6.2
|
|
4
|
+
|
|
5
|
+
Version `1.6.2` is a recommended update for all Ruby SAML users as it includes a fix for the [CVE-2017-11428](https://www.cvedetails.com/cve/CVE-2017-11428/) vulnerability.
|
|
6
|
+
|
|
3
7
|
## Updating from 1.5.0 to 1.6.0
|
|
4
8
|
|
|
5
9
|
Version `1.6.0` changes the preferred way to construct instances of `Logoutresponse` and `SloLogoutrequest`. Previously the _SAMLResponse_, _RelayState_, and _SigAlg_ parameters of these message types were provided via the constructor's `options[:get_params]` parameter. Unfortunately this can result in incompatibility with other SAML implementations; signatures are specified to be computed based on the _sender's_ URI-encoding of the message, which can differ from that of Ruby SAML. In particular, Ruby SAML's URI-encoding does not match that of Microsoft ADFS, so messages from ADFS can fail signature validation.
|
data/changelog.md
CHANGED
|
@@ -1,5 +1,8 @@
|
|
|
1
1
|
# RubySaml Changelog
|
|
2
2
|
|
|
3
|
+
### 1.6.2 (Feb 28, 2018)
|
|
4
|
+
* Fix vulnerability CVE-2017-11428. Process text of nodes properly, ignoring comments
|
|
5
|
+
|
|
3
6
|
### 1.6.1 (January 15, 2018)
|
|
4
7
|
* [#428](https://github.com/onelogin/ruby-saml/issues/428) Fix a bug on IdPMetadataParser when parsing certificates
|
|
5
8
|
* [#426](https://github.com/onelogin/ruby-saml/pull/426) Ensure `Rails` responds to `logger`
|
|
@@ -192,7 +192,7 @@ module OneLogin
|
|
|
192
192
|
"md:IDPSSODescriptor/md:NameIDFormat",
|
|
193
193
|
namespace
|
|
194
194
|
)
|
|
195
|
-
|
|
195
|
+
Utils.element_text(node)
|
|
196
196
|
end
|
|
197
197
|
|
|
198
198
|
# @param binding_priority [Array]
|
|
@@ -281,14 +281,14 @@ module OneLogin
|
|
|
281
281
|
unless signing_nodes.empty?
|
|
282
282
|
certs['signing'] = []
|
|
283
283
|
signing_nodes.each do |cert_node|
|
|
284
|
-
certs['signing'] << cert_node
|
|
284
|
+
certs['signing'] << Utils.element_text(cert_node)
|
|
285
285
|
end
|
|
286
286
|
end
|
|
287
287
|
|
|
288
288
|
unless encryption_nodes.empty?
|
|
289
289
|
certs['encryption'] = []
|
|
290
290
|
encryption_nodes.each do |cert_node|
|
|
291
|
-
certs['encryption'] << cert_node
|
|
291
|
+
certs['encryption'] << Utils.element_text(cert_node)
|
|
292
292
|
end
|
|
293
293
|
end
|
|
294
294
|
end
|
|
@@ -80,7 +80,7 @@ module OneLogin
|
|
|
80
80
|
"/p:LogoutResponse/a:Issuer",
|
|
81
81
|
{ "p" => PROTOCOL, "a" => ASSERTION }
|
|
82
82
|
)
|
|
83
|
-
|
|
83
|
+
Utils.element_text(node)
|
|
84
84
|
end
|
|
85
85
|
end
|
|
86
86
|
|
|
@@ -100,7 +100,7 @@ module OneLogin
|
|
|
100
100
|
"/p:LogoutResponse/p:Status/p:StatusMessage",
|
|
101
101
|
{ "p" => PROTOCOL, "a" => ASSERTION }
|
|
102
102
|
)
|
|
103
|
-
|
|
103
|
+
Utils.element_text(node)
|
|
104
104
|
end
|
|
105
105
|
end
|
|
106
106
|
|
|
@@ -71,10 +71,7 @@ module OneLogin
|
|
|
71
71
|
# @return [String] the NameID provided by the SAML response from the IdP.
|
|
72
72
|
#
|
|
73
73
|
def name_id
|
|
74
|
-
@name_id ||=
|
|
75
|
-
if name_id_node
|
|
76
|
-
name_id_node.text
|
|
77
|
-
end
|
|
74
|
+
@name_id ||= Utils.element_text(name_id_node)
|
|
78
75
|
end
|
|
79
76
|
|
|
80
77
|
alias_method :nameid, :name_id
|
|
@@ -159,14 +156,14 @@ module OneLogin
|
|
|
159
156
|
if (e.elements.nil? || e.elements.size == 0)
