From 02877a5933a3ed0511693ebf2d3202db96300c31 Mon Sep 17 00:00:00 2001
From: Guillaume Rousse <guillaume.rousse@renater.fr>
Date: Fri, 9 Mar 2018 15:53:32 +0100
Subject: [PATCH] add SP/IdP count safety check

---
 update-metadata.php | 36 ++++++++++++++++++++++++++++++++++--
 1 file changed, 34 insertions(+), 2 deletions(-)

diff --git a/update-metadata.php b/update-metadata.php
index 1f7e1f3..4be4e18 100644
--- a/update-metadata.php
+++ b/update-metadata.php
@@ -16,10 +16,10 @@ Usage:
 php update-metadata.php -help|-h
 php update-metadata.php --metadata-file <file> \
     --metadata-idp-file <file> --metadata-sp-file <file> \
-    [--verbose | -v]
+    [--verbose | -v] [--min-sp-count <count>] [--min-idp-count <count>]
 php update-metadata.php --metadata-url <url> \
     --metadata-idp-file <file> --metadata-sp-file <file> \
-    [--verbose | -v]
+    [--verbose | -v] [--min-sp-count <count>] [--min-idp-count <count>]
 
 
 Example usage: 
@@ -35,6 +35,8 @@ Argument Description
 --metadata-file <file>      SAML2 metadata file
 --metadata-idp-file <file>  File containing Service Providers 
 --metadata-sp-file <file>   File containing Identity Providers 
+--min-idp-count <count>     Minimum expected number of IdPs in metadata
+--min-sp-count <count>      Minimum expected number of SPs in metadata
 --language <locale>         Language locale, e.g. 'en', 'jp', ...
 --verbose | -v              Verbose mode
 --help | -h                  Print this man page
@@ -51,6 +53,8 @@ $longopts = array(
     "metadata-file:",
     "metadata-idp-file:",
     "metadata-sp-file:",
+    "min-idp-count:",
+    "min-sp-count:",
     "language:",
     "verbose",
     "help",
@@ -84,6 +88,26 @@ if (!isset($options['metadata-idp-file'])) {
 	$metadataTempIDPFile = $metadataIDPFile.'.swp';
 }
 
+if (isset($options['min-sp-count'])) {
+	if (!is_numeric($options['min-sp-count'])) {
+		exit("Exiting: invalid value for --min-sp-count parameter\n");
+	} else {
+		$minSPCount = $options['min-sp-count'];
+	}
+} else {
+	$minSPCount = 0;
+}
+
+if (isset($options['min-idp-count'])) {
+	if (!is_numeric($options['min-idp-count'])) {
+		exit("Exiting: invalid value for --min-idp-count parameter\n");
+	} else {
+		$minIDPCount = $options['min-idp-count'];
+	}
+} else {
+	$minIDPCount = 0;
+}
+
 // Set other options
 $language = isset($options['language']) ? $options['language'] : 'en';
 $verbose  = isset($options['verbose']) || isset($options['v']) ? true : false;
@@ -124,6 +148,10 @@ list($metadataIDProviders, $metadataSProviders) = parseMetadata($metadataFile, $
 
 // If $metadataIDProviders is not FALSE, dump results in $metadataIDPFile.
 if (is_array($metadataIDProviders)){
+	$IDPCount = count($metadataIDProviders);
+	if ($IDPCount < $minIDPCount) {
+		exit("Exiting: number of Identity Providers found ($IDPCount) lower than expected ($minIDPCount)\n");
+	}
 
 	if ($verbose) {
 		echo "Dumping parsed Identity Providers to file $metadataIDPFile\n";
@@ -137,6 +165,10 @@ if (is_array($metadataIDProviders)){
 
 // If $metadataSProviders is not FALSE, dump results in $metadataSPFile.
 if (is_array($metadataSProviders)){
+	$SPCount = count($metadataSProviders);
+	if ($SPCount < $minSPCount) {
+		exit("Exiting: number of Service Providers found ($SPCount) lower than expected ($minSPCount)\n");
+	}
 
 	if ($verbose) {
 		echo "Dumping parsed Service Providers to file $metadataSPFile\n";
-- 
GitLab