From a3a25eb2f54bbcda83c8fd6b908d48323f3e06e1 Mon Sep 17 00:00:00 2001 From: johnnyshields <27655+johnnyshields@users.noreply.github.com> Date: Thu, 11 Jul 2024 01:06:21 +0900 Subject: [PATCH 1/2] Remove stray "include REXML" --- lib/ruby_saml/authrequest.rb | 1 - lib/ruby_saml/idp_metadata_parser.rb | 1 - lib/ruby_saml/saml_message.rb | 1 - 3 files changed, 3 deletions(-) diff --git a/lib/ruby_saml/authrequest.rb b/lib/ruby_saml/authrequest.rb index a96ae94f..95a4433a 100644 --- a/lib/ruby_saml/authrequest.rb +++ b/lib/ruby_saml/authrequest.rb @@ -9,7 +9,6 @@ # Only supports SAML 2.0 module RubySaml - include REXML # SAML2 Authentication. AuthNRequest (SSO SP initiated, Builder) # diff --git a/lib/ruby_saml/idp_metadata_parser.rb b/lib/ruby_saml/idp_metadata_parser.rb index 08a80199..7c69a457 100644 --- a/lib/ruby_saml/idp_metadata_parser.rb +++ b/lib/ruby_saml/idp_metadata_parser.rb @@ -8,7 +8,6 @@ # Only supports SAML 2.0 module RubySaml - include REXML # Auxiliary class to retrieve and parse the Identity Provider Metadata # diff --git a/lib/ruby_saml/saml_message.rb b/lib/ruby_saml/saml_message.rb index 7d38ec90..b9dc997f 100644 --- a/lib/ruby_saml/saml_message.rb +++ b/lib/ruby_saml/saml_message.rb @@ -15,7 +15,6 @@ module RubySaml # SAML2 Message # class SamlMessage - include REXML ASSERTION = "urn:oasis:names:tc:SAML:2.0:assertion" PROTOCOL = "urn:oasis:names:tc:SAML:2.0:protocol" From db1f6c15e722473a46730aa4d7b0c5cee2627c8f Mon Sep 17 00:00:00 2001 From: johnnyshields <27655+johnnyshields@users.noreply.github.com> Date: Thu, 11 Jul 2024 01:07:46 +0900 Subject: [PATCH 2/2] Change deprecated REXML::Document.entity_expansion_limit to REXML::Security.entity_expansion_limit --- .rubocop_todo.yml | 21 ++++++++------------- lib/ruby_saml/xml/base_document.rb | 2 +- 2 files changed, 9 insertions(+), 14 deletions(-) diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml index 564b4825..f8a166e5 100644 --- a/.rubocop_todo.yml +++ b/.rubocop_todo.yml @@ -1,6 +1,6 @@ # This configuration was generated by # `rubocop --auto-gen-config` -# on 2024-07-09 08:57:21 UTC using RuboCop version 1.64.1. +# on 2024-07-10 16:10:44 UTC using RuboCop version 1.64.1. # The point is for the user to remove these configuration records # one by one as the offenses are removed from the code base. # Note that changes in the inspected code, or installation of new @@ -20,7 +20,7 @@ Layout/EmptyLineAfterGuardClause: - 'lib/ruby_saml/slo_logoutrequest.rb' - 'lib/ruby_saml/slo_logoutresponse.rb' -# Offense count: 6 +# Offense count: 7 # This cop supports safe autocorrection (--autocorrect). # Configuration parameters: EnforcedStyle. # SupportedStyles: empty_lines, empty_lines_except_namespace, empty_lines_special, no_empty_lines, beginning_only, ending_only @@ -31,6 +31,7 @@ Layout/EmptyLinesAroundClassBody: - 'lib/ruby_saml/logoutrequest.rb' - 'lib/ruby_saml/logoutresponse.rb' - 'lib/ruby_saml/metadata.rb' + - 'lib/ruby_saml/saml_message.rb' - 'lib/ruby_saml/slo_logoutresponse.rb' # Offense count: 1 @@ -39,7 +40,7 @@ Layout/EmptyLinesAroundMethodBody: Exclude: - 'lib/ruby_saml/slo_logoutrequest.rb' -# Offense count: 11 +# Offense count: 13 # This cop supports safe autocorrection (--autocorrect). # Configuration parameters: EnforcedStyle. # SupportedStyles: empty_lines, empty_lines_except_namespace, empty_lines_special, no_empty_lines @@ -47,6 +48,8 @@ Layout/EmptyLinesAroundModuleBody: Exclude: - 'lib/ruby_saml/attribute_service.rb' - 'lib/ruby_saml/attributes.rb' + - 'lib/ruby_saml/authrequest.rb' + - 'lib/ruby_saml/idp_metadata_parser.rb' - 'lib/ruby_saml/logoutrequest.rb' - 'lib/ruby_saml/logoutresponse.rb' - 'lib/ruby_saml/metadata.rb' @@ -294,7 +297,7 @@ Performance/StringReplacement: - 'lib/ruby_saml/utils.rb' - 'lib/ruby_saml/xml/document.rb' -# Offense count: 52 +# Offense count: 48 # This cop supports safe autocorrection (--autocorrect). # Configuration parameters: EnforcedStyle. # SupportedStyles: separated, grouped @@ -414,14 +417,6 @@ Style/ModuleFunction: Exclude: - 'lib/ruby_saml/logging.rb' -# Offense count: 1 -# This cop supports unsafe autocorrection (--autocorrect-all). -# Configuration parameters: EnforcedStyle, Autocorrect. -# SupportedStyles: module_function, extend_self, forbidden -Style/ModuleFunction: - Exclude: - - 'lib/ruby_saml/logging.rb' - # Offense count: 16 # Configuration parameters: AllowedMethods. # AllowedMethods: respond_to_missing? @@ -514,7 +509,7 @@ Style/SymbolArray: Exclude: - 'lib/ruby_saml/settings.rb' -# Offense count: 95 +# Offense count: 92 # This cop supports safe autocorrection (--autocorrect). # Configuration parameters: AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, AllowedPatterns. # URISchemes: http, https diff --git a/lib/ruby_saml/xml/base_document.rb b/lib/ruby_saml/xml/base_document.rb index a2918eab..8cfcce26 100644 --- a/lib/ruby_saml/xml/base_document.rb +++ b/lib/ruby_saml/xml/base_document.rb @@ -10,7 +10,7 @@ module RubySaml module XML class BaseDocument < REXML::Document - REXML::Document.entity_expansion_limit = 0 + REXML::Security.entity_expansion_limit = 0 C14N = 'http://www.w3.org/2001/10/xml-exc-c14n#' DSIG = 'http://www.w3.org/2000/09/xmldsig#'