RubyGems - saml2 - Versions diffs - 1.0.8 → 1.0.9 - Mend

saml2 1.0.8 → 1.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (23) hide show

checksums.yaml +4 -4
data/lib/saml2.rb +5 -0
data/lib/saml2/assertion.rb +5 -5
data/lib/saml2/attribute.rb +9 -9
data/lib/saml2/authn_request.rb +17 -5
data/lib/saml2/authn_statement.rb +3 -3
data/lib/saml2/base.rb +5 -5
data/lib/saml2/conditions.rb +6 -6
data/lib/saml2/contact.rb +6 -6
data/lib/saml2/entity.rb +2 -2
data/lib/saml2/identity_provider.rb +6 -6
data/lib/saml2/key.rb +6 -6
data/lib/saml2/organization.rb +4 -4
data/lib/saml2/response.rb +6 -6
data/lib/saml2/sso.rb +0 -2
data/lib/saml2/subject.rb +9 -9
data/lib/saml2/version.rb +1 -1
data/spec/lib/attribute_consuming_service_spec.rb +1 -1
data/spec/lib/attribute_spec.rb +3 -3
data/spec/lib/authn_request_spec.rb +5 -0
data/spec/lib/entity_spec.rb +3 -3
data/spec/lib/indexed_object_spec.rb +1 -1
metadata +3 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 0a2a3fe46968c45f6286e8d20892d5e450d7cd2d
-  data.tar.gz: 38b77b60cfba7566d3de65ac158161cb238e56b5
+  metadata.gz: 5806ee95e988647a1593ddb8c9f833b1c0ae9064
+  data.tar.gz: 536f3c655fb7e81ff79003f46dbd1f3d9ec76d3e
 SHA512:
-  metadata.gz: 5b669dcc2296c61d1fa14a51ef26b7152d529c4e78a2bc57875bfcc132e0c4623ed0ebc6e78616fd3c4d0f68eed3e51f6a9a5da3c85a89bf977287ccf40a0dd5
-  data.tar.gz: 47ccb4ab69acf34047e79806ff37ea8dd5a114d798bac3544b62294bab07268574a66c217ea7ccd2a963291c6d0974b73141312e9f6dd3078ef707e3801e912d
+  metadata.gz: 487c35b7ae581c8dcc89140341cbb7d1513eac561c571b416c4b5a889b2010eacfae9250f7462837425487b90dec337e0c26456c085cf392b2f3c55bb0ab63ca
+  data.tar.gz: ac21dc27daa7f8297187dd7f7a2f9797fdb9fe3c4bb986d7d258edd296a9709ab1ec2a9b3fea0b89fd2b251fec4547ccef31b08c06352459f14ca79d6a49dfc4

data/lib/saml2.rb CHANGED Viewed

@@ -6,4 +6,9 @@ require 'saml2/version'
 require 'saml2/engine' if defined?(::Rails) && Rails::VERSION::MAJOR > 2
 module SAML2
+  class << self
+    def config
+      @config ||= { max_message_size: 1024 * 1024 }
+    end
+  end
 end

data/lib/saml2/assertion.rb CHANGED Viewed

@@ -31,13 +31,13 @@ module SAML2
             ID: id,
             Version: '2.0',
             IssueInstant: issue_instant.iso8601
-        ) do |builder|
-          issuer.build(builder, element: 'Issuer')
+        ) do |assertion|
+          issuer.build(assertion, element: 'Issuer')
-          subject.build(builder)
+          subject.build(assertion)
-          conditions.build(builder)
-          statements.each { |stmt| stmt.build(builder) }
+          conditions.build(assertion)
+          statements.each { |stmt| stmt.build(assertion) }
         end
       end.doc.root
     end