|
|
160
157
|
# SAMLCore requires that nil AttributeValues MUST contain xsi:nil XML attribute set to "true" or "1"
|
|
161
158
|
# otherwise the value is to be regarded as empty.
|
|
162
|
-
["true", "1"].include?(e.attributes['xsi:nil']) ? nil : e
|
|
159
|
+
["true", "1"].include?(e.attributes['xsi:nil']) ? nil : Utils.element_text(e)
|
|
163
160
|
# explicitly support saml2:NameID with saml2:NameQualifier if supplied in attributes
|
|
164
161
|
# this is useful for allowing eduPersonTargetedId to be passed as an opaque identifier to use to
|
|
165
162
|
# identify the subject in an SP rather than email or other less opaque attributes
|
|
166
163
|
# NameQualifier, if present is prefixed with a "/" to the value
|
|
167
164
|
else
|
|
168
165
|
REXML::XPath.match(e,'a:NameID', { "a" => ASSERTION }).collect{|n|
|
|
169
|
-
(n.attributes['NameQualifier'] ? n.attributes['NameQualifier'] +"/" : '') + n
|
|
166
|
+
(n.attributes['NameQualifier'] ? n.attributes['NameQualifier'] +"/" : '') + Utils.element_text(n)
|
|
170
167
|
}
|
|
171
168
|
end
|
|
172
169
|
}
|
|
@@ -238,8 +235,7 @@ module OneLogin
|
|
|
238
235
|
{ "p" => PROTOCOL }
|
|
239
236
|
)
|
|
240
237
|
if nodes.size == 1
|
|
241
|
-
|
|
242
|
-
node.text if node
|
|
238
|
+
Utils.element_text(nodes.first)
|
|
243
239
|
end
|
|
244
240
|
end
|
|
245
241
|
end
|
|
@@ -293,7 +289,10 @@ module OneLogin
|
|
|
293
289
|
|
|
294
290
|
nodes = issuer_response_nodes + issuer_assertion_nodes
|
|
295
291
|
nodes.each do |node|
|
|
296
|
-
|
|
292
|
+
text = Utils.element_text(node)
|
|
293
|
+
if text
|
|
294
|
+
issuers << text
|
|
295
|
+
end
|
|
297
296
|
end
|
|
298
297
|
issuers.uniq
|
|
299
298
|
end
|
|
@@ -332,8 +331,11 @@ module OneLogin
|
|
|
332
331
|
audiences = []
|
|
333
332
|
nodes = xpath_from_signed_assertion('/a:Conditions/a:AudienceRestriction/a:Audience')
|
|
334
333
|
nodes.each do |node|
|
|
335
|
-
if node
|
|
336
|
-
|
|
334
|
+
if node
|
|
335
|
+
text = Utils.element_text(node)
|
|
336
|
+
if text
|
|
337
|
+
audiences << text
|
|
338
|
+
end
|
|
337
339
|
end
|
|
338
340
|
end
|
|
339
341
|
audiences
|
|
@@ -60,7 +60,7 @@ module OneLogin
|
|
|
60
60
|
def name_id
|
|
61
61
|
@name_id ||= begin
|
|
62
62
|
node = REXML::XPath.first(document, "/p:LogoutRequest/a:NameID", { "p" => PROTOCOL, "a" => ASSERTION })
|
|
63
|
-
|
|
63
|
+
Utils.element_text(node)
|
|
64
64
|
end
|
|
65
65
|
end
|
|
66
66
|
|
|
@@ -93,7 +93,7 @@ module OneLogin
|
|
|
93
93
|
"/p:LogoutRequest/a:Issuer",
|
|
94
94
|
{ "p" => PROTOCOL, "a" => ASSERTION }
|
|
95
95
|
)
|
|
96
|
-
|
|
96
|
+
Utils.element_text(node)
|
|
97
97
|
end
|
|
98
98
|
end
|
|
99
99
|
|
|
@@ -123,7 +123,7 @@ module OneLogin
|
|
|
123
123
|
)
|
|
124
124
|
|
|
125
125
|
nodes.each do |node|
|
|
126
|
-
s_indexes << node
|
|
126
|
+
s_indexes << Utils.element_text(node)
|
|
127
127
|
end
|
|
128
128
|
|
|
129
129
|
s_indexes
|
|
@@ -173,7 +173,7 @@ module OneLogin
|
|
|
173
173
|
