1 | <?php |
||
2 | |||
3 | declare(strict_types=1); |
||
4 | |||
5 | namespace SimpleSAML\Auth; |
||
6 | |||
7 | use SimpleSAML\Configuration; |
||
8 | use SimpleSAML\Error; |
||
9 | use SimpleSAML\Logger; |
||
10 | use SimpleSAML\Module; |
||
11 | use SimpleSAML\Session; |
||
12 | use SimpleSAML\Utils; |
||
13 | |||
14 | /** |
||
15 | * This class defines a base class for authentication source. |
||
16 | * |
||
17 | * An authentication source is any system which somehow authenticate the user. |
||
18 | * |
||
19 | * @author Olav Morken, UNINETT AS. |
||
20 | * @package SimpleSAMLphp |
||
21 | */ |
||
22 | |||
23 | abstract class Source |
||
24 | { |
||
25 | /** |
||
26 | * The authentication source identifier. This identifier can be used to look up this object, for example when |
||
27 | * returning from a login form. |
||
28 | * |
||
29 | * @var string |
||
30 | */ |
||
31 | protected $authId; |
||
32 | |||
33 | |||
34 | /** |
||
35 | * Constructor for an authentication source. |
||
36 | * |
||
37 | * Any authentication source which implements its own constructor must call this |
||
38 | * constructor first. |
||
39 | * |
||
40 | * @param array $info Information about this authentication source. |
||
41 | * @param array &$config Configuration for this authentication source. |
||
42 | */ |
||
43 | public function __construct($info, &$config) |
||
44 | { |
||
45 | assert(is_array($info)); |
||
46 | assert(is_array($config)); |
||
47 | |||
48 | assert(array_key_exists('AuthId', $info)); |
||
49 | $this->authId = $info['AuthId']; |
||
50 | } |
||
51 | |||
52 | |||
53 | /** |
||
54 | * Get sources of a specific type. |
||
55 | * |
||
56 | * @param string $type The type of the authentication source. |
||
57 | * |
||
58 | * @return Source[] Array of \SimpleSAML\Auth\Source objects of the specified type. |
||
59 | * @throws \Exception If the authentication source is invalid. |
||
60 | */ |
||
61 | public static function getSourcesOfType($type) |
||
62 | { |
||
63 | assert(is_string($type)); |
||
64 | |||
65 | $config = Configuration::getConfig('authsources.php'); |
||
66 | |||
67 | $ret = []; |
||
68 | |||
69 | $sources = $config->getOptions(); |
||
70 | foreach ($sources as $id) { |
||
71 | $source = $config->getArray($id); |
||
72 | |||
73 | self::validateSource($source, $id); |
||
74 | |||
75 | if ($source[0] !== $type) { |
||
76 | continue; |
||
77 | } |
||
78 | |||
79 | $ret[] = self::parseAuthSource($id, $source); |
||
80 | } |
||
81 | |||
82 | return $ret; |
||
83 | } |
||
84 | |||
85 | |||
86 | /** |
||
87 | * Retrieve the ID of this authentication source. |
||
88 | * |
||
89 | * @return string The ID of this authentication source. |
||
90 | */ |
||
91 | public function getAuthId() |
||
92 | { |
||
93 | return $this->authId; |
||
94 | } |
||
95 | |||
96 | |||
97 | /** |
||
98 | * Process a request. |
||
99 | * |
||
100 | * If an authentication source returns from this function, it is assumed to have |
||
101 | * authenticated the user, and should have set elements in $state with the attributes |
||
102 | * of the user. |
||
103 | * |
||
104 | * If the authentication process requires additional steps which make it impossible to |
||
105 | * complete before returning from this function, the authentication source should |
||
106 | * save the state, and at a later stage, load the state, update it with the authentication |
||
107 | * information about the user, and call completeAuth with the state array. |
||
108 | * |
||
109 | * @param array &$state Information about the current authentication. |
||
110 | * @return void |
||
111 | */ |
||
112 | abstract public function authenticate(&$state); |
||
113 | |||
114 | |||
115 | /** |
||
116 | * Reauthenticate an user. |
||
117 | * |
||
118 | * This function is called by the IdP to give the authentication source a chance to |
||
119 | * interact with the user even in the case when the user is already authenticated. |
||
120 | * |
||
121 | * @param array &$state Information about the current authentication. |
||
122 | * @return void |
||
123 | */ |
||
124 | public function reauthenticate(array &$state) |
||
125 | { |
||
126 | assert(isset($state['ReturnCallback'])); |
||
127 | |||
128 | // the default implementation just copies over the previous authentication data |
||
129 | $session = Session::getSessionFromRequest(); |
||
130 | $data = $session->getAuthState($this->authId); |
||
131 | if ($data === null) { |
||
132 | throw new Error\NoState(); |
||
133 | } |
||
134 | |||
135 | foreach ($data as $k => $v) { |
||
136 | $state[$k] = $v; |
||
137 | } |
||
138 | } |
||
139 | |||
140 | |||
141 | /** |
||
142 | * Complete authentication. |
||
143 | * |
||
144 | * This function should be called if authentication has completed. It will never return, |
||
145 | * except in the case of exceptions. Exceptions thrown from this page should not be caught, |
||
146 | * but should instead be passed to the top-level exception handler. |
||
147 | * |
||
148 | * @param array &$state Information about the current authentication. |
||
149 | * @return void |
||
150 | */ |
||
151 | public static function completeAuth(&$state) |
||
152 | { |
||
153 | assert(is_array($state)); |
||
154 | assert(array_key_exists('LoginCompletedHandler', $state)); |
||
155 | |||
156 | State::deleteState($state); |
||
157 | |||
158 | $func = $state['LoginCompletedHandler']; |
||
159 | assert(is_callable($func)); |
||
160 | |||
161 | call_user_func($func, $state); |
||
0 ignored issues
–
show
|
|||
162 | assert(false); |
||
163 | } |
||
164 | |||
165 | |||
166 | /** |
||
167 | * Start authentication. |
||
168 | * |
||
169 | * This method never returns. |
||
170 | * |
||
171 | * @param string|array $return The URL or function we should direct the user to after authentication. If using a |
||
172 | * URL obtained from user input, please make sure to check it by calling \SimpleSAML\Utils\HTTP::checkURLAllowed(). |
||
173 | * @param string|null $errorURL The URL we should direct the user to after failed authentication. Can be null, in |
||
174 | * which case a standard error page will be shown. If using a URL obtained from user input, please make sure to |
||
175 | * check it by calling \SimpleSAML\Utils\HTTP::checkURLAllowed(). |
||
176 | * @param array $params Extra information about the login. Different authentication requestors may provide different |
||
177 | * information. Optional, will default to an empty array. |
||
178 | * @return void |
||
179 | */ |
||
180 | public function initLogin($return, $errorURL = null, array $params = []) |
||
181 | { |
||
182 | assert(is_string($return) || is_array($return)); |
||
183 | assert(is_string($errorURL) || $errorURL === null); |
||
184 | |||
185 | $state = array_merge($params, [ |
||
186 | '\SimpleSAML\Auth\DefaultAuth.id' => $this->authId, // TODO: remove in 2.0 |
||
187 | '\SimpleSAML\Auth\Source.id' => $this->authId, |
||
188 | '\SimpleSAML\Auth\DefaultAuth.Return' => $return, // TODO: remove in 2.0 |
||
189 | '\SimpleSAML\Auth\Source.Return' => $return, |
||
190 | '\SimpleSAML\Auth\DefaultAuth.ErrorURL' => $errorURL, // TODO: remove in 2.0 |
||
191 | '\SimpleSAML\Auth\Source.ErrorURL' => $errorURL, |
||
192 | 'LoginCompletedHandler' => [get_class(), 'loginCompleted'], |
||
193 | 'LogoutCallback' => [get_class(), 'logoutCallback'], |
||
194 | 'LogoutCallbackState' => [ |
||
195 | '\SimpleSAML\Auth\DefaultAuth.logoutSource' => $this->authId, // TODO: remove in 2.0 |
||
196 | '\SimpleSAML\Auth\Source.logoutSource' => $this->authId, |
||
197 | ], |
||
198 | ]); |
||
199 | |||
200 | if (is_string($return)) { |
||
201 | $state['\SimpleSAML\Auth\DefaultAuth.ReturnURL'] = $return; // TODO: remove in 2.0 |
||
202 | $state['\SimpleSAML\Auth\Source.ReturnURL'] = $return; |
||
203 | } |
||
204 | |||
205 | if ($errorURL !== null) { |
||
206 | $state[State::EXCEPTION_HANDLER_URL] = $errorURL; |
||
207 | } |
||
208 | |||
209 | try { |
||
210 | $this->authenticate($state); |
||
211 | } catch (Error\Exception $e) { |
||
212 | State::throwException($state, $e); |
||
213 | } catch (\Exception $e) { |
||
214 | $e = new Error\UnserializableException($e); |
||
215 | State::throwException($state, $e); |
||
216 | } |
||
217 | self::loginCompleted($state); |
||
218 | } |
||
219 | |||
220 | |||
221 | /** |
||
222 | * Called when a login operation has finished. |
||
223 | * |
||
224 | * This method never returns. |
||
225 | * |
||
226 | * @param array $state The state after the login has completed. |
||
227 | * @return void |
||
228 | */ |
||
229 | public static function loginCompleted($state) |
||
230 | { |
||
231 | assert(is_array($state)); |
||
232 | assert(array_key_exists('\SimpleSAML\Auth\Source.Return', $state)); |
||
233 | assert(array_key_exists('\SimpleSAML\Auth\Source.id', $state)); |
||
234 | assert(array_key_exists('Attributes', $state)); |
||
235 | assert(!array_key_exists('LogoutState', $state) || is_array($state['LogoutState'])); |
||
236 | |||
237 | $return = $state['\SimpleSAML\Auth\Source.Return']; |
||
238 | |||
239 | // save session state |
||
240 | $session = Session::getSessionFromRequest(); |
||
241 | $authId = $state['\SimpleSAML\Auth\Source.id']; |
||
242 | $session->doLogin($authId, State::getPersistentAuthData($state)); |
||
243 | |||
244 | if (is_string($return)) { |
||
245 | // redirect... |
||
246 | Utils\HTTP::redirectTrustedURL($return); |
||
247 | } else { |
||
248 | call_user_func($return, $state); |
||
0 ignored issues
–
show
$return can contain request data and is used in code execution context(s) leading to a potential security vulnerability.
15 paths for user data to reach this point
1. Path:
Read tainted data from array, and
$protocol . '://' . $hostname . $port . $_SERVER['REQUEST_URI'] is returned
in lib/SimpleSAML/Utils/HTTP.php on line 856
3. Path:
Read from
$_REQUEST, and $_REQUEST['saml:idp'] is assigned to $options
in modules/core/www/as_login.php on line 29
4. Path:
Read from
$_REQUEST, and (string)$_REQUEST['RelayState'] is assigned to $relayState
in modules/saml/lib/IdP/SAML2.php on line 312
5. Path:
Read from
$_REQUEST, and (string)$_REQUEST['idp'] is assigned to $idp
in modules/core/www/idp/logout-iframe-post.php on line 6
6. Path:
Read tainted data from array, and Data is passed through
substr() , and self::getBaseURL() . $url_path . substr($_SERVER['REQUEST_URI'], $uri_pos + strlen($url_path)) is returned
in lib/SimpleSAML/Utils/HTTP.php on line 859
7. Path:
Read from
$_REQUEST, and (string)$_REQUEST['shire'] is assigned to $shire
in modules/saml/lib/IdP/SAML1.php on line 211
8. Path:
Read tainted data from array, and
$_SERVER['HTTP_HOST'] is assigned to $current
in lib/SimpleSAML/Utils/HTTP.php on line 64
9. Path:
Read from
$_REQUEST, and Data is passed through checkURLAllowed()
in modules/core/www/as_login.php on line 21
10. Path:
Read from
$_REQUEST, and (string)IssetNode ? $_REQUEST['spentityid'] : $_REQUEST['providerId'] is assigned to $spEntityId
in modules/saml/lib/IdP/SAML2.php on line 308
11. Path:
Read from
$_REQUEST, and (string)$_REQUEST['target'] is assigned to $relayState
in modules/saml/lib/IdP/SAML2.php on line 314
12. Path:
Read from
$_REQUEST, and (string)$_REQUEST['NameIDFormat'] is assigned to $nameIDFormat
in modules/saml/lib/IdP/SAML2.php on line 326
13. Path:
Read from
$_REQUEST, and (string)$_REQUEST['as'] is assigned to $asId
in modules/core/www/authenticate.php on line 13
14. Path:
Read from
$_REQUEST, and $_REQUEST['target'] is assigned to $target
in modules/saml/lib/IdP/SAML1.php on line 214
15. Path:
Read from
$_REQUEST, and Simple::__construct() is called
in modules/core/www/as_login.php on line 32
General Strategies to prevent injectionIn general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values:
if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) {
throw new \InvalidArgumentException('This input is not allowed.');
}
For numeric data, we recommend to explicitly cast the data: $sanitized = (integer) $tainted;
Loading history...
|
|||
249 | } |
||
250 | assert(false); |
||
251 | } |
||
252 | |||
253 | |||
254 | /** |
||
255 | * Log out from this authentication source. |
||
256 | * |
||
257 | * This function should be overridden if the authentication source requires special |
||
258 | * steps to complete a logout operation. |
||
259 | * |
||
260 | * If the logout process requires a redirect, the state should be saved. Once the |
||
261 | * logout operation is completed, the state should be restored, and completeLogout |
||
262 | * should be called with the state. If this operation can be completed without |
||
263 | * showing the user a page, or redirecting, this function should return. |
||
264 | * |
||
265 | * @param array &$state Information about the current logout operation. |
||
266 | * @return void |
||
267 | */ |
||
268 | public function logout(&$state) |
||
269 | { |
||
270 | assert(is_array($state)); |
||
271 | // default logout handler which doesn't do anything |
||
272 | } |
||
273 | |||
274 | |||
275 | /** |
||
276 | * Complete logout. |
||
277 | * |
||
278 | * This function should be called after logout has completed. It will never return, |
||
279 | * except in the case of exceptions. Exceptions thrown from this page should not be caught, |
||
280 | * but should instead be passed to the top-level exception handler. |
||
281 | * |
||
282 | * @param array &$state Information about the current authentication. |
||
283 | * @return void |
||
284 | */ |
||
285 | public static function completeLogout(&$state) |
||
286 | { |
||
287 | assert(is_array($state)); |
||
288 | assert(array_key_exists('LogoutCompletedHandler', $state)); |
||
289 | |||
290 | State::deleteState($state); |
||
291 | |||
292 | $func = $state['LogoutCompletedHandler']; |
||
293 | assert(is_callable($func)); |
||
294 | |||
295 | call_user_func($func, $state); |
||
0 ignored issues
–
show
$func can contain request data and is used in code execution context(s) leading to a potential security vulnerability.
