summaryrefslogtreecommitdiff
path: root/src/saml2/xml
Commit message (Collapse)AuthorAgeFilesLines
* Format code with black and isortIvan Kanakarakis2022-10-011-18/+7
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Include eIDAS definitation in the validator - expose saml2.xml.schema:validateIvan Kanakarakis2022-08-101-52/+66
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Use the files API instead of path from importlib.resourcesIvan Kanakarakis2021-10-191-26/+25
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Use importlib.resources in python >= 3.7Alfredo Moralejo2021-10-111-1/+6
| | | | | | | | importlib.resources was added to python standard library since python 3.7 [1]. This patch is implementing conditional to use it instead of the importlib_resources backport when using python 3.7 or newer. [1] https://docs.python.org/3/whatsnew/3.7.html
* Fix CVE-2021-21238 - SAML XML Signature wrappingIvan Kanakarakis2021-01-152-0/+74
| | | | | | | | | | | | | | | | | | All users of pysaml2 that use the default `CryptoBackendXmlSec1` backend and need to verify signed SAML documents are impacted. `pysaml2 <= 6.4.1` does not validate the SAML document against an XML schema. This allows invalid XML documents to trick the verification process, by presenting elements with a valid signature inside elements whose content has been malformed. The verification is offloaded to `xmlsec1` and `xmlsec1` will not validate every signature in the given document, but only the first it finds in the given scope. Credits for the report: - Victor Schönfelder Garcia (isits AG International School of IT Security) - Juraj Somorovsky (Paderborn University) - Vladislav Mladenov (Ruhr University Bochum) Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* rename xml folder containing template.xmlEric Zarowny2016-04-081-22/+0
|
* Initial add0.4.2Roland Hedberg2012-05-231-0/+22