ruby-saml 1.6.1 → 1.6.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of ruby-saml might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/README.md +4 -0
- data/changelog.md +3 -0
- data/lib/onelogin/ruby-saml/idp_metadata_parser.rb +3 -3
- data/lib/onelogin/ruby-saml/logoutresponse.rb +2 -2
- data/lib/onelogin/ruby-saml/response.rb +13 -11
- data/lib/onelogin/ruby-saml/slo_logoutrequest.rb +3 -3
- data/lib/onelogin/ruby-saml/utils.rb +10 -2
- data/lib/onelogin/ruby-saml/version.rb +1 -1
- data/lib/xml_security.rb +7 -6
- data/test/response_test.rb +14 -0
- data/test/responses/response_node_text_attack.xml.base64 +1 -0
- metadata +5 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: befd20dcf4765f47d3ae11acbb6417a044c41a1e
|
|
4
|
+
data.tar.gz: a102f12788b1c569a3c4b484fc19014200fe1b9d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 53131ebe98c82fcb0e987b758e07e5a4ea289a9c33d37f57e7f0ae4c1d838b0377a3d255e77a2948c4c838164837b1c99b28b713c3f19cd73a0caee67fa47bda
|
|
7
|
+
data.tar.gz: 26403d0340303771f11bb855e2bb27d36e22d8a436643eaab4dacccd097b8f32307af87cff281af18ca4820cebe99c18beb62d3c2a348079de56d6bbc76daf4c
|
data/README.md
CHANGED
|
@@ -1,5 +1,9 @@
|
|
|
1
1
|
# Ruby SAML [](http://travis-ci.org/onelogin/ruby-saml) [](https://coveralls.io/r/onelogin/ruby-saml?branch=master%0A) [](http://badge.fury.io/rb/ruby-saml)
|
|
2
2
|
|
|
3
|
+
## Updating from 1.6.X to 1.6.2
|
|
4
|
+
|
|
5
|
+
Version `1.6.2` is a recommended update for all Ruby SAML users as it includes a fix for the [CVE-2017-11428](https://www.cvedetails.com/cve/CVE-2017-11428/) vulnerability.
|
|
6
|
+
|
|
3
7
|
## Updating from 1.5.0 to 1.6.0
|
|
4
8
|
|
|
5
9
|
Version `1.6.0` changes the preferred way to construct instances of `Logoutresponse` and `SloLogoutrequest`. Previously the _SAMLResponse_, _RelayState_, and _SigAlg_ parameters of these message types were provided via the constructor's `options[:get_params]` parameter. Unfortunately this can result in incompatibility with other SAML implementations; signatures are specified to be computed based on the _sender's_ URI-encoding of the message, which can differ from that of Ruby SAML. In particular, Ruby SAML's URI-encoding does not match that of Microsoft ADFS, so messages from ADFS can fail signature validation.
|
data/changelog.md
CHANGED
|
@@ -1,5 +1,8 @@
|
|
|
1
1
|
# RubySaml Changelog
|
|
2
2
|
|
|
3
|
+
### 1.6.2 (Feb 28, 2018)
|
|
4
|
+
* Fix vulnerability CVE-2017-11428. Process text of nodes properly, ignoring comments
|
|
5
|
+
|
|
3
6
|
### 1.6.1 (January 15, 2018)
|
|
4
7
|
* [#428](https://github.com/onelogin/ruby-saml/issues/428) Fix a bug on IdPMetadataParser when parsing certificates
|
|
5
8
|
* [#426](https://github.com/onelogin/ruby-saml/pull/426) Ensure `Rails` responds to `logger`
|
|
@@ -192,7 +192,7 @@ module OneLogin
|
|
|
192
192
|
"md:IDPSSODescriptor/md:NameIDFormat",
|
|
193
193
|
namespace
|
|
194
194
|
)
|
|
195
|
-
|
|
195
|
+
Utils.element_text(node)
|
|
196
196
|
end
|
|
197
197
|
|
|
198
198
|
# @param binding_priority [Array]
|
|
@@ -281,14 +281,14 @@ module OneLogin
|
|
|
281
281
|
unless signing_nodes.empty?