13 paths for user data to reach this point
2. Path:
Read from
$_REQUEST, and Data is passed through checkURLAllowed() , and IdP::doLogoutRedirect() is called
in www/saml2/idp/SingleLogoutService.php on line 20
3. Path:
ParameterBag::get() returns request data
in vendor/symfony/http-foundation/ParameterBag.php on line 82
4. Path:
Read from
$_REQUEST, and (string)$_REQUEST['idp'] is assigned to $idp
in modules/core/www/idp/logout-iframe-post.php on line 6
5. Path:
Read from
$_GET, and Data is passed through checkURLAllowed() , and IdP::doLogoutRedirect() is called
in www/saml2/idp/initSLO.php on line 15
6. Path:
Read tainted data from array, and Data is passed through
substr() , and substr($_SERVER['PATH_INFO'], 1) is assigned to $sourceId
in modules/saml/www/sp/saml2-acs.php on line 11
7. Path:
Read tainted data from array, and
$protocol . '://' . $hostname . $port . $_SERVER['REQUEST_URI'] is returned
in lib/SimpleSAML/Utils/HTTP.php on line 856
9. Path:
Read from
$_REQUEST, and (string)$_REQUEST['RelayState'] is assigned to $relayState
in modules/core/www/idp/logout-iframe-post.php on line 16
10. Path:
Session::setData() is called
in modules/multiauth/lib/Auth/Source/MultiAuth.php on line 211
11. Path:
Read tainted data from array, and
$_SERVER['HTTP_HOST'] is assigned to $current
in lib/SimpleSAML/Utils/HTTP.php on line 64
12. Path:
Read tainted data from array, and Data is passed through
substr() , and self::getBaseURL() . $url_path . substr($_SERVER['REQUEST_URI'], $uri_pos + strlen($url_path)) is returned
in lib/SimpleSAML/Utils/HTTP.php on line 859
13. Path:
ConfigurationError::__construct() is called
in lib/SimpleSAML/Error/CriticalConfigurationError.php on line 64
General Strategies to prevent injectionIn general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values:
if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) {
throw new \InvalidArgumentException('This input is not allowed.');
}
For numeric data, we recommend to explicitly cast the data: $sanitized = (integer) $tainted;
Loading history...
|
|||
296 | assert(false); |
||
297 | } |
||
298 | |||
299 | |||
300 | /** |
||
301 | * Create authentication source object from configuration array. |
||
302 | * |
||
303 | * This function takes an array with the configuration for an authentication source object, |
||
304 | * and returns the object. |
||
305 | * |
||
306 | * @param string $authId The authentication source identifier. |
||
307 | * @param array $config The configuration. |
||
308 | * |
||
309 | * @return \SimpleSAML\Auth\Source The parsed authentication source. |
||
310 | * @throws \Exception If the authentication source is invalid. |
||
311 | */ |
||
312 | private static function parseAuthSource(string $authId, array $config): Source |
||
313 | { |
||
314 | self::validateSource($config, $authId); |
||
315 | |||
316 | $id = $config[0]; |
||
317 | $info = ['AuthId' => $authId]; |
||
318 | $authSource = null; |
||
319 | |||
320 | unset($config[0]); |
||
321 | |||
322 | try { |
||
323 | // Check whether or not there's a factory responsible for instantiating our Auth Source instance |
||
324 | $factoryClass = Module::resolveClass( |
||
325 | $id, |
||
326 | 'Auth\Source\Factory', |
||
327 | '\SimpleSAML\Auth\SourceFactory' |
||
328 | ); |
||
329 | |||
330 | /** @var SourceFactory $factory */ |
||
331 | $factory = new $factoryClass(); |
||
332 | $authSource = $factory->create($info, $config); |
||
333 | } catch (\Exception $e) { |
||
334 | // If not, instantiate the Auth Source here |
||
335 | $className = Module::resolveClass($id, 'Auth\Source', '\SimpleSAML\Auth\Source'); |
||
336 | $authSource = new $className($info, $config); |
||
337 | } |
||
338 | |||
339 | /** @var \SimpleSAML\Auth\Source */ |
||
340 | return $authSource; |
||
341 | } |
||
342 | |||
343 | |||
344 | /** |
||
345 | * Retrieve authentication source. |
||
346 | * |
||
347 | * This function takes an id of an authentication source, and returns the |
||
348 | * AuthSource object. If no authentication source with the given id can be found, |
||
349 | * NULL will be returned. |
||
350 | * |
||
351 | * If the $type parameter is specified, this function will return an |
||
352 | * authentication source of the given type. If no authentication source or if an |
||
353 | * authentication source of a different type is found, an exception will be thrown. |
||
354 | * |
||
355 | * @param string $authId The authentication source identifier. |
||
356 | * @param string|null $type The type of authentication source. If NULL, any type will be accepted. |
||
357 | * |
||
358 | * @return \SimpleSAML\Auth\Source|null The AuthSource object, or NULL if no authentication |
||
359 | * source with the given identifier is found. |
||
360 | * @throws \SimpleSAML\Error\Exception If no such authentication source is found or it is invalid. |
||
361 | */ |
||
362 | public static function getById($authId, $type = null) |
||
363 | { |
||
364 | assert(is_string($authId)); |
||
365 | assert($type === null || is_string($type)); |
||
366 | |||
367 | // for now - load and parse config file |
||
368 | $config = Configuration::getConfig('authsources.php'); |
||
369 | |||
370 | $authConfig = $config->getArray($authId, null); |
||
371 | if ($authConfig === null) { |
||
372 | if ($type !== null) { |
||
373 | throw new Error\Exception( |
||
374 | 'No authentication source with id ' . |
||
375 | var_export($authId, true) . ' found.' |
||
376 | ); |
||
377 | } |
||
378 | return null; |
||
379 | } |
||
380 | |||
381 | $ret = self::parseAuthSource($authId, $authConfig); |
||
382 | |||
383 | if ($type === null || $ret instanceof $type) { |
||
384 | return $ret; |
||
385 | } |
||
386 | |||
387 | // the authentication source doesn't have the correct type |
||
388 | throw new Error\Exception( |
||
389 | 'Invalid type of authentication source ' . |
||
390 | var_export($authId, true) . '. Was ' . var_export(get_class($ret), true) . |
||
391 | ', should be ' . var_export($type, true) . '.' |
||
392 | ); |
||
393 | } |
||
394 | |||
395 | |||
396 | /** |
||
397 | * Called when the authentication source receives an external logout request. |
||
398 | * |
||
399 | * @param array $state State array for the logout operation. |
||
400 | * @return void |
||
401 | */ |
||
402 | public static function logoutCallback($state) |
||
403 | { |
||
404 | assert(is_array($state)); |
||
405 | assert(array_key_exists('\SimpleSAML\Auth\Source.logoutSource', $state)); |
||
406 | |||
407 | $source = $state['\SimpleSAML\Auth\Source.logoutSource']; |
||
408 | |||
409 | $session = Session::getSessionFromRequest(); |
||
410 | if (!$session->isValid($source)) { |
||
411 | Logger::warning( |
||
412 | 'Received logout from an invalid authentication source ' . |
||
413 | var_export($source, true) |
||
414 | ); |
||
415 | |||
416 | return; |
||
417 | } |
||
418 | $session->doLogout($source); |
||
419 | } |
||
420 | |||
421 | |||
422 | /** |
||
423 | * Add a logout callback association. |
||
424 | * |
||
425 | * This function adds a logout callback association, which allows us to initiate |
||
426 | * a logout later based on the $assoc-value. |
||
427 | * |
||
428 | * Note that logout-associations exists per authentication source. A logout association |
||
429 | * from one authentication source cannot be called from a different authentication source. |
||
430 | * |
||
431 | * @param string $assoc The identifier for this logout association. |
||
432 | * @param array $state The state array passed to the authenticate-function. |
||
433 | * @return void |
||
434 | */ |
||
435 | protected function addLogoutCallback($assoc, $state) |
||
436 | { |
||
437 | assert(is_string($assoc)); |
||
438 | assert(is_array($state)); |
||
439 | |||
440 | if (!array_key_exists('LogoutCallback', $state)) { |
||
441 | // the authentication requester doesn't have a logout callback |
||
442 | return; |
||
443 | } |
||
444 | $callback = $state['LogoutCallback']; |
||
445 | |||
446 | if (array_key_exists('LogoutCallbackState', $state)) { |
||
447 | $callbackState = $state['LogoutCallbackState']; |
||
448 | } else { |
||
449 | $callbackState = []; |
||
450 | } |
||
451 | |||
452 | $id = strlen($this->authId) . ':' . $this->authId . $assoc; |
||
453 | |||
454 | $data = [ |
||
455 | 'callback' => $callback, |
||
456 | 'state' => $callbackState, |
||
457 | ]; |
||
458 | |||
459 | $session = Session::getSessionFromRequest(); |
||
460 | $session->setData( |
||
461 | '\SimpleSAML\Auth\Source.LogoutCallbacks', |
||
462 | $id, |
||
463 | $data, |
||
464 | Session::DATA_TIMEOUT_SESSION_END |
||
465 | ); |
||
466 | } |
||
467 | |||
468 | |||
469 | /** |
||
470 | * Call a logout callback based on association. |
||
471 | * |
||
472 | * This function calls a logout callback based on an association saved with |
||
473 | * addLogoutCallback(...). |
||
474 | * |
||
475 | * This function always returns. |
||
476 | * |
||
477 | * @param string $assoc The logout association which should be called. |
||
478 | * @return void |
||
479 | */ |
||
480 | protected function callLogoutCallback($assoc) |
||
481 | { |
||
482 | assert(is_string($assoc)); |
||
483 | |||
484 | $id = strlen($this->authId) . ':' . $this->authId . $assoc; |
||
485 | |||
486 | $session = Session::getSessionFromRequest(); |
||
487 | |||
488 | $data = $session->getData('\SimpleSAML\Auth\Source.LogoutCallbacks', $id); |
||
489 | if ($data === null) { |
||
490 | // FIXME: fix for IdP-first flow (issue 397) -> reevaluate logout callback infrastructure |
||
491 | $session->doLogout($this->authId); |
||
492 | |||
493 | return; |
||
494 | } |
||
495 | |||
496 | assert(is_array($data)); |
||
497 | assert(array_key_exists('callback', $data)); |
||
498 | assert(array_key_exists('state', $data)); |
||
499 | |||
500 | $callback = $data['callback']; |
||
501 | $callbackState = $data['state']; |
||
502 | |||
503 | $session->deleteData('\SimpleSAML\Auth\Source.LogoutCallbacks', $id); |
||
504 | call_user_func($callback, $callbackState); |
||
0 ignored issues
–
show
$callback can contain request data and is used in code execution context(s) leading to a potential security vulnerability.
