response_test.rb in ruby-saml-0.8.3

- old
+ new
@@ -149,9 +149,17 @@
         settings = OneLogin::RubySaml::Settings.new
         settings.idp_cert_fingerprint = signature_fingerprint_1
         response.settings = settings
         assert_raises(OneLogin::RubySaml::ValidationError, 'Digest mismatch'){ response.validate! }
       end
+
+      should "Prevent node text with comment (VU#475445) attack" do
+        response_doc = File.read(File.join(File.dirname(__FILE__), "responses", 'response_node_text_attack.xml.base64'))
+        response = OneLogin::RubySaml::Response.new(response_doc)
+
+        assert_equal "support@onelogin.com", response.name_id
+        assert_equal "smith", response.attributes["surname"]
+      end
     end
 
     context "#name_id" do
       should "extract the value of the name id element" do
         response = OneLogin::RubySaml::Response.new(response_document)