data/lib/saml2/attribute.rb CHANGED Viewed

@@ -52,13 +52,13 @@ module SAML2
     end
     def build(builder)
-      builder['saml'].Attribute('Name' => name) do |builder|
-        builder.parent['FriendlyName'] = friendly_name if friendly_name
-        builder.parent['NameFormat'] = name_format if name_format
+      builder['saml'].Attribute('Name' => name) do |attribute|
+        attribute.parent['FriendlyName'] = friendly_name if friendly_name
+        attribute.parent['NameFormat'] = name_format if name_format
         Array.wrap(value).each do |value|
           xsi_type, val = convert_to_xsi(value)
-          builder['saml'].AttributeValue(val) do |builder|
-            builder.parent['xsi:type'] = xsi_type if xsi_type
+          attribute['saml'].AttributeValue(val) do |attribute_value|
+            attribute_value.parent['xsi:type'] = xsi_type if xsi_type
           end
         end
       end
@@ -68,8 +68,8 @@ module SAML2
       @name = node['Name']
       @friendly_name = node['FriendlyName']
       @name_format = node['NameFormat']
-      values = node.xpath('saml:AttributeValue', Namespaces::ALL).map do |node|
-        convert_from_xsi(node.attribute_with_ns('type', Namespaces::XSI), node.content && node.content.strip)
+      values = node.xpath('saml:AttributeValue', Namespaces::ALL).map do |value|
+        convert_from_xsi(value.attribute_with_ns('type', Namespaces::XSI), value.content && value.content.strip)
       end
       @value = case values.length
                when 0; nil
@@ -131,8 +131,8 @@ module SAML2
     def build(builder)
       builder['saml'].AttributeStatement('xmlns:xs' => Namespaces::XS,
-                                         'xmlns:xsi' => Namespaces::XSI) do |builder|
-        @attributes.each { |attr| attr.build(builder) }
+                                         'xmlns:xsi' => Namespaces::XSI) do |statement|
+        @attributes.each { |attr| attr.build(statement) }
       end
     end
   end

data/lib/saml2/authn_request.rb CHANGED Viewed

@@ -9,16 +9,28 @@ require 'saml2/schemas'
 require 'saml2/subject'
 module SAML2
+  class MessageTooLarge < RuntimeError
+  end
   class AuthnRequest
     def self.decode(authnrequest)
       begin
-        zstream  = Zlib::Inflate.new(-Zlib::MAX_WBITS)
-        authnrequest = zstream.inflate(Base64.decode64(authnrequest))
-        zstream.finish
+        raise MessageTooLarge if authnrequest.bytesize > SAML2.config[:max_message_size]
+        authnrequest = Base64.decode64(authnrequest)
+        zstream = Zlib::Inflate.new
+        xml = ''
+        # do it in 1K slices, so we can protect against bombs
+        (0..authnrequest.bytesize / 1024).each do |i|
+          xml.concat(zstream.inflate(authnrequest.byteslice(i * 1024, 1024)))
+          raise MessageTooLarge if xml.bytesize > SAML2.config[:max_message_size]
+        end
+        xml.concat(zstream.finish)
+        raise MessageTooLarge if xml.bytesize > SAML2.config[:max_message_size]
         zstream.close
-      rescue Zlib::BufError
+      rescue Zlib::DataError, Zlib::BufError
       end
-      parse(authnrequest)
+      parse(xml)
     end
     def self.parse(authnrequest)

data/lib/saml2/authn_statement.rb CHANGED Viewed

@@ -16,9 +16,9 @@ module SAML2
     attr_accessor :authn_instant, :authn_context_class_ref
     def build(builder)
-      builder['saml'].AuthnStatement('AuthnInstant' => authn_instant.iso8601) do |builder|
-        builder['saml'].AuthnContext do |builder|
-          builder['saml'].AuthnContextClassRef(authn_context_class_ref) if authn_context_class_ref
+      builder['saml'].AuthnStatement('AuthnInstant' => authn_instant.iso8601) do |authn_statement|
+        authn_statement['saml'].AuthnContext do |authn_context|
+          authn_context['saml'].AuthnContextClassRef(authn_context_class_ref) if authn_context_class_ref
         end
       end
     end

