You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In order to continue ensuring that invalid conditions, which would represent security issues, are correctly detected, we need some better test coverage. Currently, we have many places where we throw exceptions if there are problems with SAML processing. However, we don't have test coverage for these conditions.
It is currently possible to modify code to allow an unsafe condition through as valid SAML and still have all the existing tests pass. It is very difficult to catch such cases in code review. Thus, we need to add tests that will cover every exception that we throw so that we can ensure these invalid cases are always detected correctly.
The text was updated successfully, but these errors were encountered:
In order to continue ensuring that invalid conditions, which would represent security issues, are correctly detected, we need some better test coverage. Currently, we have many places where we throw exceptions if there are problems with SAML processing. However, we don't have test coverage for these conditions.
It is currently possible to modify code to allow an unsafe condition through as valid SAML and still have all the existing tests pass. It is very difficult to catch such cases in code review. Thus, we need to add tests that will cover every exception that we throw so that we can ensure these invalid cases are always detected correctly.
The text was updated successfully, but these errors were encountered: