diff options
| author | Vlad Mencl <vladimir.mencl@reannz.co.nz> | 2021-06-10 14:53:25 +1200 |
|---|---|---|
| committer | Vlad Mencl <vladimir.mencl@reannz.co.nz> | 2021-06-10 14:53:25 +1200 |
| commit | 59604b6980bc3cc2d7a1a2b5a3aed515e9b1df17 (patch) | |
| tree | ef1513cd5cc224cda25e3960d276e4486084596d | |
| parent | 65674f8458c8a6f1c5050238313b2dd932bfa735 (diff) | |
| download | pysaml2-59604b6980bc3cc2d7a1a2b5a3aed515e9b1df17.tar.gz | |
fix: saml2.assertion: safeguard _filter_values against vals=None
In certain circumstances, such as an Saml2IdP receiving a request
from an SP where the SP metadata has a RequestedAttribute with specific values,
`_filter_values` may be called with vals=None when processing the AuthnRequest.
Safeguard against this by returning early, returning the None value unfiltered.
(It will get later replaced with an [] in `_apply_attr_value_restrictions`).
| -rw-r--r-- | src/saml2/assertion.py | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/saml2/assertion.py b/src/saml2/assertion.py index cd01463b..4474bf42 100644 --- a/src/saml2/assertion.py +++ b/src/saml2/assertion.py @@ -35,6 +35,9 @@ def _filter_values(vals, vlist=None, must=False): if not vlist: # No value specified equals any value return vals + if vals is None: # cannot iterate over None, return early + return vals + if isinstance(vlist, six.string_types): vlist = [vlist] |