From 87577017f444894f16ef37ca160494744f81a8d3 Mon Sep 17 00:00:00 2001 From: shubhendra Date: Thu, 18 Feb 2021 22:36:54 +0530 Subject: [PATCH 1/8] Prefer rescuing `StandardError` over `Exception` --- .deepsource.toml | 9 +++++++++ lib/onelogin/ruby-saml/saml_message.rb | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) create mode 100644 .deepsource.toml diff --git a/.deepsource.toml b/.deepsource.toml new file mode 100644 index 000000000..a4bfda80a --- /dev/null +++ b/.deepsource.toml @@ -0,0 +1,9 @@ +version = 1 + +test_patterns = ["test/**/*_test.rb"] + +exclude_patterns = ["gemfiles/**"] + +[[analyzers]] +name = "ruby" +enabled = true diff --git a/lib/onelogin/ruby-saml/saml_message.rb b/lib/onelogin/ruby-saml/saml_message.rb index 6f7083cec..565a588f1 100644 --- a/lib/onelogin/ruby-saml/saml_message.rb +++ b/lib/onelogin/ruby-saml/saml_message.rb @@ -69,7 +69,7 @@ def valid_saml?(document, soft = true) xml = Nokogiri::XML(document.to_s) do |config| config.options = XMLSecurity::BaseDocument::NOKOGIRI_OPTIONS end - rescue Exception => error + rescue StandardError => error return false if soft raise ValidationError.new("XML load failed: #{error.message}") end From 83dad5ba2743f6bd013977ad10b8274bb399938d Mon Sep 17 00:00:00 2001 From: shubhendra Date: Thu, 18 Feb 2021 22:36:55 +0530 Subject: [PATCH 2/8] Prefix any unused method arguments with an underscore --- lib/onelogin/ruby-saml/response.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/onelogin/ruby-saml/response.rb b/lib/onelogin/ruby-saml/response.rb index 520beaaeb..c4fa3616d 100644 --- a/lib/onelogin/ruby-saml/response.rb +++ b/lib/onelogin/ruby-saml/response.rb @@ -727,7 +727,7 @@ def validate_issuer # @return [Boolean] True if the SessionNotOnOrAfter of the AuthnStatement is valid, otherwise (when expired) False if soft=True # @raise [ValidationError] if soft == false and validation fails # - def validate_session_expiration(soft = true) + def validate_session_expiration(_soft = true) return true if session_expires_at.nil? now = Time.now.utc From aa5d0f1741f7c0fd137af25226854517552abe3b Mon Sep 17 00:00:00 2001 From: shubhendra Date: Thu, 18 Feb 2021 22:36:56 +0530 Subject: [PATCH 3/8] Remove redundant and unnecessary require statement --- lib/onelogin/ruby-saml/saml_message.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/onelogin/ruby-saml/saml_message.rb b/lib/onelogin/ruby-saml/saml_message.rb index 565a588f1..e28241cd8 100644 --- a/lib/onelogin/ruby-saml/saml_message.rb +++ b/lib/onelogin/ruby-saml/saml_message.rb @@ -4,7 +4,6 @@ require 'nokogiri' require 'rexml/document' require 'rexml/xpath' -require 'thread' require "onelogin/ruby-saml/error_handling" # Only supports SAML 2.0 From 8bc70ccc425cac600696249819d13f31d9278e2c Mon Sep 17 00:00:00 2001 From: shubhendra Date: Thu, 18 Feb 2021 22:36:56 +0530 Subject: [PATCH 4/8] Replaces the old OpenSSL algorithmic constants with the newer strings initializers. --- lib/xml_security.