15 paths for user data to reach this point
1. Path:
Session::setData() is called
in modules/multiauth/lib/Auth/Source/MultiAuth.php on line 211
4. Path:
Read tainted data from array, and Data is passed through
substr() , and substr($_SERVER['PATH_INFO'], 1) is assigned to $sourceId
in modules/saml/www/sp/saml2-acs.php on line 11
5. Path:
Read tainted data from array, and
$_SERVER['HTTP_HOST'] is assigned to $current
in lib/SimpleSAML/Utils/HTTP.php on line 64
6. Path:
Read from
$_REQUEST, and Data is passed through checkURLAllowed() , and IdP::doLogoutRedirect() is called
in www/saml2/idp/SingleLogoutService.php on line 20
7. Path:
Read tainted data from array, and Data is passed through
substr() , and self::getBaseURL() . $url_path . substr($_SERVER['REQUEST_URI'], $uri_pos + strlen($url_path)) is returned
in lib/SimpleSAML/Utils/HTTP.php on line 859
8. Path:
Read from
$_REQUEST, and (string)$_REQUEST['RelayState'] is assigned to $relayState
in modules/core/www/idp/logout-iframe-post.php on line 16
9. Path:
Read from
$_REQUEST, and (string)$_REQUEST['idp'] is assigned to $idp
in modules/core/www/idp/logout-iframe-post.php on line 6
11. Path:
ConfigurationError::__construct() is called
in lib/SimpleSAML/Error/CriticalConfigurationError.php on line 64
12. Path:
Read from
$_GET, and Data is passed through checkURLAllowed() , and IdP::doLogoutRedirect() is called
in www/saml2/idp/initSLO.php on line 15
13. Path:
ParameterBag::get() returns request data
in vendor/symfony/http-foundation/ParameterBag.php on line 82
14. Path:
Read tainted data from array, and
$protocol . '://' . $hostname . $port . $_SERVER['REQUEST_URI'] is returned
in lib/SimpleSAML/Utils/HTTP.php on line 856
General Strategies to prevent injectionIn general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values:
if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) {
throw new \InvalidArgumentException('This input is not allowed.');
}
For numeric data, we recommend to explicitly cast the data: $sanitized = (integer) $tainted;
Loading history...
|
|||
505 | } |
||
506 | |||
507 | |||
508 | /** |
||
509 | * Retrieve list of authentication sources. |
||
510 | * |
||
511 | * @return array The id of all authentication sources. |
||
512 | */ |
||
513 | public static function getSources() |
||
514 | { |
||
515 | $config = Configuration::getOptionalConfig('authsources.php'); |
||
516 | |||
517 | return $config->getOptions(); |
||
518 | } |
||
519 | |||
520 | |||
521 | /** |
||
522 | * Make sure that the first element of an auth source is its identifier. |
||
523 | * |
||
524 | * @param array $source An array with the auth source configuration. |
||
525 | * @param string $id The auth source identifier. |
||
526 | * |
||
527 | * @throws \Exception If the first element of $source is not an identifier for the auth source. |
||
528 | * @return void |
||
529 | */ |
||
530 | protected static function validateSource($source, $id) |
||
531 | { |
||
532 | if (!array_key_exists(0, $source) || !is_string($source[0])) { |
||
533 | throw new \Exception( |
||
534 | 'Invalid authentication source \'' . $id . |
||
535 | '\': First element must be a string which identifies the authentication source.' |
||
536 | ); |
||
537 | } |
||
538 | } |
||
539 | } |
||
540 |
$func
can contain request data and is used in code execution context(s) leading to a potential security vulnerability.13 paths for user data to reach this point
in lib/SimpleSAML/Auth/State.php on line 220
$data
in lib/SimpleSAML/Session.php on line 888
array('expires' => $expires, 'timeout' => $timeout, 'data' => $data)
is assigned to$dataInfo
in lib/SimpleSAML/Session.php on line 913
$dataInfo
is assigned to property Session::$dataStorein lib/SimpleSAML/Session.php on line 923
$this->dataStore[$type][$id]['data']
is returnedin lib/SimpleSAML/Session.php on line 980
$session->getData('\SimpleSAML\Auth\State', $sid['id'])
is assigned to$state
in lib/SimpleSAML/Auth/State.php on line 280
unserialize()
, andunserialize($state)
is assigned to$state
in lib/SimpleSAML/Auth/State.php on line 295
$state
is returnedin lib/SimpleSAML/Auth/State.php on line 319
SimpleSAML\Auth\State::loadState($stateId, 'core:short_sso_interval')
is assigned to$state
in modules/core/lib/Controller/Exception.php on line 151
in modules/core/lib/Controller/Exception.php on line 156
$state
in lib/SimpleSAML/Auth/ProcessingChain.php on line 239
in lib/SimpleSAML/Auth/ProcessingChain.php on line 266
$state
in lib/SimpleSAML/Auth/State.php on line 205
serialize()
, andserialize($state)
is assigned to$serializedState
in lib/SimpleSAML/Auth/State.php on line 218
in lib/SimpleSAML/Auth/State.php on line 220
$data
in lib/SimpleSAML/Session.php on line 888
array('expires' => $expires, 'timeout' => $timeout, 'data' => $data)
is assigned to$dataInfo
in lib/SimpleSAML/Session.php on line 913
$dataInfo
is assigned to property Session::$dataStorein lib/SimpleSAML/Session.php on line 923
$this->dataStore[$type][$id]['data']
is returnedin lib/SimpleSAML/Session.php on line 980
$session->getData('\SimpleSAML\Auth\State', $sid['id'])
is assigned to$state
in lib/SimpleSAML/Auth/State.php on line 280
unserialize()
, andunserialize($state)
is assigned to$state
in lib/SimpleSAML/Auth/State.php on line 295
$state
is returnedin lib/SimpleSAML/Auth/State.php on line 319
SimpleSAML\Auth\State::loadState($authStateId, self::STAGEID)
is assigned to$state
in modules/core/lib/Auth/UserPassBase.php on line 300
$attributes
is assigned to$state
in modules/core/lib/Auth/UserPassBase.php on line 328
in modules/core/lib/Auth/UserPassBase.php on line 331
$state
in lib/SimpleSAML/Auth/Source.php on line 151
$state['LoginCompletedHandler']
is assigned to$func
in lib/SimpleSAML/Auth/Source.php on line 158
$_REQUEST,
and(string)$_REQUEST['RelayState']
is assigned to$relayState
in modules/core/www/idp/logout-iframe-post.php on line 16$_REQUEST,
and(string)$_REQUEST['RelayState']
is assigned to$relayState
in modules/core/www/idp/logout-iframe-post.php on line 16
in modules/core/www/idp/logout-iframe-post.php on line 58
$relayState
in vendor/simplesamlphp/saml2/src/SAML2/Message.php on line 439
$relayState
is assigned to property LogoutRequest::$relayStatein vendor/simplesamlphp/saml2/src/SAML2/Message.php on line 443
