Comment parsing for OpenSAML2 might allow attacks by anyone with access to the SAML system.
1public void parserPoolNoncompliant(final BasicParserPool parser) {
2 // Noncompliant: not ignoring comments creates a SAML authentication bypass vulnerability.
3 parser.setIgnoreComments(false);
4}
1public void parserPoolCompliant(final BasicParserPool parser) {
2 // Compliant: ignoring comments prevents the SAML authentication bypass vulnerability.
3 parser.setIgnoreComments(true);
4}