Some features from the PR #197 (PR splitted) #225
Conversation
pitbulk
commented
Apr 29, 2015
pitbulk
commented
- Comment the code.
- Remove spaces and format some lines.
- Remove unnecessary errors method.
- Improve format_cert and format_private_key.
- Fix xpath injection on xml_security.rb
* Comment the code * Remove spaces and format some lines * Remove unnecesary errors method
|
@luisvm @daniel-g @Lordnibbler can I merge it? |
| attr_accessor :settings | ||
|
|
||
| # Array with the causes |
There was a problem hiding this comment.
will this contain an array of Strings/Objects?
| def service_name(name) | ||
| @name = name | ||
| end | ||
|
|
||
| # Set an index | ||
| # @param name [Integer] An index | ||
| # | ||
| def service_index(index) |
There was a problem hiding this comment.
I was only adding comments on this PR, the code on master is without the =.
Notice that the attribute is index, and we named the setter service_index.
|
👍 lgtm |
|
👍 |
Some features from the PR #197 (PR splitted): * Comment the code. * Remove spaces and format some lines. * Remove unnecessary errors method. * Improve format_cert and format_private_key. * Fix xpath injection on xml_security.rb
|
What are the security concerns around "Fix xpath injection on xml_security.rb"? Is that exploitable in any way? If so, should get a CVE. I also don't see a test focused on that issue. Is there one? |
|
@reedloden It is similar bug than fixed here #183 |
|
Sounds like it needs a CVE then. I'll put in a request for one. |
|
Ok, thanks @reedloden |
|
Requested in http://seclists.org/oss-sec/2015/q3/74 |
|
Also, I went ahead and opened #252 to figure out a better process for handling security issues for the future. |
|
The CVE assigned is CVE-2015-20108 |
