saml_idp(minor): rewrite to use defusedxml instead of bs4

This commit is contained in:
Langhammer, Jens 2019-10-04 09:50:25 +02:00
parent c7322a32a0
commit 2b8fed8f4e
3 changed files with 14 additions and 12 deletions

View file

@ -1,15 +1,15 @@
"""passbook policy engine""" """passbook policy engine"""
from multiprocessing import Pipe from multiprocessing import Pipe
from multiprocessing.connection import Connection from multiprocessing.connection import Connection
from typing import List, Tuple, Tuple from typing import List, Tuple
from django.core.cache import cache from django.core.cache import cache
from django.http import HttpRequest from django.http import HttpRequest
from structlog import get_logger from structlog import get_logger
from passbook.core.models import Policy, User from passbook.core.models import Policy, User
from passbook.policy.struct import PolicyRequest, PolicyResult
from passbook.policy.task import PolicyTask from passbook.policy.task import PolicyTask
from passbook.policy.struct import PolicyResult, PolicyRequest
LOGGER = get_logger() LOGGER = get_logger()

View file

@ -1,16 +1,18 @@
"""policy structs""" """policy structs"""
from typing import List from typing import TYPE_CHECKING, List
from django.http import HttpRequest from django.http import HttpRequest
if TYPE_CHECKING:
from passbook.core.models import User
class PolicyRequest: class PolicyRequest:
"""Data-class to hold policy request data""" """Data-class to hold policy request data"""
user: 'passbook.core.models.User' user: 'User'
http_request: HttpRequest http_request: HttpRequest
def __init__(self, user: 'passbook.core.models.User'): def __init__(self, user: 'User'):
self.user = user self.user = user
def __str__(self): def __str__(self):

View file

@ -3,7 +3,7 @@
import time import time
import uuid import uuid
from bs4 import BeautifulSoup from defusedxml import ElementTree
from structlog import get_logger from structlog import get_logger
from passbook.saml_idp import exceptions, utils, xml_render from passbook.saml_idp import exceptions, utils, xml_render
@ -204,13 +204,13 @@ class Processor:
if not str(self._request_xml.strip()).startswith('<'): if not str(self._request_xml.strip()).startswith('<'):
raise Exception('RequestXML is not valid XML; ' raise Exception('RequestXML is not valid XML; '
'it may need to be decoded or decompressed.') 'it may need to be decoded or decompressed.')
soup = BeautifulSoup(self._request_xml, features="xml")
request = soup.findAll()[0] root = ElementTree.fromstring(self._request_xml)
params = {} params = {}
params['ACS_URL'] = request['AssertionConsumerServiceURL'] params['ACS_URL'] = root.attrib['AssertionConsumerServiceURL']
params['REQUEST_ID'] = request['ID'] params['REQUEST_ID'] = root.attrib['ID']
params['DESTINATION'] = request.get('Destination', '') params['DESTINATION'] = root.attrib.get('Destination', '')
params['PROVIDER_NAME'] = request.get('ProviderName', '') params['PROVIDER_NAME'] = root.attrib.get('ProviderName', '')
self._request_params = params self._request_params = params
def _reset(self, django_request, sp_config=None): def _reset(self, django_request, sp_config=None):