$this->relayState
is returnedin vendor/simplesamlphp/saml2/src/SAML2/Message.php on line 429
array('Responder' => array('\SimpleSAML\Module\saml\IdP\SAML2', 'sendLogoutResponse'), 'saml:SPEntityId' => $spEntityId, 'saml:RelayState' => $message->getRelayState(), 'saml:RequestId' => $message->getId())
is assigned to$state
in modules/saml/lib/IdP/SAML2.php on line 663
in modules/saml/lib/IdP/SAML2.php on line 671
$state
in lib/SimpleSAML/IdP.php on line 484
$this->id
is assigned to$state
in lib/SimpleSAML/IdP.php on line 489
in lib/SimpleSAML/IdP.php on line 506
$state
in lib/SimpleSAML/IdP/IFrameLogoutHandler.php on line 47
in lib/SimpleSAML/IdP/IFrameLogoutHandler.php on line 76
$state
in lib/SimpleSAML/Auth/State.php on line 205
serialize()
, andserialize($state)
is assigned to$serializedState
in lib/SimpleSAML/Auth/State.php on line 218
in lib/SimpleSAML/Auth/State.php on line 220
$data
in lib/SimpleSAML/Session.php on line 888
array('expires' => $expires, 'timeout' => $timeout, 'data' => $data)
is assigned to$dataInfo
in lib/SimpleSAML/Session.php on line 913
$dataInfo
is assigned to property Session::$dataStorein lib/SimpleSAML/Session.php on line 923
$this->dataStore[$type][$id]['data']
is returnedin lib/SimpleSAML/Session.php on line 980
$session->getData('\SimpleSAML\Auth\State', $sid['id'])
is assigned to$state
in lib/SimpleSAML/Auth/State.php on line 280
unserialize()
, andunserialize($state)
is assigned to$state
in lib/SimpleSAML/Auth/State.php on line 295
$state
is returnedin lib/SimpleSAML/Auth/State.php on line 319
SimpleSAML\Auth\State::loadState($authStateId, self::STAGEID)
is assigned to$state
in modules/core/lib/Auth/UserPassBase.php on line 300
in modules/core/lib/Auth/UserPassBase.php on line 331
$state
in lib/SimpleSAML/Auth/Source.php on line 151
$state['LoginCompletedHandler']
is assigned to$func
in lib/SimpleSAML/Auth/Source.php on line 158
in modules/multiauth/lib/Auth/Source/MultiAuth.php on line 211
$data
in lib/SimpleSAML/Session.php on line 888
array('expires' => $expires, 'timeout' => $timeout, 'data' => $data)
is assigned to$dataInfo
in lib/SimpleSAML/Session.php on line 913
$dataInfo
is assigned to property Session::$dataStorein lib/SimpleSAML/Session.php on line 923
$this->dataStore[$type][$id]['data']
is returnedin lib/SimpleSAML/Session.php on line 980
$session->getData('\SimpleSAML\Auth\State', $sid['id'])
is assigned to$state
in lib/SimpleSAML/Auth/State.php on line 280
unserialize()
, andunserialize($state)
is assigned to$state
in lib/SimpleSAML/Auth/State.php on line 295
$state
is returnedin lib/SimpleSAML/Auth/State.php on line 319
SimpleSAML\Auth\State::loadState($authStateId, SimpleSAML\Module\multiauth\Auth\Source\MultiAuth::STAGEID)
is assigned to$state
in modules/multiauth/www/selectsource.php on line 20
$state['multiauth:preselect']
is assigned to$source
in modules/multiauth/www/selectsource.php on line 49
in modules/multiauth/www/selectsource.php on line 50
$authId
in modules/multiauth/lib/Auth/Source/MultiAuth.php on line 186
in modules/multiauth/lib/Auth/Source/MultiAuth.php on line 211
$data
in lib/SimpleSAML/Session.php on line 888
array('expires' => $expires, 'timeout' => $timeout, 'data' => $data)
is assigned to$dataInfo
in lib/SimpleSAML/Session.php on line 913
$dataInfo
is assigned to property Session::$dataStorein lib/SimpleSAML/Session.php on line 923
$this->dataStore[$type][$id]['data']
is returnedin lib/SimpleSAML/Session.php on line 980
$session->getData('\SimpleSAML\Auth\State', $sid['id'])
is assigned to$state
in lib/SimpleSAML/Auth/State.php on line 280
unserialize()
, andunserialize($state)
is assigned to$state
in lib/SimpleSAML/Auth/State.php on line 295
$state
is returnedin lib/SimpleSAML/Auth/State.php on line 319
SimpleSAML\Auth\State::loadState($authStateId, self::STAGEID)
is assigned to$state
in modules/core/lib/Auth/UserPassBase.php on line 300
in modules/core/lib/Auth/UserPassBase.php on line 331
$state
in lib/SimpleSAML/Auth/Source.php on line 151
$state['LoginCompletedHandler']
is assigned to$func
in lib/SimpleSAML/Auth/Source.php on line 158
$_GET,
and Data is passed throughcheckURLAllowed()
, and IdP::doLogoutRedirect() is called in www/saml2/idp/initSLO.php on line 15$_GET,
and Data is passed throughcheckURLAllowed()
, and IdP::doLogoutRedirect() is calledin www/saml2/idp/initSLO.php on line 15
$url
in lib/SimpleSAML/IdP.php on line 548
array('Responder' => array('\SimpleSAML\IdP', 'finishLogoutRedirect'), 'core:Logout:URL' => $url)
is assigned to$state
in lib/SimpleSAML/IdP.php on line 552
in lib/SimpleSAML/IdP.php on line 557
$state
in lib/SimpleSAML/IdP.php on line 484
in lib/SimpleSAML/IdP.php on line 499
$state
in lib/SimpleSAML/Auth/State.php on line 205
serialize()
, andserialize($state)
is assigned to$serializedState
in lib/SimpleSAML/Auth/State.php on line 218
in lib/SimpleSAML/Auth/State.php on line 220
$data
in lib/SimpleSAML/Session.php on line 888
array('expires' => $expires, 'timeout' => $timeout, 'data' => $data)
is assigned to$dataInfo
in lib/SimpleSAML/Session.php on line 913
$dataInfo
is assigned to property Session::$dataStorein lib/SimpleSAML/Session.php on line 923
$this->dataStore[$type][$id]['data']
is returnedin lib/SimpleSAML/Session.php on line 980
$session->getData('\SimpleSAML\Auth\State', $sid['id'])
is assigned to$state
in lib/SimpleSAML/Auth/State.php on line 280
unserialize()
, andunserialize($state)
is assigned to$state
in lib/SimpleSAML/Auth/State.php on line 295
$state
is returnedin lib/SimpleSAML/Auth/State.php on line 319
SimpleSAML\Auth\State::loadState($authStateId, self::STAGEID)
is assigned to$state
in modules/core/lib/Auth/UserPassBase.php on line 300
$attributes
is assigned to$state
in modules/core/lib/Auth/UserPassBase.php on line 328
in modules/core/lib/Auth/UserPassBase.php on line 331
$state
in lib/SimpleSAML/Auth/Source.php on line 151
$state['LoginCompletedHandler']
is assigned to$func
in lib/SimpleSAML/Auth/Source.php on line 158
$protocol . '://' . $hostname . $port . $_SERVER['REQUEST_URI']
is returned in lib/SimpleSAML/Utils/HTTP.php on line 856$protocol . '://' . $hostname . $port . $_SERVER['REQUEST_URI']
is returnedin lib/SimpleSAML/Utils/HTTP.php on line 856
SimpleSAML\Utils\HTTP::getSelfURL()
is assigned to$url
