Invalid saml requests will no longet cause exceptions

zendesk / samlr

Clean room implementation of SAML for Ruby

Apache License 2.0

30 stars 12 forks source link

Invalid saml requests will no longet cause exceptions #24

Closed amirhajimirsadeghi closed 7 years ago

amirhajimirsadeghi commented 7 years ago

@zendesk/secdev

Description

Invalid Logout Requests would throw exceptions, fixed so that it responds with nil now

Risk

None: Just added a layer of protection where Exceptions were being thrown

amirhajimirsadeghi commented 7 years ago

@kintner fixed, what do you think?

kintner commented 7 years ago

Just a small style nit:

def self.inflate(data)
   inflater  = Zlib::Inflate.new(-Zlib::MAX_WBITS)
   decoded = inflater.inflate(data)
   inflater.finish
   inflater.close
   decoded
rescue Zlib::BufError, Zlib::DataError
  nil
end

amirhajimirsadeghi commented 7 years ago

@kintner 💇