|
|
282
282
|
certs['signing'] = []
|
|
283
283
|
signing_nodes.each do |cert_node|
|
|
284
|
-
certs['signing'] << cert_node
|
|
284
|
+
certs['signing'] << Utils.element_text(cert_node)
|
|
285
285
|
end
|
|
286
286
|
end
|
|
287
287
|
|
|
288
288
|
unless encryption_nodes.empty?
|
|
289
289
|
certs['encryption'] = []
|
|
290
290
|
encryption_nodes.each do |cert_node|
|
|
291
|
-
certs['encryption'] << cert_node
|
|
291
|
+
certs['encryption'] << Utils.element_text(cert_node)
|
|
292
292
|
end
|
|
293
293
|
end
|
|
294
294
|
end
|
|
@@ -80,7 +80,7 @@ module OneLogin
|
|
|
80
80
|
"/p:LogoutResponse/a:Issuer",
|
|
81
81
|
{ "p" => PROTOCOL, "a" => ASSERTION }
|
|
82
82
|
)
|
|
83
|
-
|
|
83
|
+
Utils.element_text(node)
|
|
84
84
|
end
|
|
85
85
|
end
|
|
86
86
|
|
|
@@ -100,7 +100,7 @@ module OneLogin
|
|
|
100
100
|
"/p:LogoutResponse/p:Status/p:StatusMessage",
|
|
101
101
|
{ "p" => PROTOCOL, "a" => ASSERTION }
|
|
102
102
|
)
|
|
103
|
-
|
|
103
|
+
Utils.element_text(node)
|
|
104
104
|
end
|
|
105
105
|
end
|
|
106
106
|
|
|
@@ -71,10 +71,7 @@ module OneLogin
|
|
|
71
71
|
# @return [String] the NameID provided by the SAML response from the IdP.
|
|
72
72
|
#
|
|
73
73
|
def name_id
|
|
74
|
-
@name_id ||=
|
|
75
|
-
if name_id_node
|
|
76
|
-
name_id_node.text
|
|
77
|
-
end
|
|
74
|
+
@name_id ||= Utils.element_text(name_id_node)
|
|
78
75
|
end
|
|
79
76
|
|
|
80
77
|
alias_method :nameid, :name_id
|
|
@@ -159,14 +156,14 @@ module OneLogin
|
|
|
159
156
|
if (e.elements.nil? || e.elements.size == 0)
|
|
160
157
|
# SAMLCore requires that nil AttributeValues MUST contain xsi:nil XML attribute set to "true" or "1"
|
|
161
158
|
# otherwise the value is to be regarded as empty.
|
|
162
|
-
["true", "1"].include?(e.attributes['xsi:nil']) ? nil : e
|
|
159
|
+
["true", "1"].include?(e.attributes['xsi:nil']) ? nil : Utils.element_text(e)
|
|
163
160
|
# explicitly support saml2:NameID with saml2:NameQualifier if supplied in attributes
|
|
164
161
|
# this is useful for allowing eduPersonTargetedId to be passed as an opaque identifier to use to
|
|
165
162
|
# identify the subject in an SP rather than email or other less opaque attributes
|
|
166
163
|
# NameQualifier, if present is prefixed with a "/" to the value
|
|
167
164
|
else
|
|
168
165
|
REXML::XPath.match(e,'a:NameID', { "a" => ASSERTION }).collect{|n|
|
|
169
|
-
(n.attributes['NameQualifier'] ? n.attributes['NameQualifier'] +"/" : '') + n
|
|
166
|
+
(n.attributes['NameQualifier'] ? n.attributes['NameQualifier'] +"/" : '') + Utils.element_text(n)
|
|
170
167
|
}
|
|
171
168
|
end
|
|
172
169
|
}
|
|
@@ -238,8 +235,7 @@ module OneLogin