in lib/SimpleSAML/Error/NotFound.php on line 36
in lib/SimpleSAML/Error/NotFound.php on line 42
$errorCode
in lib/SimpleSAML/Error/Error.php on line 81
$errorCode
is assigned to property Error::$errorCodein lib/SimpleSAML/Error/Error.php on line 91
$this->errorCode
is returnedin lib/SimpleSAML/Error/Error.php on line 125
$e->getErrorCode()
is assigned to$errorCode
in modules/core/www/loginuserpassorg.php on line 112
array('code' => $errorCode, 'params' => $errorParams)
is assigned to$state
in modules/core/www/loginuserpassorg.php on line 114
in modules/core/www/loginuserpassorg.php on line 119
$state
in lib/SimpleSAML/Auth/State.php on line 205
serialize()
, andserialize($state)
is assigned to$serializedState
in lib/SimpleSAML/Auth/State.php on line 218
in lib/SimpleSAML/Auth/State.php on line 220
$data
in lib/SimpleSAML/Session.php on line 888
array('expires' => $expires, 'timeout' => $timeout, 'data' => $data)
is assigned to$dataInfo
in lib/SimpleSAML/Session.php on line 913
$dataInfo
is assigned to property Session::$dataStorein lib/SimpleSAML/Session.php on line 923
$this->dataStore[$type][$id]['data']
is returnedin lib/SimpleSAML/Session.php on line 980
$session->getData('\SimpleSAML\Auth\State', $sid['id'])
is assigned to$state
in lib/SimpleSAML/Auth/State.php on line 280
unserialize()
, andunserialize($state)
is assigned to$state
in lib/SimpleSAML/Auth/State.php on line 295
$state
is returnedin lib/SimpleSAML/Auth/State.php on line 319
SimpleSAML\Auth\State::loadState($authStateId, self::STAGEID)
is assigned to$state
in modules/core/lib/Auth/UserPassBase.php on line 300
$attributes
is assigned to$state
in modules/core/lib/Auth/UserPassBase.php on line 328
in modules/core/lib/Auth/UserPassBase.php on line 331
$state
in lib/SimpleSAML/Auth/Source.php on line 151
$state['LoginCompletedHandler']
is assigned to$func
in lib/SimpleSAML/Auth/Source.php on line 158
$_SERVER['HTTP_HOST']
is assigned to$current
in lib/SimpleSAML/Utils/HTTP.php on line 64$_SERVER['HTTP_HOST']
is assigned to$current
in lib/SimpleSAML/Utils/HTTP.php on line 64
$current
is returnedin lib/SimpleSAML/Utils/HTTP.php on line 80
self::getServerHost()
is assigned to$hostname
in lib/SimpleSAML/Utils/HTTP.php on line 853
$protocol . '://' . $hostname . $port . $_SERVER['REQUEST_URI']
is returnedin lib/SimpleSAML/Utils/HTTP.php on line 856
SimpleSAML\Utils\HTTP::getSelfURL()
is assigned to$url
in lib/SimpleSAML/Error/NotFound.php on line 36
in lib/SimpleSAML/Error/NotFound.php on line 42
$errorCode
in lib/SimpleSAML/Error/Error.php on line 81
$errorCode
is assigned to property Error::$errorCodein lib/SimpleSAML/Error/Error.php on line 91
$this->errorCode
is returnedin lib/SimpleSAML/Error/Error.php on line 125
$e->getErrorCode()
is assigned to$errorCode
in modules/core/www/loginuserpassorg.php on line 112
array('code' => $errorCode, 'params' => $errorParams)
is assigned to$state
in modules/core/www/loginuserpassorg.php on line 114
in modules/core/www/loginuserpassorg.php on line 119
$state
in lib/SimpleSAML/Auth/State.php on line 205
serialize()
, andserialize($state)
is assigned to$serializedState
in lib/SimpleSAML/Auth/State.php on line 218
in lib/SimpleSAML/Auth/State.php on line 220
$data
in lib/SimpleSAML/Session.php on line 888
array('expires' => $expires, 'timeout' => $timeout, 'data' => $data)
is assigned to$dataInfo
in lib/SimpleSAML/Session.php on line 913
$dataInfo
is assigned to property Session::$dataStorein lib/SimpleSAML/Session.php on line 923
$this->dataStore[$type][$id]['data']
is returnedin lib/SimpleSAML/Session.php on line 980
$session->getData('\SimpleSAML\Auth\State', $sid['id'])
is assigned to$state
in lib/SimpleSAML/Auth/State.php on line 280
unserialize()
, andunserialize($state)
is assigned to$state
in lib/SimpleSAML/Auth/State.php on line 295
$state
is returnedin lib/SimpleSAML/Auth/State.php on line 319
SimpleSAML\Auth\State::loadState($authStateId, self::STAGEID)
is assigned to$state
in modules/core/lib/Auth/UserPassBase.php on line 300
$attributes
is assigned to$state
in modules/core/lib/Auth/UserPassBase.php on line 328
in modules/core/lib/Auth/UserPassBase.php on line 331
$state
in lib/SimpleSAML/Auth/Source.php on line 151
$state['LoginCompletedHandler']
is assigned to$func
in lib/SimpleSAML/Auth/Source.php on line 158
$_SERVER
in lib/SimpleSAML/Utils/HTTP.php on line 119$_SERVER
in lib/SimpleSAML/Utils/HTTP.php on line 119
in modules/core/lib/Auth/UserPassOrgBase.php on line 225
$stage
in lib/SimpleSAML/Auth/State.php on line 205
$stage
is assigned to$state
in lib/SimpleSAML/Auth/State.php on line 215
serialize()
, andserialize($state)
is assigned to$serializedState
in lib/SimpleSAML/Auth/State.php on line 218
in lib/SimpleSAML/Auth/State.php on line 220
$data
in lib/SimpleSAML/Session.php on line 888
array('expires' => $expires, 'timeout' => $timeout, 'data' => $data)
is assigned to$dataInfo
in lib/SimpleSAML/Session.php on line 913
$dataInfo
is assigned to property Session::$dataStorein lib/SimpleSAML/Session.php on line 923
$this->dataStore[$type][$id]['data']
is returnedin lib/SimpleSAML/Session.php on line 980
$session->getData('\SimpleSAML\Auth\State', $sid['id'])
is assigned to$state
in lib/SimpleSAML/Auth/State.php on line 280
unserialize()
, andunserialize($state)
is assigned to$state
in lib/SimpleSAML/Auth/State.php on line 295
$state
is returnedin lib/SimpleSAML/Auth/State.php on line 319
SimpleSAML\Auth\State::loadState($authStateId, self::STAGEID)
is assigned to$state
in modules/core/lib/Auth/UserPassBase.php on line 300
in modules/core/lib/Auth/UserPassBase.php on line 331
$state
in lib/SimpleSAML/Auth/Source.php on line 151
$state['LoginCompletedHandler']
is assigned to$func
in lib/SimpleSAML/Auth/Source.php on line 158
$_REQUEST,
and Data is passed throughcheckURLAllowed()
, and IdP::doLogoutRedirect() is called in www/saml2/idp/SingleLogoutService.php on line 20$_REQUEST,
and Data is passed throughcheckURLAllowed()
, and IdP::doLogoutRedirect() is calledin www/saml2/idp/SingleLogoutService.php on line 20
$url
in lib/SimpleSAML/IdP.php on line 548
array('Responder' => array('\SimpleSAML\IdP', 'finishLogoutRedirect'), 'core:Logout:URL' => $url)
is assigned to$state
in lib/SimpleSAML/IdP.php on line 552
in lib/SimpleSAML/IdP.php on line 557
