Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-24 09:28:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 30
fleet/server
History
Zachary Wasserman 23a12b2ab0
Add check for Duo SAML vulnerability (not vulnerable) (#1718) 
See https://goo.gl/zuku4E.

> The most obvious remediation here is ensuring your SAML library is extracting
  the full text of a given XML element when comments are present.

Our implementation asks for the innerxml of the NameID field, so it returns the
entire text including the comment (See https://goo.gl/KLLXof). By default Go's
XML parsing would return the text not including the comment (but including
further text after the comment). Both of these options prevent the
vulnerability.
2018-03-02 09:44:23 -07:00
..
config Add flags for configuring MySQL connection pooling limits (#1672) 2017-12-19 13:52:52 -08:00
contexts General simplification in go part (#1658) 2017-12-04 09:43:43 -05:00
datastore Add FileAccesses to FIM Configuration (#1717) 2018-02-26 12:54:13 -08:00
health Fix documentation typos (#1682) 2017-12-21 18:37:32 -08:00
kolide Add FileAccesses to FIM Configuration (#1717) 2018-02-26 12:54:13 -08:00
launcher Write the raw status log to the writer (#1666) 2017-12-12 10:43:33 -05:00
logwriter Fix documentation typos (#1682) 2017-12-21 18:37:32 -08:00
mail Rename project to Kolide Fleet (#1529) 2017-06-22 15:50:45 -04:00
mock Write the raw status log to the writer (#1666) 2017-12-12 10:43:33 -05:00
pubsub Rename project to Kolide Fleet (#1529) 2017-06-22 15:50:45 -04:00
service Add FileAccesses to FIM Configuration (#1717) 2018-02-26 12:54:13 -08:00
sso Add check for Duo SAML vulnerability (not vulnerable) (#1718) 2018-03-02 09:44:23 -07:00
test Rename project to Kolide Fleet (#1529) 2017-06-22 15:50:45 -04:00
websocket Rename project to Kolide Fleet (#1529) 2017-06-22 15:50:45 -04:00