|
|
|
238
235
|
{ "p" => PROTOCOL }
|
|
239
236
|
)
|
|
240
237
|
if nodes.size == 1
|
|
241
|
-
|
|
242
|
-
node.text if node
|
|
238
|
+
Utils.element_text(nodes.first)
|
|
243
239
|
end
|
|
244
240
|
end
|
|
245
241
|
end
|
|
@@ -293,7 +289,10 @@ module OneLogin
|
|
|
293
289
|
|
|
294
290
|
nodes = issuer_response_nodes + issuer_assertion_nodes
|
|
295
291
|
nodes.each do |node|
|
|
296
|
-
|
|
292
|
+
text = Utils.element_text(node)
|
|
293
|
+
if text
|
|
294
|
+
issuers << text
|
|
295
|
+
end
|
|
297
296
|
end
|
|
298
297
|
issuers.uniq
|
|
299
298
|
end
|
|
@@ -332,8 +331,11 @@ module OneLogin
|
|
|
332
331
|
audiences = []
|
|
333
332
|
nodes = xpath_from_signed_assertion('/a:Conditions/a:AudienceRestriction/a:Audience')
|
|
334
333
|
nodes.each do |node|
|
|
335
|
-
if node
|
|
336
|
-
|
|
334
|
+
if node
|
|
335
|
+
text = Utils.element_text(node)
|
|
336
|
+
if text
|
|
337
|
+
audiences << text
|
|
338
|
+
end
|
|
337
339
|
end
|
|
338
340
|
end
|
|
339
341
|
audiences
|
|
@@ -60,7 +60,7 @@ module OneLogin
|
|
|
60
60
|
def name_id
|
|
61
61
|
@name_id ||= begin
|
|
62
62
|
node = REXML::XPath.first(document, "/p:LogoutRequest/a:NameID", { "p" => PROTOCOL, "a" => ASSERTION })
|
|
63
|
-
|
|
63
|
+
Utils.element_text(node)
|
|
64
64
|
end
|
|
65
65
|
end
|
|
66
66
|
|
|
@@ -93,7 +93,7 @@ module OneLogin
|
|
|
93
93
|
"/p:LogoutRequest/a:Issuer",
|
|
94
94
|
{ "p" => PROTOCOL, "a" => ASSERTION }
|
|
95
95
|
)
|
|
96
|
-
|
|
96
|
+
Utils.element_text(node)
|
|
97
97
|
end
|
|
98
98
|
end
|
|
99
99
|
|
|
@@ -123,7 +123,7 @@ module OneLogin
|
|
|
123
123
|
)
|
|
124
124
|
|
|
125
125
|
nodes.each do |node|
|
|
126
|
-
s_indexes << node
|
|
126
|
+
s_indexes << Utils.element_text(node)
|
|
127
127
|
end
|
|
128
128
|
|
|
129
129
|
s_indexes
|
|
@@ -173,7 +173,7 @@ module OneLogin
|
|
|
173
173
|
"./xenc:CipherData/xenc:CipherValue",
|
|
174
174
|
{ 'xenc' => XENC }
|
|
175
175
|
)
|
|
176
|
-
node = Base64.decode64(cipher_value
|
|
176
|
+
node = Base64.decode64(element_text(cipher_value))
|
|
177
177
|
encrypt_method = REXML::XPath.first(
|
|
178
178
|
encrypt_data,
|
|
179
179
|
"./xenc:EncryptionMethod",
|
|
@@ -201,7 +201,7 @@ module OneLogin
|
|
|
201
201
|
"xenc" => XENC
|
|
202
202
|
)
|
|
203
203
|
|
|
204
|
-
cipher_text = Base64.decode64(encrypted_symmetric_key_element
|
|
204
|
+
cipher_text = Base64.decode64(element_text(encrypted_symmetric_key_element))
|
|
205
205
|
|
|
206
206
|
encrypt_method = REXML::XPath.first(
|
|
207
207
|
encrypted_key,
|
|
@@ -281,6 +281,14 @@ module OneLogin
|
|
|
281
281
|
def self.original_uri_match?(destination_url, settings_url)
