Skip to content

Remove all reference XML data if any are corrupted #500

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 24, 2025
Merged

Remove all reference XML data if any are corrupted #500

merged 1 commit into from
Apr 24, 2025

Conversation

cjbarth
Copy link
Contributor

@cjbarth cjbarth commented Apr 22, 2025

No description provided.

@cjbarth cjbarth added the bug label Apr 22, 2025
This was referenced Apr 22, 2025
Merged
Merged
markstos
markstos reviewed Apr 22, 2025
View reviewed changes
Copy link

@markstos markstos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Makes sense. Given this change, do we still need the TODO comments, or does this change address that goal?

// TODO: add this breaking change here later on for even more security: this.references = [];

@cjbarth
Copy link
Contributor Author

cjbarth commented Apr 22, 2025

Given this change, do we still need the TODO comments, or does this change address that goal?

It depends on your perspective. On the one hand the current code prevents the unverified XML from getting to the consumer, but leave the other information about the existence of a reference visible. So, if it is acceptable (desirable?) to show that a reference is there, but unverified, then we're done. Otherwise, if we want to just fail the entire payload if it is corrupted in some way, then we have to leave that TODO there.

I'm under the impression that we need to just fail the entire payload if there is any corruption. If it is bad, the most secure thing to do is to throw it away. We are doing forensics such that we want to keep that kind of thing around and make the best of it IMO.

markstos
markstos approved these changes Apr 22, 2025
View reviewed changes
Copy link

@markstos markstos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Makes sense. In that case, approved as-is.

@cjbarth cjbarth merged commit 9b91edf into node-saml:master Apr 24, 2025
5 checks passed
@cjbarth cjbarth deleted the signed-refs-sec branch April 24, 2025 17:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@markstos markstos markstos approved these changes

Assignees
No one assigned
Labels
bug security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cjbarth @markstos