Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Revealing too much info about the error using util.inspec #242

Open
ipetrovic11 opened this issue Sep 21, 2021 · 0 comments
Open

Revealing too much info about the error using util.inspec #242

ipetrovic11 opened this issue Sep 21, 2021 · 0 comments

Comments

@ipetrovic11
Copy link

Hi

While parsing auth response from the service provider, "decrypt_assertion" is called. This function is using util.inspect for errors revealing quite a lot of information - stack trace, which can't be handled properly, since it is embedded into the error message.

saml2/lib/saml2.coffee

Line 235 in fca725b

, -> cb new Error("Failed to decrypt assertion with provided key(s): #{util.inspect errors}")

{ "message": "Failed to decrypt assertion with provided key(s): [\n Error: Decrypt failed: Error: Invalid RSAES-OAEP padding.\n at Object.pkcs1.decode_rsa_oaep (/usr/src/app/packages/services/node_modules/node-forge/lib/pkcs1.js:255:11)\n at Object.decode (/usr/src/app/packages/services/node_modules/node-forge/lib/rsa.js:1190:30)\n at Object.key.decrypt (/usr/src/app/packages/services/node_modules/node-forge/lib/rsa.js:1200:19)\n at decryptKeyInfoWithScheme (/usr/src/app/packages/services/node_modules/xml-encryption/lib/xmlenc.js:253:31)\n at decryptKeyInfo (/usr/src/app/packages/services/node_modules/xml-encryption/lib/xmlenc.js:241:14)\n at Object.decrypt (/usr/src/app/packages/services/node_modules/xml-encryption/lib/xmlenc.js:182:24)\n at err (/usr/src/app/packages/services/node_modules/saml2-js/lib-js/saml2.js:326:21)\n at replenish (/usr/src/app/packages/services/node_modules/saml2-js/node_modules/async/dist/async.js:440:21)\n at /usr/src/app/packages/services/node_modules/saml2-js/node_modules/async/dist/async.js:445:13\n at eachOfLimit$1 (/usr/src/app/packages/services/node_modules/saml2-js/node_modules/async/dist/async.js:471:34)\n at awaitable (/usr/src/app/packages/services/node_modules/saml2-js/node_modules/async/dist/async.js:208:32)\n at Object.eachOfSeries (/usr/src/app/packages/services/node_modules/saml2-js/node_modules/async/dist/async.js:658:16)\n at Object.awaitable (/usr/src/app/packages/services/node_modules/saml2-js/node_modules/async/dist/async.js:208:32)\n at decrypt_assertion (/usr/src/app/packages/services/node_modules/saml2-js/lib-js/saml2.js:325:18)\n at /usr/src/app/packages/services/node_modules/saml2-js/lib-js/saml2.js:588:14\n at nextTask (/usr/src/app/packages/services/node_modules/saml2-js/node_modules/async/dist/async.js:4576:27)\n at Object.waterfall (/usr/src/app/packages/services/node_modules/saml2-js/node_modules/async/dist/async.js:4587:9)\n at Object.awaitable [as waterfall] (/usr/src/app/packages/services/node_modules/saml2-js/node_modules/async/dist/async.js:208:32)\n at parse_authn_response (/usr/src/app/packages/services/node_modules/saml2-js/lib-js/saml2.js:586:16)\n at /usr/src/app/packages/services/node_modules/saml2-js/lib-js/saml2.js:840:22\n at nextTask (/usr/src/app/packages/services/node_modules/saml2-js/node_modules/async/dist/async.js:4576:27)\n at Immediate.next (/usr/src/app/packages/services/node_modules/saml2-js/node_modules/async/dist/async.js:4584:13)\n at Immediate._onImmediate (/usr/src/app/packages/services/node_modules/saml2-js/node_modules/async/dist/async.js:321:20)\n at processImmediate (internal/timers.js:463:21)\n at /usr/src/app/packages/services/node_modules/saml2-js/lib-js/saml2.js:331:25\n at Object.decrypt (/usr/src/app/packages/services/node_modules/xml-encryption/lib/xmlenc.js:209:12)\n at err (/usr/src/app/packages/services/node_modules/saml2-js/lib-js/saml2.js:326:21)\n at replenish (/usr/src/app/packages/services/node_modules/saml2-js/node_modules/async/dist/async.js:440:21)\n at /usr/src/app/packages/services/node_modules/saml2-js/node_modules/async/dist/async.js:445:13\n at eachOfLimit$1 (/usr/src/app/packages/services/node_modules/saml2-js/node_modules/async/dist/async.js:471:34)\n at awaitable (/usr/src/app/packages/services/node_modules/saml2-js/node_modules/async/dist/async.js:208:32)\n at Object.eachOfSeries (/usr/src/app/packages/services/node_modules/saml2-js/node_modules/async/dist/async.js:658:16)\n at Object.awaitable (/usr/src/app/packages/services/node_modules/saml2-js/node_modules/async/dist/async.js:208:32)\n at decrypt_assertion (/usr/src/app/packages/services/node_modules/saml2-js/lib-js/saml2.js:325:18)\n at /usr/src/app/packages/services/node_modules/saml2-js/lib-js/saml2.js:588:14\n at nextTask (/usr/src/app/packages/services/node_modules/saml2-js/node_modules/async/dist/async.js:4576:27)\n at Object.waterfall (/usr/src/app/packages/services/node_modules/saml2-js/node_modules/async/dist/async.js:4587:9)\n at Object.awaitable [as waterfall] (/usr/src/app/packages/services/node_modules/saml2-js/node_modules/async/dist/async.js:208:32)\n at parse_authn_response (/usr/src/app/packages/services/node_modules/saml2-js/lib-js/saml2.js:586:16)\n at /usr/src/app/packages/services/node_modules/saml2-js/lib-js/saml2.js:840:22\n at nextTask (/usr/src/app/packages/services/node_modules/saml2-js/node_modules/async/dist/async.js:4576:27)\n at Immediate.next (/usr/src/app/packages/services/node_modules/saml2-js/node_modules/async/dist/async.js:4584:13)\n at Immediate._onImmediate (/usr/src/app/packages/services/node_modules/saml2-js/node_modules/async/dist/async.js:321:20)\n at processImmediate (internal/timers.js:463:21)\n]" }

Would it be possible to remove util.inspect ?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ipetrovic11