|
|
282
282
|
destination_url == settings_url
|
|
283
283
|
end
|
|
284
|
+
|
|
285
|
+
# Given a REXML::Element instance, return the concatenation of all child text nodes. Assumes
|
|
286
|
+
# that there all children other than text nodes can be ignored (e.g. comments). If nil is
|
|
287
|
+
# passed, nil will be returned.
|
|
288
|
+
def self.element_text(element)
|
|
289
|
+
element.texts.join if element
|
|
290
|
+
end
|
|
291
|
+
|
|
284
292
|
end
|
|
285
293
|
end
|
|
286
294
|
end
|
data/lib/xml_security.rb
CHANGED
|
@@ -29,6 +29,7 @@ require "openssl"
|
|
|
29
29
|
require 'nokogiri'
|
|
30
30
|
require "digest/sha1"
|
|
31
31
|
require "digest/sha2"
|
|
32
|
+
require "onelogin/ruby-saml/utils"
|
|
32
33
|
require "onelogin/ruby-saml/error_handling"
|
|
33
34
|
|
|
34
35
|
module XMLSecurity
|
|
@@ -206,7 +207,7 @@ module XMLSecurity
|
|
|
206
207
|
)
|
|
207
208
|
|
|
208
209
|
if cert_element
|
|
209
|
-
base64_cert = cert_element
|
|
210
|
+
base64_cert = OneLogin::RubySaml::Utils.element_text(cert_element)
|
|
210
211
|
cert_text = Base64.decode64(base64_cert)
|
|
211
212
|
begin
|
|
212
213
|
cert = OpenSSL::X509::Certificate.new(cert_text)
|
|
@@ -249,7 +250,7 @@ module XMLSecurity
|
|
|
249
250
|
)
|
|
250
251
|
|
|
251
252
|
if cert_element
|
|
252
|
-
base64_cert = cert_element
|
|
253
|
+
base64_cert = OneLogin::RubySaml::Utils.element_text(cert_element)
|
|
253
254
|
cert_text = Base64.decode64(base64_cert)
|
|
254
255
|
begin
|
|
255
256
|
cert = OpenSSL::X509::Certificate.new(cert_text)
|
|
@@ -296,8 +297,8 @@ module XMLSecurity
|
|
|
296
297
|
sig_element,
|
|
297
298
|
"./ds:SignatureValue",
|
|
298
299
|
{"ds" => DSIG}
|
|
299
|
-
)
|
|
300
|
-
signature = Base64.decode64(base64_signature)
|
|
300
|
+
)
|
|
301
|
+
signature = Base64.decode64(OneLogin::RubySaml::Utils.element_text(base64_signature))
|
|
301
302
|
|
|
302
303
|
# canonicalization method
|
|
303
304
|
canon_algorithm = canon_algorithm REXML::XPath.first(
|
|
@@ -338,8 +339,8 @@ module XMLSecurity
|
|
|
338
339
|
ref,
|
|
339
340
|
"//ds:DigestValue",
|
|
340
341
|
{ "ds" => DSIG }
|
|
341
|
-
)
|
|
342
|
-
digest_value = Base64.decode64(encoded_digest_value)
|
|
342
|
+
)
|
|
343
|
+
digest_value = Base64.decode64(OneLogin::RubySaml::Utils.element_text(encoded_digest_value))
|
|
343
344
|
|
|
344
345
|
unless digests_match?(hash, digest_value)
|
|
345
346
|
@errors << "Digest mismatch"
|
data/test/response_test.rb
CHANGED
|
@@ -69,6 +69,20 @@ class RubySamlTest < Minitest::Test
|
|
|
69
69
|
assert_includes ampersands_response.errors, "SAML Response must contain 1 assertion"
|
|
70
70
|
end
|
|
71
71
|
|
|
72
|
+
describe "Prevent node text with comment attack (VU#475445)" do
|
|
73
|
+
before do
|
|
74
|
+
