GUID validation is incorrect #19

JakubDolba · 2019-06-13T00:18:26Z

current \SilverStripe\SAML\Helpers\SAMLHelper::validGuid allows:

only uppercase "guid"
- should be case insensitive
allows actually invalid values to be considered as valid
- standard guid should be hex range [0-9a-f]
- current implementation check [A-Z0-9] which allows non-guid to pass validation

expected result of validation: only valid guid format is passing

The text was updated successfully, but these errors were encountered:

robbieaverill · 2019-06-13T03:05:12Z

Can you please provide some basic examples of what you're finding correct and incorrect? Are you saying that we should only accept A-F range rather than A-Z?

JakubDolba · 2019-06-13T03:18:54Z

"textual representation of UUID are represented as 32 hexadecimal (base-16) digits"
source: https://en.wikipedia.org/wiki/Universally_unique_identifier

sometimes (microsoft) surrounds guid with brackets { }

only [0-9A-F] range should be accepted as for example Z is not valid character of guid

example:
valid: 11111111-1111-1111-ffff-000000000000
invalid: 11111111-zzzz-1111-ffff-000000000000

created pull request #22

JakubDolba mentioned this issue Jun 13, 2019

Fix incorrect guid validation #22

Merged

robbieaverill closed this as completed in #22 Jun 13, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GUID validation is incorrect #19

GUID validation is incorrect #19

JakubDolba commented Jun 13, 2019 •

edited

Loading

robbieaverill commented Jun 13, 2019

JakubDolba commented Jun 13, 2019

GUID validation is incorrect #19

GUID validation is incorrect #19

Comments

JakubDolba commented Jun 13, 2019 • edited Loading

robbieaverill commented Jun 13, 2019

JakubDolba commented Jun 13, 2019

JakubDolba commented Jun 13, 2019 •

edited

Loading