Skip to content

replace "strip!" from SAML signing digest#647

Closed
bramleyjl wants to merge 6 commits intoSAML-Toolkits:masterfrom
department-of-veterans-affairs:50385_revert_version_change
Closed

replace "strip!" from SAML signing digest#647
bramleyjl wants to merge 6 commits intoSAML-Toolkits:masterfrom
department-of-veterans-affairs:50385_revert_version_change

Conversation

@bramleyjl
Copy link
Copy Markdown

@bramleyjl bramleyjl commented Dec 14, 2022

Description

This PR is for a fix to the compute_digest method that was rendering a nil digest after Base64-encoding it. The reason for this bug is the usage of strip!, a method that returns nil if no whitespace is found on either end of the string to be stripped. By replacing it with strip, an identical method that will return the original string if no whitespace is found to be stripped, this bug can be prevented.

We on the VA.gov development team have been using a forked version of the Ruby-SAML gem with this change since October and have not had any issue with it.

External Links

Link to original issue: #643
Link to code at issue: https://github.com/SAML-Toolkits/ruby-saml/blob/master/lib/xml_security.rb#L178

@bramleyjl bramleyjl mentioned this pull request Dec 14, 2022
Closed
@pitbulk pitbulk mentioned this pull request Jan 2, 2023
Merged
@pitbulk
Copy link
Copy Markdown
Collaborator

pitbulk commented Jan 2, 2023

Fixed in #650

@pitbulk pitbulk closed this Jan 2, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@bramleyjl @pitbulk @bosawt