data/lib/saml2/base.rb CHANGED Viewed

@@ -27,17 +27,17 @@ module SAML2
     end
     def self.load_string_array(node, element)
-      node.xpath(element, Namespaces::ALL).map do |node|
-        node.content && node.content.strip
+      node.xpath(element, Namespaces::ALL).map do |element_node|
+        element_node.content && element_node.content.strip
       end
     end
     def self.load_object_array(node, element, klass)
-      node.xpath(element, Namespaces::ALL).map do |node|
+      node.xpath(element, Namespaces::ALL).map do |element_node|
         if klass.is_a?(Hash)
-          klass[node.name].from_xml(node)
+          klass[element_node.name].from_xml(element_node)
         else
-          klass.from_xml(node)
+          klass.from_xml(element_node)
         end
       end
     end

data/lib/saml2/conditions.rb CHANGED Viewed

@@ -26,12 +26,12 @@ module SAML2
     end
     def build(builder)
-      builder['saml'].Conditions do |builder|
-        builder.parent['NotBefore'] = not_before.iso8601 if not_before
-        builder.parent['NotOnOrAfter'] = not_on_or_after.iso8601 if not_on_or_after
+      builder['saml'].Conditions do |conditions|
+        conditions.parent['NotBefore'] = not_before.iso8601 if not_before
+        conditions.parent['NotOnOrAfter'] = not_on_or_after.iso8601 if not_on_or_after
         each do |condition|
-          condition.build(builder)
+          condition.build(conditions)
         end
       end
     end
@@ -55,9 +55,9 @@ module SAML2
       end
       def build(builder)
-        builder['saml'].AudienceRestriction do |builder|
+        builder['saml'].AudienceRestriction do |audience_restriction|
           Array.wrap(audience).each do |single_audience|
-            builder['saml'].Audience(single_audience)
+            audience_restriction['saml'].Audience(single_audience)
           end
         end
       end

data/lib/saml2/contact.rb CHANGED Viewed

@@ -34,15 +34,15 @@ module SAML2
     end
     def build(builder)
-      builder['md'].ContactPerson('contactType' => type) do |builder|
-        builder['md'].Company(company) if company
-        builder['md'].GivenName(given_name) if given_name
-        builder['md'].SurName(surname) if surname
+      builder['md'].ContactPerson('contactType' => type) do |contact_person|
+        contact_person['md'].Company(company) if company
+        contact_person['md'].GivenName(given_name) if given_name
+        contact_person['md'].SurName(surname) if surname
         email_addresses.each do |email|
-          builder['md'].EmailAddress(email)
+          contact_person['md'].EmailAddress(email)
         end
         telephone_numbers.each do |tel|
-          builder['md'].TelephoneNumber(tel)
+          contact_person['md'].TelephoneNumber(tel)
         end
       end
     end

data/lib/saml2/entity.rb CHANGED Viewed

@@ -120,9 +120,9 @@ module SAML2
       builder['md'].EntityDescriptor('entityID' => entity_id,
                                      'xmlns:md' => Namespaces::METADATA,
                                      'xmlns:dsig' => Namespaces::DSIG,
-                                     'xmlns:xenc' => Namespaces::XENC) do |builder|
+                                     'xmlns:xenc' => Namespaces::XENC) do |entity_descriptor|
         roles.each do |role|
-          role.build(builder)
+          role.build(entity_descriptor)
         end
         super

data/lib/saml2/identity_provider.rb CHANGED Viewed

@@ -41,21 +41,21 @@ module SAML2
     end
     def build(builder)
-      builder['md'].IDPSSODescriptor do |builder|
-        super(builder)
+      builder['md'].IDPSSODescriptor do |idp_sso_descriptor|
+        super(idp_sso_descriptor)
-        builder['WantAuthnRequestsSigned'] = want_authn_requests_signed? unless want_authn_requests_signed?.nil?
+        idp_sso_descriptor['WantAuthnRequestsSigned'] = want_authn_requests_signed? unless want_authn_requests_signed?.nil?
         single_sign_on_services.each do |sso|
-          sso.build(builder, 'SingleSignOnService')
+          sso.build(idp_sso_descriptor, 'SingleSignOnService')
         end
         attribute_profiles.each do |ap|
-          builder['md'].AttributeProfile(ap)
+          idp_sso_descriptor['md'].AttributeProfile(ap)
         end
         attributes.each do |attr|
-          attr.build(builder)
+          attr.build(idp_sso_descriptor)
         end
       end
     end

