saml_idp: fix bandit issues
This commit is contained in:
parent
60d4a30992
commit
4d5f688a44
|
@ -30,6 +30,7 @@ class SAMLProvider(Provider):
|
|||
|
||||
@property
|
||||
def processor(self):
|
||||
"""Return selected processor as instance"""
|
||||
if not self._processor:
|
||||
self._processor = path_to_class(self.processor_path)(self)
|
||||
return self._processor
|
||||
|
|
|
@ -4,9 +4,13 @@ from django.urls import path
|
|||
from passbook.saml_idp import views
|
||||
|
||||
urlpatterns = [
|
||||
path('login/', views.LoginBeginView.as_view(), name="saml_login_begin"),
|
||||
path('login/process/', views.LoginProcessView.as_view(), name='saml_login_process'),
|
||||
path('login/<slug:application>/',
|
||||
views.LoginBeginView.as_view(), name="saml_login_begin"),
|
||||
path('login/<slug:application>/idp_init/',
|
||||
views.LoginInitView.as_view(), name="saml_login_init"),
|
||||
path('login/<slug:application>/process/',
|
||||
views.LoginProcessView.as_view(), name='saml_login_process'),
|
||||
path('logout/', views.LogoutView.as_view(), name="saml_logout"),
|
||||
path('metadata/<int:application_id>/',
|
||||
path('metadata/<slug:application>/',
|
||||
views.DescriptorDownloadView.as_view(), name='metadata_xml'),
|
||||
]
|
||||
|
|
|
@ -44,6 +44,7 @@ class CertificateBuilder:
|
|||
self.__certificate = None
|
||||
|
||||
def build(self):
|
||||
"""Build self-signed certificate"""
|
||||
one_day = datetime.timedelta(1, 0, 0)
|
||||
self.__private_key = rsa.generate_private_key(
|
||||
public_exponent=65537,
|
||||
|
|
|
@ -4,7 +4,7 @@ from logging import getLogger
|
|||
from cryptography.hazmat.backends import default_backend
|
||||
from cryptography.hazmat.primitives import serialization
|
||||
from defusedxml import ElementTree
|
||||
from lxml import etree
|
||||
from lxml import etree # nosec
|
||||
from signxml import XMLSigner
|
||||
|
||||
from passbook.lib.utils.template import render_to_string
|
||||
|
@ -17,8 +17,9 @@ def sign_with_signxml(private_key, data, cert, reference_uri=None):
|
|||
key = serialization.load_pem_private_key(
|
||||
str.encode('\n'.join([x.strip() for x in private_key.split('\n')])),
|
||||
password=None, backend=default_backend())
|
||||
root = etree.fromstring(data)
|
||||
# root = ElementTree.fromstring(data, forbid_entities=False)
|
||||
# LXML is used here because defusedxml causes issues with serialization
|
||||
# data is trusted so no issues
|
||||
root = etree.fromstring(data) # nosec
|
||||
signer = XMLSigner(c14n_algorithm='http://www.w3.org/2001/10/xml-exc-c14n#')
|
||||
signed = signer.sign(root, key=key, cert=cert, reference_uri=reference_uri)
|
||||
return ElementTree.tostring(signed)
|
||||
|
|
Reference in a new issue