Ignoring XML comments in SAML
Description
Ignoring XML comments in SAML may lead to authentication bypass
Examples
Insecure Code
scala
val pool = new BasicParserPool(); pool.setIgnoreComments(false);Secure Code
scala
val pool = new BasicParserPool(); pool.setIgnoreComments(true);Remediation
Set ignoreComments to true in the BasicParserPool to prevent authentication bypass
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0079 |
| Category | Auth |
| Severity | MEDIUM |
| CWE | CWE-1390 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | SAML, authentication |
| OWASP | N/A |