data/lib/saml2/key.rb CHANGED Viewed

@@ -38,15 +38,15 @@ module SAML2
     end
     def build(builder)
-      builder['md'].KeyDescriptor do |builder|
-        builder.parent['use'] = use if use
-        builder['dsig'].KeyInfo do |builder|
-          builder['dsig'].X509Data do |builder|
-            builder['dsig'].X509Certificate(x509)
+      builder['md'].KeyDescriptor do |key_descriptor|
+        key_descriptor.parent['use'] = use if use
+        key_descriptor['dsig'].KeyInfo do |key_info|
+          key_info['dsig'].X509Data do |x509_data|
+            x509_data['dsig'].X509Certificate(x509)
           end
         end
         encryption_methods.each do |method|
-          builder['xenc'].EncryptionMethod('Algorithm' => method)
+          key_descriptor['xenc'].EncryptionMethod('Algorithm' => method)
         end
       end
     end

data/lib/saml2/organization.rb CHANGED Viewed

@@ -37,10 +37,10 @@ module SAML2
     end
     def build(builder)
-      builder['md'].Organization do |builder|
-        self.class.build(builder, @name, 'OrganizationName')
-        self.class.build(builder, @display_name, 'OrganizationDisplayName')
-        self.class.build(builder, @url, 'OrganizationURL')
+      builder['md'].Organization do |organization|
+        self.class.build(organization, @name, 'OrganizationName')
+        self.class.build(organization, @display_name, 'OrganizationDisplayName')
+        self.class.build(organization, @url, 'OrganizationURL')
       end
     end

data/lib/saml2/response.rb CHANGED Viewed

@@ -77,17 +77,17 @@ module SAML2
         Version: '2.0',
         IssueInstant: issue_instant.iso8601,
         Destination: destination
-      ) do |builder|
-        builder.parent['InResponseTo'] = in_response_to if in_response_to
+      ) do |response|
+        response.parent['InResponseTo'] = in_response_to if in_response_to
-        issuer.build(builder, element: 'Issuer', include_namespace: true) if issuer
+        issuer.build(response, element: 'Issuer', include_namespace: true) if issuer
-        builder['samlp'].Status do |builder|
-          builder['samlp'].StatusCode(Value: status_code)
+        response['samlp'].Status do |status|
+          status['samlp'].StatusCode(Value: status_code)
           end
         assertions.each do |assertion|
-          builder.parent << assertion.to_xml
+          response.parent << assertion.to_xml
         end
       end
     end

data/lib/saml2/sso.rb CHANGED Viewed

@@ -2,8 +2,6 @@ require 'saml2/role'
 module SAML2
   class SSO < Role
-    attr_reader :single_logout_services, :name_id_formats
     def initialize
       super
       @single_logout_services = []

data/lib/saml2/subject.rb CHANGED Viewed

@@ -14,9 +14,9 @@ module SAML2
     end
     def build(builder)
-      builder['saml'].Subject do |builder|
-        name_id.build(builder) if name_id
-        confirmation.build(builder) if confirmation
+      builder['saml'].Subject do |subject|
+        name_id.build(subject) if name_id
+        confirmation.build(subject) if confirmation
       end
     end
@@ -30,16 +30,16 @@ module SAML2
       attr_accessor :method, :not_before, :not_on_or_after, :recipient, :in_response_to
       def build(builder)
-        builder['saml'].SubjectConfirmation('Method' => method) do |builder|
+        builder['saml'].SubjectConfirmation('Method' => method) do |subject_confirmation|
           if in_response_to ||
               recipient ||
               not_before ||
               not_on_or_after
-            builder['saml'].SubjectConfirmationData do |builder|
-              builder.parent['NotBefore'] = not_before.iso8601 if not_before
-              builder.parent['NotOnOrAfter'] = not_on_or_after.iso8601 if not_on_or_after
-              builder.parent['Recipient'] = recipient if recipient
-              builder.parent['InResponseTo'] = in_response_to if in_response_to
+            subject_confirmation['saml'].SubjectConfirmationData do |subject_confirmation_data|
+              subject_confirmation_data.parent['NotBefore'] = not_before.iso8601 if not_before
+              subject_confirmation_data.parent['NotOnOrAfter'] = not_on_or_after.iso8601 if not_on_or_after
+              subject_confirmation_data.parent['Recipient'] = recipient if recipient
+              subject_confirmation_data.parent['InResponseTo'] = in_response_to if in_response_to
             end
           end
         end