$state
in lib/SimpleSAML/IdP.php on line 484
in lib/SimpleSAML/IdP.php on line 506
$state
in lib/SimpleSAML/IdP/IFrameLogoutHandler.php on line 47
in lib/SimpleSAML/IdP/IFrameLogoutHandler.php on line 76
$state
in lib/SimpleSAML/Auth/State.php on line 205
serialize()
, andserialize($state)
is assigned to$serializedState
in lib/SimpleSAML/Auth/State.php on line 218
in lib/SimpleSAML/Auth/State.php on line 220
$data
in lib/SimpleSAML/Session.php on line 888
array('expires' => $expires, 'timeout' => $timeout, 'data' => $data)
is assigned to$dataInfo
in lib/SimpleSAML/Session.php on line 913
$dataInfo
is assigned to property Session::$dataStorein lib/SimpleSAML/Session.php on line 923
$this->dataStore[$type][$id]['data']
is returnedin lib/SimpleSAML/Session.php on line 980
$session->getData('\SimpleSAML\Auth\State', $sid['id'])
is assigned to$state
in lib/SimpleSAML/Auth/State.php on line 280
unserialize()
, andunserialize($state)
is assigned to$state
in lib/SimpleSAML/Auth/State.php on line 295
$state
is returnedin lib/SimpleSAML/Auth/State.php on line 319
SimpleSAML\Auth\State::loadState($authStateId, self::STAGEID)
is assigned to$state
in modules/core/lib/Auth/UserPassBase.php on line 300
$attributes
is assigned to$state
in modules/core/lib/Auth/UserPassBase.php on line 328
in modules/core/lib/Auth/UserPassBase.php on line 331
$state
in lib/SimpleSAML/Auth/Source.php on line 151
$state['LoginCompletedHandler']
is assigned to$func
in lib/SimpleSAML/Auth/Source.php on line 158
substr()
, andsubstr($_SERVER['PATH_INFO'], 1)
is assigned to$sourceId
in modules/saml/www/sp/saml2-acs.php on line 11substr()
, andsubstr($_SERVER['PATH_INFO'], 1)
is assigned to$sourceId
in modules/saml/www/sp/saml2-acs.php on line 11
array('saml:sp:isUnsolicited' => true, 'saml:sp:AuthId' => $sourceId, 'saml:sp:RelayState' => SimpleSAML\Utils\HTTP::checkURLAllowed($spMetadata->getString('RelayState', $response->getRelayState())))
is assigned to$state
in modules/saml/www/sp/saml2-acs.php on line 126
in modules/saml/www/sp/saml2-acs.php on line 149
$state
in lib/SimpleSAML/Auth/State.php on line 356
in lib/SimpleSAML/Auth/State.php on line 363
$state
in lib/SimpleSAML/Auth/State.php on line 205
serialize()
, andserialize($state)
is assigned to$serializedState
in lib/SimpleSAML/Auth/State.php on line 218
in lib/SimpleSAML/Auth/State.php on line 220
$data
in lib/SimpleSAML/Session.php on line 888
array('expires' => $expires, 'timeout' => $timeout, 'data' => $data)
is assigned to$dataInfo
in lib/SimpleSAML/Session.php on line 913
$dataInfo
is assigned to property Session::$dataStorein lib/SimpleSAML/Session.php on line 923
$this->dataStore[$type][$id]['data']
is returnedin lib/SimpleSAML/Session.php on line 980
$session->getData('\SimpleSAML\Auth\State', $sid['id'])
is assigned to$state
in lib/SimpleSAML/Auth/State.php on line 280
unserialize()
, andunserialize($state)
is assigned to$state
in lib/SimpleSAML/Auth/State.php on line 295
$state
is returnedin lib/SimpleSAML/Auth/State.php on line 319
SimpleSAML\Auth\State::loadState($authStateId, self::STAGEID)
is assigned to$state
in modules/core/lib/Auth/UserPassBase.php on line 300
$attributes
is assigned to$state
in modules/core/lib/Auth/UserPassBase.php on line 328
in modules/core/lib/Auth/UserPassBase.php on line 331
$state
in lib/SimpleSAML/Auth/Source.php on line 151
$state['LoginCompletedHandler']
is assigned to$func
in lib/SimpleSAML/Auth/Source.php on line 158
$_REQUEST,
and(string)$_REQUEST['idp']
is assigned to$idp
in modules/core/www/idp/logout-iframe-post.php on line 6$_REQUEST,
and(string)$_REQUEST['idp']
is assigned to$idp
in modules/core/www/idp/logout-iframe-post.php on line 6
in modules/core/www/idp/logout-iframe-post.php on line 7
$id
in lib/SimpleSAML/IdP.php on line 131
in lib/SimpleSAML/IdP.php on line 139
$id
in lib/SimpleSAML/IdP.php on line 69
$id
is assigned to property IdP::$idin lib/SimpleSAML/IdP.php on line 71
$this->id
is assigned to$state
in lib/SimpleSAML/IdP.php on line 489
in lib/SimpleSAML/IdP.php on line 506
$state
in lib/SimpleSAML/IdP/IFrameLogoutHandler.php on line 47
in lib/SimpleSAML/IdP/IFrameLogoutHandler.php on line 76
$state
in lib/SimpleSAML/Auth/State.php on line 205
serialize()
, andserialize($state)
is assigned to$serializedState
in lib/SimpleSAML/Auth/State.php on line 218
in lib/SimpleSAML/Auth/State.php on line 220
$data
in lib/SimpleSAML/Session.php on line 888
array('expires' => $expires, 'timeout' => $timeout, 'data' => $data)
is assigned to$dataInfo
in lib/SimpleSAML/Session.php on line 913
$dataInfo
is assigned to property Session::$dataStorein lib/SimpleSAML/Session.php on line 923
$this->dataStore[$type][$id]['data']
is returnedin lib/SimpleSAML/Session.php on line 980
$session->getData('\SimpleSAML\Auth\State', $sid['id'])
is assigned to$state
in lib/SimpleSAML/Auth/State.php on line 280
unserialize()
, andunserialize($state)
is assigned to$state
in lib/SimpleSAML/Auth/State.php on line 295
$state
is returnedin lib/SimpleSAML/Auth/State.php on line 319
SimpleSAML\Auth\State::loadState($authStateId, self::STAGEID)
is assigned to$state
in modules/core/lib/Auth/UserPassBase.php on line 300
$attributes
is assigned to$state
in modules/core/lib/Auth/UserPassBase.php on line 328
in modules/core/lib/Auth/UserPassBase.php on line 331
$state
in lib/SimpleSAML/Auth/Source.php on line 151
$state['LoginCompletedHandler']
is assigned to$func
in lib/SimpleSAML/Auth/Source.php on line 158
substr()
, andself::getBaseURL() . $url_path . substr($_SERVER['REQUEST_URI'], $uri_pos + strlen($url_path))
is returned in lib/SimpleSAML/Utils/HTTP.php on line 859substr()
, andself::getBaseURL() . $url_path . substr($_SERVER['REQUEST_URI'], $uri_pos + strlen($url_path))
is returnedin lib/SimpleSAML/Utils/HTTP.php on line 859
SimpleSAML\Utils\HTTP::getSelfURL()
is assigned to$url
in lib/SimpleSAML/Error/NotFound.php on line 36
in lib/SimpleSAML/Error/NotFound.php on line 42
$errorCode
in lib/SimpleSAML/Error/Error.php on line 81
$errorCode
is assigned to property Error::$errorCodein lib/SimpleSAML/Error/Error.php on line 91
$this->errorCode
is returnedin lib/SimpleSAML/Error/Error.php on line 125
$e->getErrorCode()
is assigned to$errorCode
in modules/core/www/loginuserpass.php on line 87