"./xenc:CipherData/xenc:CipherValue",
|
|
174
174
|
{ 'xenc' => XENC }
|
|
175
175
|
)
|
|
176
|
-
node = Base64.decode64(cipher_value
|
|
176
|
+
node = Base64.decode64(element_text(cipher_value))
|
|
177
177
|
encrypt_method = REXML::XPath.first(
|
|
178
178
|
encrypt_data,
|
|
179
179
|
"./xenc:EncryptionMethod",
|
|
@@ -201,7 +201,7 @@ module OneLogin
|
|
|
201
201
|
"xenc" => XENC
|
|
202
202
|
)
|
|
203
203
|
|
|
204
|
-
cipher_text = Base64.decode64(encrypted_symmetric_key_element
|
|
204
|
+
cipher_text = Base64.decode64(element_text(encrypted_symmetric_key_element))
|
|
205
205
|
|
|
206
206
|
encrypt_method = REXML::XPath.first(
|
|
207
207
|
encrypted_key,
|
|
@@ -281,6 +281,14 @@ module OneLogin
|
|
|
281
281
|
def self.original_uri_match?(destination_url, settings_url)
|
|
282
282
|
destination_url == settings_url
|
|
283
283
|
end
|
|
284
|
+
|
|
285
|
+
# Given a REXML::Element instance, return the concatenation of all child text nodes. Assumes
|
|
286
|
+
# that there all children other than text nodes can be ignored (e.g. comments). If nil is
|
|
287
|
+
# passed, nil will be returned.
|
|
288
|
+
def self.element_text(element)
|
|
289
|
+
element.texts.join if element
|
|
290
|
+
end
|
|
291
|
+
|
|
284
292
|
end
|
|
285
293
|
end
|
|
286
294
|
end
|
data/lib/xml_security.rb
CHANGED
|
@@ -29,6 +29,7 @@ require "openssl"
|
|
|
29
29
|
require 'nokogiri'
|
|
30
30
|
require "digest/sha1"
|
|
31
31
|
require "digest/sha2"
|
|
32
|
+
require "onelogin/ruby-saml/utils"
|
|
32
33
|
require "onelogin/ruby-saml/error_handling"
|
|
33
34
|
|
|
34
35
|
module XMLSecurity
|
|
@@ -206,7 +207,7 @@ module XMLSecurity
|
|
|
206
207
|
)
|
|
207
208
|
|
|
208
209
|
if cert_element
|
|
209
|
-
base64_cert = cert_element
|
|
210
|
+
base64_cert = OneLogin::RubySaml::Utils.element_text(cert_element)
|
|
210
211
|
cert_text = Base64.decode64(base64_cert)
|
|
211
212
|
begin
|
|
212
213
|
cert = OpenSSL::X509::Certificate.new(cert_text)
|
|
@@ -249,7 +250,7 @@ module XMLSecurity
|
|
|
249
250
|
)
|
|
250
251
|
|
|
251
252
|
if cert_element
|
|
252
|
-
base64_cert = cert_element
|
|
253
|
+
base64_cert = OneLogin::RubySaml::Utils.element_text(cert_element)
|
|
253
254
|
cert_text = Base64.decode64(base64_cert)
|
|
254
255
|
begin
|
|
255
256
|
cert = OpenSSL::X509::Certificate.new(cert_text)
|
|
@@ -296,8 +297,8 @@ module XMLSecurity
|
|
|
296
297
|
sig_element,
|
|
297
298
|
"./ds:SignatureValue",
|
|
298
299
|
{"ds" => DSIG}
|
|
299
|
-
)
|
|
300
|
-
signature = Base64.decode64(base64_signature)
|
|
300
|
+
)
|
|
301
|
+
signature = Base64.decode64(OneLogin::RubySaml::Utils.element_text(base64_signature))
|
|
301
302
|
|
|
302
303
|
# canonicalization method
|
|
303
304
|
canon_algorithm = canon_algorithm REXML::XPath.first(
|
|
@@ -338,8 +339,8 @@ module XMLSecurity
|
|
|
338
339
|
ref,
|
|
339
340
|
"//ds:DigestValue",
|
|
340
341
|
{ "ds" => DSIG }
|
|
341
|
-
)
|
|
342
|
-
digest_value = Base64.decode64(encoded_digest_value)