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/xml_security.rb b/lib/xml_security.rb index c316fe759..c2bc50727 100644 --- a/lib/xml_security.rb +++ b/lib/xml_security.rb @@ -218,7 +218,7 @@ def validate_document(idp_cert_fingerprint, soft = true, options = {}) if options[:fingerprint_alg] fingerprint_alg = XMLSecurity::BaseDocument.new.algorithm(options[:fingerprint_alg]).new else - fingerprint_alg = OpenSSL::Digest::SHA1.new + fingerprint_alg = OpenSSL::Digest.new('SHA1') end fingerprint = fingerprint_alg.hexdigest(cert.to_der) From 2be6feb39a1133be7fefe168006885715a3c1459 Mon Sep 17 00:00:00 2001 From: shubhendra Date: Thu, 18 Feb 2021 22:36:57 +0530 Subject: [PATCH 5/8] Remove redundant string coercion --- lib/onelogin/ruby-saml/authrequest.rb | 2 +- lib/onelogin/ruby-saml/logoutrequest.rb | 2 +- lib/onelogin/ruby-saml/saml_message.rb | 2 +- lib/onelogin/ruby-saml/settings.rb | 2 +- lib/onelogin/ruby-saml/slo_logoutresponse.rb | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/onelogin/ruby-saml/authrequest.rb b/lib/onelogin/ruby-saml/authrequest.rb index a4fbf0ca4..6ebb7676b 100644 --- a/lib/onelogin/ruby-saml/authrequest.rb +++ b/lib/onelogin/ruby-saml/authrequest.rb @@ -35,7 +35,7 @@ def create(settings, params = {}) saml_request = CGI.escape(params.delete("SAMLRequest")) request_params = "#{params_prefix}SAMLRequest=#{saml_request}" params.each_pair do |key, value| - request_params << "&#{key.to_s}=#{CGI.escape(value.to_s)}" + request_params << "&#{key}=#{CGI.escape(value.to_s)}" end raise SettingError.new "Invalid settings, idp_sso_target_url is not set!" if settings.idp_sso_target_url.nil? or settings.idp_sso_target_url.empty? @login_url = settings.idp_sso_target_url + request_params diff --git a/lib/onelogin/ruby-saml/logoutrequest.rb b/lib/onelogin/ruby-saml/logoutrequest.rb index 8e8fa739e..33f0ad0ba 100644 --- a/lib/onelogin/ruby-saml/logoutrequest.rb +++ b/lib/onelogin/ruby-saml/logoutrequest.rb @@ -32,7 +32,7 @@ def create(settings, params={}) saml_request = CGI.escape(params.delete("SAMLRequest")) request_params = "#{params_prefix}SAMLRequest=#{saml_request}" params.each_pair do |key, value| - request_params << "&#{key.to_s}=#{CGI.escape(value.to_s)}" + request_params << "&#{key}=#{CGI.escape(value.to_s)}" end raise SettingError.new "Invalid settings, idp_slo_target_url is not set!" if settings.idp_slo_target_url.nil? or settings.idp_slo_target_url.empty? @logout_url = settings.idp_slo_target_url + request_params diff --git a/lib/onelogin/ruby-saml/saml_message.rb b/lib/onelogin/ruby-saml/saml_message.rb index e28241cd8..40059479e 100644 --- a/lib/onelogin/ruby-saml/saml_message.rb +++ b/lib/onelogin/ruby-saml/saml_message.rb @@ -75,7 +75,7 @@ def valid_saml?(document, soft = true) SamlMessage.schema.validate(xml).map do |schema_error| return false if soft - raise ValidationError.new("#{schema_error.message}\n\n#{xml.to_s}") + raise ValidationError.new("#{schema_error.message}\n\n#{xml}") end end diff --git a/lib/onelogin/ruby-saml/settings.rb b/lib/onelogin/ruby-saml/settings.rb index c5a40caf0..82b085797 100644 --- a/lib/onelogin/ruby-saml/settings.rb +++ b/lib/onelogin/ruby-saml/settings.rb @@ -20,7 +20,7 @@ def initialize(overrides = {}, keep_security_attributes = false) end config.each do |k,v| - acc = "#{k.to_s}=".to_sym + acc = "#{k}=".to_sym if respond_to? acc value = v.is_a?