.name_id raises NoMethodError in Ruby 2.6 default REXML version #516
Description
The following XML
<?xml version="1.0"?>
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_8e8dc5f69a98cc4c1ff3427e5ce34606fd672f91e6" Version="2.0" IssueInstant="2055-05-05T17:55:00Z" Destination="http://fake.appbot.co/sso/sso1/saml/consume" InResponseTo="SSO_1">
<saml:Assertion xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="_d71a3a8e9fcc45c9e9d248ef7049393fc8f04e5f75" Version="2.0" IssueInstant="2014-07-17T01:01:48Z">
<saml:Issuer>http://idp.example.com/metadata</saml:Issuer>
<saml:Subject>
<saml:NameID SPNameQualifier="http://fake.appbot.co/sso/sso1/saml/metadata" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">100</saml:NameID>
</saml:Subject>
</saml:Assertion>
</samlp:Response>Causes OneLogin::RubySaml::Response#name_id to raise NoMethodError (undefined method '[]' for nil:NilClass) in Ruby 2.6 and above.
Code to replicate;
require 'onelogin/ruby-saml'
require 'zlib'
require 'base64'
raw_saml = File.read('saml.xml')
deflated_saml = Zlib::Deflate.deflate(raw_saml, 9)[2..-5]
encoded_saml = Base64.encode64(deflated_saml)
response = OneLogin::RubySaml::Response.new(encoded_saml)
response.name_idIn Ruby 2.5.7;
2.5.7 :012 > response.name_id
=> nil
In Ruby 2.6.0 and 2.6.5;
2.6.5 :012 > response.name_id
Traceback (most recent call last):
16: from /Users/atyndall/.rvm/rubies/ruby-2.6.5/lib/ruby/2.6.0/rexml/xpath_parser.rb:183:in `expr'
15: from /Users/atyndall/.rvm/rubies/ruby-2.6.5/lib/ruby/2.6.0/rexml/xpath_parser.rb:437:in `step'
14: from /Users/atyndall/.rvm/rubies/ruby-2.6.5/lib/ruby/2.6.0/rexml/xpath_parser.rb:583:in `evaluate_predicate'
13: from /Users/atyndall/.rvm/rubies/ruby-2.6.5/lib/ruby/2.6.0/rexml/xpath_parser.rb:583:in `collect'
12: from /Users/atyndall/.rvm/rubies/ruby-2.6.5/lib/ruby/2.6.0/rexml/xpath_parser.rb:586:in `block in evaluate_predicate'
11: from /Users/atyndall/.rvm/rubies/ruby-2.6.5/lib/ruby/2.6.0/rexml/xpath_parser.rb:586:in `each_with_index'
10: from /Users/atyndall/.rvm/rubies/ruby-2.6.5/lib/ruby/2.6.0/rexml/xpath_parser.rb:586:in `each'
9: from /Users/atyndall/.rvm/rubies/ruby-2.6.5/lib/ruby/2.6.0/rexml/xpath_parser.rb:594:in `block (2 levels) in evaluate_predicate'
8: from /Users/atyndall/.rvm/rubies/ruby-2.6.5/lib/ruby/2.6.0/rexml/xpath_parser.rb:345:in `expr'
7: from /Users/atyndall/.rvm/rubies/ruby-2.6.5/lib/ruby/2.6.0/rexml/xpath_parser.rb:813:in `equality_relational_compare'
6: from /Users/atyndall/.rvm/rubies/ruby-2.6.5/lib/ruby/2.6.0/rexml/syncenumerator.rb:27:in `each'
5: from /Users/atyndall/.rvm/rubies/ruby-2.6.5/lib/ruby/2.6.0/rexml/syncenumerator.rb:27:in `times'
4: from /Users/atyndall/.rvm/rubies/ruby-2.6.5/lib/ruby/2.6.0/rexml/syncenumerator.rb:28:in `block in each'
3: from /Users/atyndall/.rvm/rubies/ruby-2.6.5/lib/ruby/2.6.0/rexml/xpath_parser.rb:815:in `block in equality_relational_compare'
2: from /Users/atyndall/.rvm/rubies/ruby-2.6.5/lib/ruby/2.6.0/rexml/xpath_parser.rb:799:in `norm'
1: from /Users/atyndall/.rvm/rubies/ruby-2.6.5/lib/ruby/2.6.0/rexml/functions.rb:139:in `string'
NoMethodError (undefined method `[]' for nil:NilClass)
This is likely due to a bug introduced when Ruby's bundled REXML was upgraded to v3.1.9. It goes away with a gem update rexml.
Given that the broken REXML is bundled by default with Ruby 2.6.x, I'm not sure if you want to note down a warning somewhere, or issue a fix to handle those borked Ruby versions.