data/lib/saml2/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module SAML2
-  VERSION = '1.0.8'
+  VERSION = '1.0.9'
 end

data/spec/lib/attribute_consuming_service_spec.rb CHANGED Viewed

@@ -119,7 +119,7 @@ module SAML2
         attr.value = 'value'
         acs.requested_attributes << attr
         stmt = acs.create_statement({})
-        stmt.must_equal nil
+        assert_nil(stmt)
       end
     end

data/spec/lib/attribute_spec.rb CHANGED Viewed

@@ -4,9 +4,9 @@ module SAML2
   describe Attribute do
     def serialize(attribute)
       doc = Nokogiri::XML::Builder.new do |builder|
-        builder['saml'].Root('xmlns:saml' => Namespaces::SAML) do |builder|
-          attribute.build(builder)
-          builder.parent.child['xmlns:saml'] = Namespaces::SAML
+        builder['saml'].Root('xmlns:saml' => Namespaces::SAML) do |root|
+          attribute.build(root)
+          root.parent.child['xmlns:saml'] = Namespaces::SAML
         end
       end.doc
       doc.root.child.to_s

data/spec/lib/authn_request_spec.rb CHANGED Viewed

@@ -15,6 +15,11 @@ module SAML2
         authnrequest = AuthnRequest.decode('abc')
         authnrequest.valid_schema?.must_equal false
       end
+      it "doesn't allow deflate bombs" do
+        bomb = Base64.encode64(Zlib::Deflate.deflate("\0" * 2 * 1024 * 1024))
+        -> { AuthnRequest.decode(bomb) }.must_raise MessageTooLarge
+      end
     end
     it "should be valid" do

data/spec/lib/entity_spec.rb CHANGED Viewed

@@ -9,12 +9,12 @@ module SAML2
     it "should return nil when not valid schema" do
       entity = Entity.parse("<xml></xml>")
-      entity.must_equal nil
+      assert_nil(entity)
     end
     it "should return nil on non-XML" do
       entity = Entity.parse("garbage")
-      entity.must_equal nil
+      assert_nil(entity)
     end
     describe "valid schema" do
@@ -27,7 +27,7 @@ module SAML2
       it "should parse the organization" do
         entity.organization.display_name.must_equal 'Canvas'
         entity.organization.display_name('en').must_equal 'Canvas'
-        entity.organization.display_name('es').must_equal nil
+        assert_nil(entity.organization.display_name('es'))
         entity.organization.display_name(:all).must_equal en: 'Canvas'
       end

data/spec/lib/indexed_object_spec.rb CHANGED Viewed

@@ -16,7 +16,7 @@ module SAML2
       acses.map(&:location).must_equal ['a', 'b']
       acses[1].location.must_equal 'a'
       acses[3].location.must_equal 'b'
-      acses[0].must_equal nil
+      assert_nil(acses[0])
     end
     describe "#default" do

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: saml2
 version: !ruby/object:Gem::Version
-  version: 1.0.8
+  version: 1.0.9
 platform: ruby
 authors:
 - Cody Cutrer
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-02-06 00:00:00.000000000 Z
+date: 2017-03-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri
@@ -193,7 +193,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.6.10
+rubygems_version: 2.6.11
 signing_key:
 specification_version: 4
 summary: SAML 2.0 Library