|
|
342
|
+
)
|
|
343
|
+
digest_value = Base64.decode64(OneLogin::RubySaml::Utils.element_text(encoded_digest_value))
|
|
343
344
|
|
|
344
345
|
unless digests_match?(hash, digest_value)
|
|
345
346
|
@errors << "Digest mismatch"
|
data/test/response_test.rb
CHANGED
|
@@ -69,6 +69,20 @@ class RubySamlTest < Minitest::Test
|
|
|
69
69
|
assert_includes ampersands_response.errors, "SAML Response must contain 1 assertion"
|
|
70
70
|
end
|
|
71
71
|
|
|
72
|
+
describe "Prevent node text with comment attack (VU#475445)" do
|
|
73
|
+
before do
|
|
74
|
+
@response = OneLogin::RubySaml::Response.new(read_response('response_node_text_attack.xml.base64'))
|
|
75
|
+
end
|
|
76
|
+
|
|
77
|
+
it "receives the full NameID when there is an injected comment" do
|
|
78
|
+
assert_equal "support@onelogin.com", @response.name_id
|
|
79
|
+
end
|
|
80
|
+
|
|
81
|
+
it "receives the full AttributeValue when there is an injected comment" do
|
|
82
|
+
assert_equal "smith", @response.attributes["surname"]
|
|
83
|
+
end
|
|
84
|
+
end
|
|
85
|
+
|
|
72
86
|
describe "Prevent XEE attack" do
|
|
73
87
|
before do
|
|
74
88
|
@response = OneLogin::RubySaml::Response.new(fixture(:attackxee))
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIElEPSJHT1NBTUxSMTI5MDExNzQ1NzE3OTQiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDEwLTExLTE4VDIxOjU3OjM3WiIgRGVzdGluYXRpb249IntyZWNpcGllbnR9Ij4NCiAgPHNhbWxwOlN0YXR1cz4NCiAgICA8c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+PC9zYW1scDpTdGF0dXM+DQogIDxzYW1sOkFzc2VydGlvbiB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIFZlcnNpb249IjIuMCIgSUQ9InBmeGE0NjU3NGRmLWIzYjAtYTA2YS0yM2M4LTYzNjQxMzE5ODc3MiIgSXNzdWVJbnN0YW50PSIyMDEwLTExLTE4VDIxOjU3OjM3WiI+DQogICAgPHNhbWw6SXNzdWVyPmh0dHBzOi8vYXBwLm9uZWxvZ2luLmNvbS9zYW1sL21ldGFkYXRhLzEzNTkwPC9zYW1sOklzc3Vlcj4NCiAgICA8ZHM6U2lnbmF0dXJlIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCiAgICAgIDxkczpTaWduZWRJbmZvPg0KICAgICAgICA8ZHM6Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPg0KICAgICAgICA8ZHM6U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3JzYS1zaGExIi8+DQogICAgICAgIDxkczpSZWZlcmVuY2UgVVJJPSIjcGZ4YTQ2NTc0ZGYtYjNiMC1hMDZhLTIzYzgtNjM2NDEzMTk4NzcyIj4NCiAgICAgICAgICA8ZHM6VHJhbnNmb3Jtcz4NCiAgICAgICAgICAgIDxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPg0KICAgICAgICAgICAgPGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPg0KICAgICAgICAgIDwvZHM6VHJhbnNmb3Jtcz4NCiAgICAgICAgICA8ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiLz4NCiAgICAgICAgICA8ZHM6RGlnZXN0VmFsdWU+cEpRN01TL2VrNEtSUldHbXYvSDQzUmVIWU1zPTwvZHM6RGlnZXN0VmFsdWU+DQogICAgICAgIDwvZHM6UmVmZXJlbmNlPg0KICAgICAgPC9kczpTaWduZWRJbmZvPg0KICAgICAgPGRzOlNpZ25hdHVyZVZhbHVlPnlpdmVLY1BkRHB1RE5qNnNoclEzQUJ3ci9jQTNDcnlEMnBoRy94TFpzektXeFU1L21sYUt0OGV3YlpPZEtLdnRPczJwSEJ5NUR1YTNrOTRBRnp4R3llbDVnT293bW95WEpyQU9ya1BPMHZsaTFWOG8zaFBQVVp3UmdTWDZROXBTMUNxUWdoS2lFYXNSeXlscXFKVWFQWXptT3pPRTgvWGxNa3dpV21PMD08L2RzOlNpZ25hdHVyZVZhbHVlPg0KICAgICAgPGRzOktleUluZm8+DQogICAgICAgIDxkczpYNTA5RGF0YT4NCiAgICAgICAgICA8ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUJyVENDQWFHZ0F3SUJBZ0lCQVRBREJnRUFNR2N4Q3pBSkJnTlZCQVlUQWxWVE1STXdFUVlEVlFRSURBcERZV3hwWm05eWJtbGhNUlV3RXdZRFZRUUhEQXhUWVc1MFlTQk5iMjVwWTJFeEVUQVBCZ05WQkFvTUNFOXVaVXh2WjJsdU1Sa3dGd1lEVlFRRERCQmhjSEF1YjI1bGJHOW5hVzR1WTI5dE1CNFhEVEV3TURNd09UQTVOVGcwTlZvWERURTFNRE13T1RBNU5UZzBOVm93WnpFTE1Ba0dBMVVFQmhNQ1ZWTXhFekFSQmdOVkJBZ01Da05oYkdsbWIzSnVhV0V4RlRBVEJnTlZCQWNNREZOaGJuUmhJRTF2Ym1sallURVJNQThHQTFVRUNnd0lUMjVsVEc5bmFXNHhHVEFYQmdOVkJBTU1FR0Z3Y0M1dmJtVnNiMmRwYmk1amIyMHdnWjh3RFFZSktvWklodmNOQVFFQkJRQURnWTBBTUlHSkFvR0JBT2pTdTFmalB5OGQ1dzRReUwxemQ0aEl3MU1ra2ZmNFdZL1RMRzhPWmtVNVlUU1dtbUhQRDVrdllINXVvWFMvNnFRODFxWHBSMndWOENUb3daSlVMZzA5ZGRSZFJuOFFzcWoxRnlPQzVzbEUzeTJiWjJvRnVhNzJvZi80OWZwdWpuRlQ2S25RNjFDQk1xbERvVFFxT1Q2MnZHSjhuUDZNWld2QTZzeHF1ZDVBZ01CQUFFd0F3WUJBQU1CQUE9PTwvZHM6WDUwOUNlcnRpZmljYXRlPg0KICAgICAgICA8L2RzOlg1MDlEYXRhPg0KICAgICAgPC9kczpLZXlJbmZvPg0KICAgIDwvZHM6U2lnbmF0dXJlPg0KICAgIDxzYW1sOlN1YmplY3Q+DQogICAgICA8c2FtbDpOYW1lSUQgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoxLjE6bmFtZWlkLWZvcm1hdDplbWFpbEFkZHJlc3MiPnN1cHBvcnQ8IS0tIGF0dGFjayEgLS0+QG9uZWxvZ2luLmNvbTwvc2FtbDpOYW1lSUQ+DQogICAgICA8c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciI+DQogICAgICAgIDxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjAxMC0xMS0xOFQyMjowMjozN1oiIFJlY2lwaWVudD0ie3JlY2lwaWVudH0iLz48L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj4NCiAgICA8L3NhbWw6U3ViamVjdD4NCiAgICA8c2FtbDpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxMC0xMS0xOFQyMTo1MjozN1oiIE5vdE9uT3JBZnRlcj0iMjAxMC0xMS0xOFQyMjowMjozN1oiPg0KICAgICAgPHNhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj4NCiAgICAgICAgPHNhbWw6QXVkaWVuY2U+e2F1ZGllbmNlfTwvc2FtbDpBdWRpZW5jZT4NCiAgICAgIDwvc2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPg0KICAgIDwvc2FtbDpDb25kaXRpb25zPg0KICAgIDxzYW1sOkF1dGhuU3RhdGVtZW50IEF1dGhuSW5zdGFudD0iMjAxMC0xMS0xOFQyMTo1NzozN1oiIFNlc3Npb25Ob3RPbk9yQWZ0ZXI9IjIwMTAtMTEtMTlUMjE6NTc6MzdaIiBTZXNzaW9uSW5kZXg9Il81MzFjMzJkMjgzYmRmZjdlMDRlNDg3YmNkYmM0ZGQ4ZCI+DQogICAgICA8c2FtbDpBdXRobkNvbnRleHQ+DQogICAgICAgIDxzYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkPC9zYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPg0KICAgICAgPC9zYW1sOkF1dGhuQ29udGV4dD4NCiAgICA8L3NhbWw6QXV0aG5TdGF0ZW1lbnQ+DQogICAgPHNhbWw6QXR0cmlidXRlU3RhdGVtZW50Pg0KICAgICAgPHNhbWw6QXR0cmlidXRlIE5hbWU9InN1cm5hbWUiPg0KICAgICAgICA8c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPnM8IS0tIGF0dGFjayEgLS0+bWl0aDwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT4NCiAgICAgIDwvc2FtbDpBdHRyaWJ1dGU+DQogICAgICA8c2FtbDpBdHRyaWJ1dGUgTmFtZT0iYW5vdGhlcl92YWx1ZSI+DQogICAgICAgIDxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+dmFsdWUxPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPg0KICAgICAgICA8c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPnZhbHVlMjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT4NCiAgICAgIDwvc2FtbDpBdHRyaWJ1dGU+DQogICAgICA8c2FtbDpBdHRyaWJ1dGUgTmFtZT0icm9sZSI+DQogICAgICAgIDxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+cm9sZTE8L3NhbWw6QXR0cmlidXRlVmFsdWU+DQogICAgICA8L3NhbWw6QXR0cmlidXRlPg0KICAgIDwvc2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+DQogICAgPHNhbWw6QXR0cmlidXRlU3RhdGVtZW50Pg0KICAgICAgPHNhbWw6QXR0cmlidXRlIE5hbWU9ImZpcnN0bmFtZSI+DQogICAgICAgIDxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+Ym9iPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPg0KICAgICAgPC9zYW1sOkF0dHJpYnV0ZT4gIA0KICAgICAgPHNhbWw6QXR0cmlidXRlIE5hbWU9ImF0dHJpYnV0ZV93aXRoX25pbF92YWx1ZSI+DQogICAgICAgIDxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOm5pbD0idHJ1ZSIvPg0KICAgICAgPC9zYW1sOkF0dHJpYnV0ZT4NCiAgICAgIDxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJhdHRyaWJ1dGVfd2l0aF9uaWxzX2FuZF9lbXB0eV9zdHJpbmdzIj4NCiAgICAgICAgPHNhbWw6QXR0cmlidXRlVmFsdWUvPg0KICAgICAgICA8c2FtbDpBdHRyaWJ1dGVWYWx1ZT52YWx1ZVByZXNlbnQ8L3NhbWw6QXR0cmlidXRlVmFsdWU+DQogICAgICAgIDxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOm5pbD0idHJ1ZSIvPg0KICAgICAgICA8c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTpuaWw9IjEiLz4NCiAgICAgIDwvc2FtbDpBdHRyaWJ1dGU+DQogICAgPC9zYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD4NCiAgPC9zYW1sOkFzc2VydGlvbj4NCjwvc2FtbHA6UmVzcG9uc2U+
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ruby-saml
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.6.
|
|
4
|
+
version: 1.6.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- OneLogin LLC
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-
|
|
11
|
+
date: 2018-02-28 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: nokogiri
|
|
@@ -276,6 +276,7 @@ files:
|
|
|
276
276
|
- test/responses/response_encrypted_nameid.xml.base64
|
|
277
277
|
- test/responses/response_eval.xml
|
|
278
278
|
- test/responses/response_no_cert_and_encrypted_attrs.xml
|
|
279
|
+
- test/responses/response_node_text_attack.xml.base64
|
|
279
280
|
- test/responses/response_unsigned_xml_base64
|
|
280
281
|
- test/responses/response_with_ampersands.xml
|
|
281
282
|
- test/responses/response_with_ampersands.xml.base64
|
|
@@ -337,7 +338,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
337
338
|
version: '0'
|
|
338
339
|
requirements: []
|
|
339
340
|
rubyforge_project: http://www.rubygems.org/gems/ruby-saml
|
|
340
|
-
rubygems_version: 2.
|
|
341
|
+
rubygems_version: 2.4.8
|
|
341
342
|
signing_key:
|
|
342
343
|
specification_version: 4
|
|
343
344
|
summary: SAML Ruby Tookit
|
|
@@ -431,6 +432,7 @@ test_files:
|
|
|
431
432
|
- test/responses/response_encrypted_nameid.xml.base64
|
|
432
433
|
- test/responses/response_eval.xml
|
|
433
434
|
- test/responses/response_no_cert_and_encrypted_attrs.xml
|
|
435
|
+
- test/responses/response_node_text_attack.xml.base64
|
|
434
436
|
- test/responses/response_unsigned_xml_base64
|
|
435
437
|
- test/responses/response_with_ampersands.xml
|
|
436
438
|
- test/responses/response_with_ampersands.xml.base64
|