7:45 p.m.
Hi,
On Wed, 11 Jul 2018 at 00:04, Schmidt, Michael <Michael.Schmidt at lrz.de> wrote:
Even if the heavy stuff is done in the libs, could you
tell some places of interest in the code? SATOSA has some content even without the libs.
Maybe we could narrow the most important/critical down to some files and functions. It
would be helpful to split the application into parts of "low" and
"high" interest, if possible.
Some things on the top of my head (not in any specific priority):
- how external information is handled (configuration & data from the
network, replay attacks) [satosa_config, backends/, frontends/]
- how information is stored and transferred (cookie state and crypto:
key handling, IV, modes, algos) [state, backends/, frontends/]
- information leakage (logged data, stacktraces from exceptions,
unneeded data kept around) [logging_util, exception]
- can the internal attribute translation be tricked? [routing,
attribute_mapping]
For the libs themselves, which are the most important
ones? Is there some kind of documentation that states which dependencies are used for
which purpose?
- pysaml2 implements the saml2 parts [fronends/saml, backends/saml,
metadata_creation]
https://github.com/IdentityPython/pysaml2
- pyop implements the oidc parts and in turn depends on other libs
https://github.com/IdentityPython/pyop
I hope these are useful pointers to start.
Cheers,
--
Ivan c00kiemon5ter Kanakarakis >:3