array('code' => $errorCode, 'params' => $errorParams)
is assigned to$state
in modules/core/www/loginuserpass.php on line 89
in modules/core/www/loginuserpass.php on line 93
$state
in lib/SimpleSAML/Auth/State.php on line 205
serialize()
, andserialize($state)
is assigned to$serializedState
in lib/SimpleSAML/Auth/State.php on line 218
in lib/SimpleSAML/Auth/State.php on line 220
$data
in lib/SimpleSAML/Session.php on line 888
array('expires' => $expires, 'timeout' => $timeout, 'data' => $data)
is assigned to$dataInfo
in lib/SimpleSAML/Session.php on line 913
$dataInfo
is assigned to property Session::$dataStorein lib/SimpleSAML/Session.php on line 923
$this->dataStore[$type][$id]['data']
is returnedin lib/SimpleSAML/Session.php on line 980
$session->getData('\SimpleSAML\Auth\State', $sid['id'])
is assigned to$state
in lib/SimpleSAML/Auth/State.php on line 280
unserialize()
, andunserialize($state)
is assigned to$state
in lib/SimpleSAML/Auth/State.php on line 295
$state
is returnedin lib/SimpleSAML/Auth/State.php on line 319
SimpleSAML\Auth\State::loadState($authStateId, self::STAGEID)
is assigned to$state
in modules/core/lib/Auth/UserPassBase.php on line 300
$attributes
is assigned to$state
in modules/core/lib/Auth/UserPassBase.php on line 328
in modules/core/lib/Auth/UserPassBase.php on line 331
$state
in lib/SimpleSAML/Auth/Source.php on line 151
$state['LoginCompletedHandler']
is assigned to$func
in lib/SimpleSAML/Auth/Source.php on line 158
in vendor/symfony/http-foundation/ParameterBag.php on line 82
$request->server->get('PATH_INFO')
is assigned to$url
in lib/SimpleSAML/Module.php on line 138
substr()
, andsubstr($url, 1)
is assigned to$module
in lib/SimpleSAML/Module.php on line 149
in lib/SimpleSAML/Module.php on line 157
$reason
in lib/SimpleSAML/Error/NotFound.php on line 32
in lib/SimpleSAML/Error/NotFound.php on line 42
$errorCode
in lib/SimpleSAML/Error/Error.php on line 81
$errorCode
is assigned to property Error::$errorCodein lib/SimpleSAML/Error/Error.php on line 91
$this->errorCode
is returnedin lib/SimpleSAML/Error/Error.php on line 125
$e->getErrorCode()
is assigned to$errorCode
in modules/core/www/loginuserpass.php on line 87
array('code' => $errorCode, 'params' => $errorParams)
is assigned to$state
in modules/core/www/loginuserpass.php on line 89
in modules/core/www/loginuserpass.php on line 93
$state
in lib/SimpleSAML/Auth/State.php on line 205
serialize()
, andserialize($state)
is assigned to$serializedState
in lib/SimpleSAML/Auth/State.php on line 218
in lib/SimpleSAML/Auth/State.php on line 220
$data
in lib/SimpleSAML/Session.php on line 888
array('expires' => $expires, 'timeout' => $timeout, 'data' => $data)
is assigned to$dataInfo
in lib/SimpleSAML/Session.php on line 913
$dataInfo
is assigned to property Session::$dataStorein lib/SimpleSAML/Session.php on line 923
$this->dataStore[$type][$id]['data']
is returnedin lib/SimpleSAML/Session.php on line 980
$session->getData('\SimpleSAML\Auth\State', $sid['id'])
is assigned to$state
in lib/SimpleSAML/Auth/State.php on line 280
unserialize()
, andunserialize($state)
is assigned to$state
in lib/SimpleSAML/Auth/State.php on line 295
$state
is returnedin lib/SimpleSAML/Auth/State.php on line 319
SimpleSAML\Auth\State::loadState($authStateId, self::STAGEID)
is assigned to$state
in modules/core/lib/Auth/UserPassBase.php on line 300
in modules/core/lib/Auth/UserPassBase.php on line 331
$state
in lib/SimpleSAML/Auth/Source.php on line 151
$state['LoginCompletedHandler']
is assigned to$func
in lib/SimpleSAML/Auth/Source.php on line 158
in lib/SimpleSAML/Error/CriticalConfigurationError.php on line 64
$reason
in lib/SimpleSAML/Error/ConfigurationError.php on line 38
$reason
is assigned to property ConfigurationError::$reasonin lib/SimpleSAML/Error/ConfigurationError.php on line 52
$this->reason
is returnedin lib/SimpleSAML/Error/ConfigurationError.php on line 66
$exception->getReason()
is assigned to$reason
in lib/SimpleSAML/Error/CriticalConfigurationError.php on line 78
in lib/SimpleSAML/Error/CriticalConfigurationError.php on line 83
$reason
in lib/SimpleSAML/Error/CriticalConfigurationError.php on line 52
in lib/SimpleSAML/Error/CriticalConfigurationError.php on line 64
$reason
in lib/SimpleSAML/Error/ConfigurationError.php on line 38
$reason
is assigned to$params
in lib/SimpleSAML/Error/ConfigurationError.php on line 49
in lib/SimpleSAML/Error/ConfigurationError.php on line 54
$errorCode
in lib/SimpleSAML/Error/Error.php on line 81
$errorCode
is assigned to property Error::$errorCodein lib/SimpleSAML/Error/Error.php on line 91
$this->errorCode
is returnedin lib/SimpleSAML/Error/Error.php on line 125
$e->getErrorCode()
is assigned to$errorCode
in modules/core/www/loginuserpass.php on line 87
array('code' => $errorCode, 'params' => $errorParams)
is assigned to$state
in modules/core/www/loginuserpass.php on line 89
in modules/core/www/loginuserpass.php on line 93
$state
in lib/SimpleSAML/Auth/State.php on line 205
serialize()
, andserialize($state)
is assigned to$serializedState
in lib/SimpleSAML/Auth/State.php on line 218
in lib/SimpleSAML/Auth/State.php on line 220
$data
in lib/SimpleSAML/Session.php on line 888
array('expires' => $expires, 'timeout' => $timeout, 'data' => $data)
is assigned to$dataInfo
in lib/SimpleSAML/Session.php on line 913
$dataInfo
is assigned to property Session::$dataStorein lib/SimpleSAML/Session.php on line 923
$this->dataStore[$type][$id]['data']
is returnedin lib/SimpleSAML/Session.php on line 980
$session->getData('\SimpleSAML\Auth\State', $sid['id'])
is assigned to$state
in lib/SimpleSAML/Auth/State.php on line 280
unserialize()
, andunserialize($state)
is assigned to$state
in lib/SimpleSAML/Auth/State.php on line 295
$state
is returnedin lib/SimpleSAML/Auth/State.php on line 319
SimpleSAML\Auth\State::loadState($authStateId, self::STAGEID)
is assigned to$state
in modules/core/lib/Auth/UserPassBase.php on line 300
in modules/core/lib/Auth/UserPassBase.php on line 331
$state
in lib/SimpleSAML/Auth/Source.php on line 151
$state['LoginCompletedHandler']
is assigned to$func
in lib/SimpleSAML/Auth/Source.php on line 158
General Strategies to prevent injection
In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values:
For numeric data, we recommend to explicitly cast the data: