-
-
Notifications
You must be signed in to change notification settings - Fork 566
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Some features from the PR #197 (PR splitted) #225
Conversation
pitbulk
commented
Apr 29, 2015
- Comment the code.
- Remove spaces and format some lines.
- Remove unnecessary errors method.
- Improve format_cert and format_private_key.
- Fix xpath injection on xml_security.rb
* Comment the code * Remove spaces and format some lines * Remove unnecesary errors method
@luisvm @daniel-g @Lordnibbler can I merge it? |
attr_accessor :settings | ||
|
||
# Array with the causes |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
will this contain an array of Strings/Objects?
def service_name(name) | ||
@name = name | ||
end | ||
|
||
# Set an index | ||
# @param name [Integer] An index | ||
# | ||
def service_index(index) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why not service_index= ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was only adding comments on this PR, the code on master is without the =.
Notice that the attribute is index, and we named the setter service_index.
👍 lgtm |
👍 |
Some features from the PR #197 (PR splitted): * Comment the code. * Remove spaces and format some lines. * Remove unnecessary errors method. * Improve format_cert and format_private_key. * Fix xpath injection on xml_security.rb
What are the security concerns around "Fix xpath injection on xml_security.rb"? Is that exploitable in any way? If so, should get a CVE. I also don't see a test focused on that issue. Is there one? |
@reedloden It is similar bug than fixed here #183 |
Sounds like it needs a CVE then. I'll put in a request for one. |
Ok, thanks @reedloden |
Requested in http://seclists.org/oss-sec/2015/q3/74 |
Also, I went ahead and opened #252 to figure out a better process for handling security issues for the future. |
The CVE assigned is CVE-2015-20108 |