@response = OneLogin::RubySaml::Response.new(read_response('response_node_text_attack.xml.base64'))
|
|
75
|
+
end
|
|
76
|
+
|
|
77
|
+
it "receives the full NameID when there is an injected comment" do
|
|
78
|
+
assert_equal "support@onelogin.com", @response.name_id
|
|
79
|
+
end
|
|
80
|
+
|
|
81
|
+
it "receives the full AttributeValue when there is an injected comment" do
|
|
82
|
+
assert_equal "smith", @response.attributes["surname"]
|
|
83
|
+
end
|
|
84
|
+
end
|
|
85
|
+
|
|
72
86
|
describe "Prevent XEE attack" do
|
|
73
87
|
before do
|
|
74
88
|
@response = OneLogin::RubySaml::Response.new(fixture(:attackxee))
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIElEPSJHT1NBTUxSMTI5MDExNzQ1NzE3OTQiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDEwLTExLTE4VDIxOjU3OjM3WiIgRGVzdGluYXRpb249IntyZWNpcGllbnR9Ij4NCiAgPHNhbWxwOlN0YXR1cz4NCiAgICA8c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+PC9zYW1scDpTdGF0dXM+DQogIDxzYW1sOkFzc2VydGlvbiB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIFZlcnNpb249IjIuMCIgSUQ9InBmeGE0NjU3NGRmLWIzYjAtYTA2YS0yM2M4LTYzNjQxMzE5ODc3MiIgSXNzdWVJbnN0YW50PSIyMDEwLTExLTE4VDIxOjU3OjM3WiI+DQogICAgPHNhbWw6SXNzdWVyPmh0dHBzOi8vYXBwLm9uZWxvZ2luLmNvbS9zYW1sL21ldGFkYXRhLzEzNTkwPC9zYW1sOklzc3Vlcj4NCiAgICA8ZHM6U2lnbmF0dXJlIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCiAgICAgIDxkczpTaWduZWRJbmZvPg0KICAgICAgICA8ZHM6Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPg0KICAgICAgICA8ZHM6U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3JzYS1zaGExIi8+DQogICAgICAgIDxkczpSZWZlcmVuY2UgVVJJPSIjcGZ4YTQ2NTc0ZGYtYjNiMC1hMDZhLTIzYzgtNjM2NDEzMTk4NzcyIj4NCiAgICAgICAgICA8ZHM6VHJhbnNmb3Jtcz4NCiAgICAgICAgICAgIDxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPg0KICAgICAgICAgICAgPGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPg0KICAgICAgICAgIDwvZHM6VHJhbnNmb3Jtcz4NCiAgICAgICAgICA8ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiLz4NCiAgICAgICAgICA8ZHM6RGlnZXN0VmFsdWU+cEpRN01TL2VrNEtSUldHbXYvSDQzUmVIWU1zPTwvZHM6RGlnZXN0VmFsdWU+DQogICAgICAgIDwvZHM6UmVmZXJlbmNlPg0KICAgICAgPC9kczpTaWduZWRJbmZvPg0KICAgICAgPGRzOlNpZ25hdHVyZVZhbHVlPnlpdmVLY1BkRHB1RE5qNnNoclEzQUJ3ci9jQTNDcnlEMnBoRy94TFpzektXeFU1L21sYUt0OGV3YlpPZEtLdnRPczJwSEJ5NUR1YTNrOTRBRnp4R3llbDVnT293bW95WEpyQU9ya1BPMHZsaTFWOG8zaFBQVVp3UmdTWDZROXBTMUNxUWdoS2lFYXNSeXlscXFKVWFQWXptT3pPRTgvWGxNa3dpV21PMD08L2RzOlNpZ25hdHVyZVZhbHVlPg0KICAgICAgPGRzOktleUluZm8+DQogICAgICAgIDxkczpYNTA5RGF0YT4NCiAgICAgICAgICA8ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUJyVENDQWFHZ0F3SUJBZ0lCQVRBREJnRUFNR2N4Q3pBSkJnTlZCQVlUQWxWVE1STXdFUVlEVlFRSURBcERZV3hwWm05eWJtbGhNUlV3RXdZRFZRUUhEQXhUWVc1MFlTQk5iMjVwWTJFeEVUQVBCZ05WQkFvTUNFOXVaVXh2WjJsdU1Sa3dGd1lEVlFRRERCQmhjSEF1YjI1bGJHOW5hVzR1WTI5dE1CNFhEVEV3TURNd09UQTVOVGcwTlZvWERURTFNRE13T1RBNU5UZzBOVm93WnpFTE1Ba0dBMVVFQmhNQ1ZWTXhFekFSQmdOVkJBZ01Da05oYkdsbWIzSnVhV0V4RlRBVEJnTlZCQWNNREZOaGJuUmhJRTF2Ym1sallURVJNQThHQTFVRUNnd0lUMjVsVEc5bmFXNHhHVEFYQmdOVkJBTU1FR0Z3Y0M1dmJtVnNiMmRwYmk1amIyMHdnWjh3RFFZSktvWklodmNOQVFFQkJRQURnWTBBTUlHSkFvR0JBT2pTdTFmalB5OGQ1dzRReUwxemQ0aEl3MU1ra2ZmNFdZL1RMRzhPWmtVNVlUU1dtbUhQRDVrdllINXVvWFMvNnFRODFxWHBSMndWOENUb3daSlVMZzA5ZGRSZFJuOFFzcWoxRnlPQzVzbEUzeTJiWjJvRnVhNzJvZi80OWZwdWpuRlQ2S25RNjFDQk1xbERvVFFxT1Q2MnZHSjhuUDZNWld2QTZzeHF1ZDVBZ01CQUFFd0F3WUJBQU1CQUE9PTwvZHM6WDUwOUNlcnRpZmljYXRlPg0KICAgICAgICA8L2RzOlg1MDlEYXRhPg0KICAgICAgPC9kczpLZXlJbmZvPg0KICAgIDwvZHM6U2lnbmF0dXJlPg0KICAgIDxzYW1sOlN1YmplY3Q+DQogICAgICA8c2FtbDpOYW1lSUQgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoxLjE6bmFtZWlkLWZvcm1hdDplbWFpbEFkZHJlc3MiPnN1cHBvcnQ8IS0tIGF0dGFjayEgLS0+QG9uZWxvZ2luLmNvbTwvc2FtbDpOYW1lSUQ+DQogICAgICA8c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciI+DQogICAgICAgIDxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjAxMC0xMS0xOFQyMjowMjozN1oiIFJlY2lwaWVudD0ie3JlY2lwaWVudH0iLz48L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj4NCiAgICA8L3NhbWw6U3ViamVjdD4NCiAgICA8c2FtbDpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxMC0xMS0xOFQyMTo1MjozN1oiIE5vdE9uT3JBZnRlcj0iMjAxMC0xMS0xOFQyMjowMjozN1oiPg0KICAgICAgPHNhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj4NCiAgICAgICAgPHNhbWw6QXVkaWVuY2U+e2F1ZGllbmNlfTwvc2FtbDpBdWRpZW5jZT4NCiAgICAgIDwvc2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPg0KICAgIDwvc2FtbDpDb25kaXRpb25zPg0KICAgIDxzYW1sOkF1dGhuU3RhdGVtZW50IEF1dGhuSW5zdGFudD0iMjAxMC0xMS0xOFQyMTo1NzozN1oiIFNlc3Npb25Ob3RPbk9yQWZ0ZXI9IjIwMTAtMTEtMTlUMjE6NTc6MzdaIiBTZXNzaW9uSW5kZXg9Il81MzFjMzJkMjgzYmRmZjdlMDRlNDg3YmNkYmM0ZGQ4ZCI+DQogICAgICA8c2FtbDpBdXRobkNvbnRleHQ+DQogICAgICAgIDxzYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkPC9zYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPg0KICAgICAgPC9zYW1sOkF1dGhuQ29udGV4dD4NCiAgICA8L3NhbWw6QXV0aG5TdGF0ZW1lbnQ+DQogICAgPHNhbWw6QXR0cmlidXRlU3RhdGVtZW50Pg0KICAgICAgPHNhbWw6QXR0cmlidXRlIE5hbWU9InN1cm5hbWUiPg0KICAgICAgICA8c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPnM8IS0tIGF0dGFjayEgLS0+bWl0aDwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT4NCiAgICAgIDwvc2FtbDpBdHRyaWJ1dGU+DQogICAgICA8c2FtbDpBdHRyaWJ1dGUgTmFtZT0iYW5vdGhlcl92YWx1ZSI+DQogICAgICAgIDxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+dmFsdWUxPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPg0KICAgICAgICA8c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPnZhbHVlMjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT4NCiAgICAgIDwvc2FtbDpBdHRyaWJ1dGU+DQogICAgICA8c2FtbDpBdHRyaWJ1dGUgTmFtZT0icm9sZSI+DQogICAgICAgIDxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+cm9sZTE8L3NhbWw6QXR0cmlidXRlVmFsdWU+DQogICAgICA8L3NhbWw6QXR0cmlidXRlPg0KICAgIDwvc2