(Hash) ? v.dup : v send(acc, value) diff --git a/lib/onelogin/ruby-saml/slo_logoutresponse.rb b/lib/onelogin/ruby-saml/slo_logoutresponse.rb index beecb1016..0048c1daf 100644 --- a/lib/onelogin/ruby-saml/slo_logoutresponse.rb +++ b/lib/onelogin/ruby-saml/slo_logoutresponse.rb @@ -35,7 +35,7 @@ def create(settings, request_id = nil, logout_message = nil, params = {}) saml_response = CGI.escape(params.delete("SAMLResponse")) response_params = "#{params_prefix}SAMLResponse=#{saml_response}" params.each_pair do |key, value| - response_params << "&#{key.to_s}=#{CGI.escape(value.to_s)}" + response_params << "&#{key}=#{CGI.escape(value.to_s)}" end raise SettingError.new "Invalid settings, idp_slo_target_url is not set!" if settings.idp_slo_target_url.nil? or settings.idp_slo_target_url.empty? From 925a10abffeab40a38229f33915a447506a4baba Mon Sep 17 00:00:00 2001 From: shubhendra Date: Thu, 18 Feb 2021 22:36:58 +0530 Subject: [PATCH 6/8] Remove useless access modifiers --- .deepsource.toml | 9 --------- lib/onelogin/ruby-saml/settings.rb | 1 - 2 files changed, 10 deletions(-) delete mode 100644 .deepsource.toml diff --git a/.deepsource.toml b/.deepsource.toml deleted file mode 100644 index a4bfda80a..000000000 --- a/.deepsource.toml +++ /dev/null @@ -1,9 +0,0 @@ -version = 1 - -test_patterns = ["test/**/*_test.rb"] - -exclude_patterns = ["gemfiles/**"] - -[[analyzers]] -name = "ruby" -enabled = true diff --git a/lib/onelogin/ruby-saml/settings.rb b/lib/onelogin/ruby-saml/settings.rb index 82b085797..6fcc5eac5 100644 --- a/lib/onelogin/ruby-saml/settings.rb +++ b/lib/onelogin/ruby-saml/settings.rb @@ -218,7 +218,6 @@ def get_sp_key OpenSSL::PKey::RSA.new(formatted_private_key) end - private DEFAULTS = { :assertion_consumer_service_binding => "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST".freeze, From b71ca2f6853655f70789783a1a3ea0e76cebe5ef Mon Sep 17 00:00:00 2001 From: Shubhendra Singh Chauhan Date: Thu, 25 Feb 2021 19:55:43 +0530 Subject: [PATCH 7/8] removed unused method argument --- lib/onelogin/ruby-saml/response.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/onelogin/ruby-saml/response.rb b/lib/onelogin/ruby-saml/response.rb index c4fa3616d..d55694399 100644 --- a/lib/onelogin/ruby-saml/response.rb +++ b/lib/onelogin/ruby-saml/response.rb @@ -727,7 +727,7 @@ def validate_issuer # @return [Boolean] True if the SessionNotOnOrAfter of the AuthnStatement is valid, otherwise (when expired) False if soft=True # @raise [ValidationError] if soft == false and validation fails # - def validate_session_expiration(_soft = true) + def validate_session_expiration() return true if session_expires_at.nil? now = Time.now.utc From 7c153b68845c66277db4c109a16c53f6d66bc742 Mon Sep 17 00:00:00 2001 From: Shubhendra Singh Chauhan Date: Tue, 9 Nov 2021 22:42:45 +0530 Subject: [PATCH 8/8] Update lib/onelogin/ruby-saml/response.rb --- lib/onelogin/ruby-saml/response.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/onelogin/ruby-saml/response.rb b/lib/onelogin/ruby-saml/response.rb index d55694399..ce4b0d393 100644 --- a/lib/onelogin/ruby-saml/response.rb +++ b/lib/onelogin/ruby-saml/response.rb @@ -727,7 +727,7 @@ def validate_issuer # @return [Boolean] True if the SessionNotOnOrAfter of the AuthnStatement is valid, otherwise (when expired) False if soft=True # @raise [ValidationError] if soft == false and validation fails # - def validate_session_expiration() + def validate_session_expiration return true if session_expires_at.nil? now = Time.now.utc