AUTH-255: Sanitize document.signed_element_id via a prepared statement #183
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Status
READY
Description
Fixes a security vulnerability where
OneLogin::RubySaml::Response#xpath_first_from_signed_assertion
was vulnerable to arbitrary code execution through use of a maliciously formed SAML response using a Rubyeval()
statement.Todos
REXML
variableDeploy Notes
Release a new version of Ruby-SAML along with this PR.
Steps to Test or Reproduce
Outline the steps to test or reproduce the PR here.
git pull --prune git checkout AUTH-255 bundle rake # all tests pass!
Impacted Areas in Application
List general components of the application that this PR will affect.
OneLogin::RubySaml::Response