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+DQogICAgPHNhbWw6QXR0cmlidXRlU3RhdGVtZW50Pg0KICAgICAgPHNhbWw6QXR0cmlidXRlIE5hbWU9ImZpcnN0bmFtZSI+DQogICAgICAgIDxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+Ym9iPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPg0KICAgICAgPC9zYW1sOkF0dHJpYnV0ZT4gIA0KICAgICAgPHNhbWw6QXR0cmlidXRlIE5hbWU9ImF0dHJpYnV0ZV93aXRoX25pbF92YWx1ZSI+DQogICAgICAgIDxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOm5pbD0idHJ1ZSIvPg0KICAgICAgPC9zYW1sOkF0dHJpYnV0ZT4NCiAgICAgIDxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJhdHRyaWJ1dGVfd2l0aF9uaWxzX2FuZF9lbXB0eV9zdHJpbmdzIj4NCiAgICAgICAgPHNhbWw6QXR0cmlidXRlVmFsdWUvPg0KICAgICAgICA8c2FtbDpBdHRyaWJ1dGVWYWx1ZT52YWx1ZVByZXNlbnQ8L3NhbWw6QXR0cmlidXRlVmFsdWU+DQogICAgICAgIDxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOm5pbD0idHJ1ZSIvPg0KICAgICAgICA8c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTpuaWw9IjEiLz4NCiAgICAgIDwvc2FtbDpBdHRyaWJ1dGU+DQogICAgPC9zYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD4NCiAgPC9zYW1sOkFzc2VydGlvbj4NCjwvc2FtbHA6UmVzcG9uc2U+
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ruby-saml
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.6.
|
|
4
|
+
version: 1.6.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- OneLogin LLC
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-
|
|
11
|
+
date: 2018-02-28 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: nokogiri
|
|
@@ -276,6 +276,7 @@ files:
|
|
|
276
276
|
- test/responses/response_encrypted_nameid.xml.base64
|
|
277
277
|
- test/responses/response_eval.xml
|
|
278
278
|
- test/responses/response_no_cert_and_encrypted_attrs.xml
|
|
279
|
+
- test/responses/response_node_text_attack.xml.base64
|
|
279
280
|
- test/responses/response_unsigned_xml_base64
|
|
280
281
|
- test/responses/response_with_ampersands.xml
|
|
281
282
|
- test/responses/response_with_ampersands.xml.base64
|
|
@@ -337,7 +338,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
337
338
|
version: '0'
|
|
338
339
|
requirements: []
|
|
339
340
|
rubyforge_project: http://www.rubygems.org/gems/ruby-saml
|
|
340
|
-
rubygems_version: 2.
|
|
341
|
+
rubygems_version: 2.4.8
|
|
341
342
|
signing_key:
|
|
342
343
|
specification_version: 4
|
|
343
344
|
summary: SAML Ruby Tookit
|
|
@@ -431,6 +432,7 @@ test_files:
|
|
|
431
432
|
- test/responses/response_encrypted_nameid.xml.base64
|
|
432
433
|
- test/responses/response_eval.xml
|
|
433
434
|
- test/responses/response_no_cert_and_encrypted_attrs.xml
|
|
435
|
+
- test/responses/response_node_text_attack.xml.base64
|
|
434
436
|
- test/responses/response_unsigned_xml_base64
|
|
435
437
|
- test/responses/response_with_ampersands.xml
|
|
436
438
|
- test/responses/response_with_ampersands.xml.base64
|