[
{
"id": "xxe-doctype-001",
"class": "xxe_entity_abuse",
"family": "xxe",
"requirement_ids": ["CVE-REG-01"],
"expected_error_type": "doctype_forbidden",
"provenance": {
"source": "OWASP SAML Security Cheat Sheet",
"kind": "ported-fixture",
"captured_at": "2026-05-07"
},
"source_ref": "owasp:saml:doctype-forbidden",
"xml": "<!DOCTYPE Response><Response/>",
"notes": "DOCTYPE declarations must be rejected before parser trust is established."
},
{
"id": "xxe-entity-001",
"class": "xxe_entity_abuse",
"family": "xxe",
"requirement_ids": ["CVE-REG-01"],
"expected_error_type": "entity_expansion_forbidden",
"provenance": {
"source": "OWASP SAML Security Cheat Sheet",
"kind": "ported-fixture",
"captured_at": "2026-05-07"
},
"source_ref": "owasp:saml:entity-expansion-forbidden",
"xml": "<!ENTITY xxe 'boom'><Response/>",
"notes": "ENTITY declarations must be refused at the XML seam."
},
{
"id": "xsw-duplicate-id-001",
"class": "signature_wrapping",
"family": "signature_wrapping",
"requirement_ids": ["CVE-REG-01"],
"expected_error_type": "duplicate_xml_id",
"provenance": {
"source": "Historical XSW regression corpus",
"kind": "ported-fixture",
"captured_at": "2026-05-07"
},
"source_ref": "xsw:duplicate-id",
"xml": "<Response Destination=\"https://sp.example.com/saml/acs\" InResponseTo=\"id_request_123\" ConnectionId=\"conn-123\"><Issuer>https://idp.example.com/metadata</Issuer><Status><StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/></Status><Assertion ID=\"dup-assertion\"><Issuer>https://idp.example.com/metadata</Issuer><Subject><NameID>user@example.com</NameID><SubjectConfirmation><SubjectConfirmationData Recipient=\"https://sp.example.com/saml/acs\" NotOnOrAfter=\"2026-04-24T16:05:00Z\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2026-04-24T15:58:00Z\" NotOnOrAfter=\"2026-04-24T16:05:00Z\"><AudienceRestriction><Audience>https://sp.example.com/metadata</Audience></AudienceRestriction></Conditions></Assertion><Assertion ID=\"dup-assertion\"><Issuer>https://idp.example.com/metadata</Issuer><Subject><NameID>attacker@example.com</NameID><SubjectConfirmation><SubjectConfirmationData Recipient=\"https://sp.example.com/saml/acs\" NotOnOrAfter=\"2026-04-24T16:05:00Z\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2026-04-24T15:58:00Z\" NotOnOrAfter=\"2026-04-24T16:05:00Z\"><AudienceRestriction><Audience>https://sp.example.com/metadata</Audience></AudienceRestriction></Conditions></Assertion><Signature><SignedInfo><SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\"/><Reference URI=\"#dup-assertion\"><DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/></Reference></SignedInfo></Signature></Response>",
"notes": "Duplicate assertion IDs model classic XSW signed-node confusion."
},
{
"id": "xsw-ambiguous-assertion-001",
"class": "signature_wrapping",
"family": "signature_wrapping",
"requirement_ids": ["CVE-REG-01"],
"expected_error_type": "ambiguous_signed_node",
"provenance": {
"source": "Historical XSW regression corpus",
"kind": "ported-fixture",
"captured_at": "2026-05-07"
},
"source_ref": "xsw:ambiguous-assertion-selection",
"xml": "<Response Destination=\"https://sp.example.com/saml/acs\" InResponseTo=\"id_request_123\" ConnectionId=\"conn-123\"><Issuer>https://idp.example.com/metadata</Issuer><Status><StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/></Status><Assertion ID=\"assertion-one\"><Issuer>https://idp.example.com/metadata</Issuer><Subject><NameID>user@example.com</NameID><SubjectConfirmation><SubjectConfirmationData Recipient=\"https://sp.example.com/saml/acs\" NotOnOrAfter=\"2026-04-24T16:05:00Z\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2026-04-24T15:58:00Z\" NotOnOrAfter=\"2026-04-24T16:05:00Z\"><AudienceRestriction><Audience>https://sp.example.com/metadata</Audience></AudienceRestriction></Conditions></Assertion><Assertion ID=\"assertion-two\"><Issuer>https://idp.example.com/metadata</Issuer><Subject><NameID>attacker@example.com</NameID><SubjectConfirmation><SubjectConfirmationData Recipient=\"https://sp.example.com/saml/acs\" NotOnOrAfter=\"2026-04-24T16:05:00Z\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2026-04-24T15:58:00Z\" NotOnOrAfter=\"2026-04-24T16:05:00Z\"><AudienceRestriction><Audience>https://sp.example.com/metadata</Audience></AudienceRestriction></Conditions></Assertion><Signature><SignedInfo><SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\"/><Reference URI=\"#assertion-one\"><DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/></Reference></SignedInfo></Signature></Response>",
"notes": "Multiple signed-node candidates must never collapse to a silent success."
},
{
"id": "c14n-differential-001",
"class": "parser_differential_and_c14n",
"family": "signature_wrapping",
"requirement_ids": ["CVE-REG-01"],
"expected_error_type": "canonicalization_failed",
"provenance": {
"source": "PureBeam seam regression corpus",
"kind": "ported-fixture",
"captured_at": "2026-05-07"
},
"source_ref": "purebeam:c14n-differential",
"xml": "<Response Destination=\"https://sp.example.com/saml/acs\" InResponseTo=\"id_request_123\" ConnectionId=\"conn-123\"><Issuer>https://idp.example.com/metadata</Issuer><Status><StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/></Status><Assertion ID=\"assertion-c14n\"><Issuer>https://idp.example.com/metadata</Issuer><Subject><NameID>user@example.com</NameID><SubjectConfirmation><SubjectConfirmationData Recipient=\"https://sp.example.com/saml/acs\" NotOnOrAfter=\"2026-04-24T16:05:00Z\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2026-04-24T15:58:00Z\" NotOnOrAfter=\"2026-04-24T16:05:00Z\"><AudienceRestriction><Audience>https://sp.example.com/metadata</Audience></AudienceRestriction></Conditions></Assertion><Signature><SignedInfo><SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\"/><Reference URI=\"#assertion-c14n\"><DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/></Reference></SignedInfo></Signature></Response>",
"notes": "The current pure-BEAM seam must keep failing closed when canonicalization inputs are incomplete."
},
{
"id": "cve-2024-45409-keyinfo-001",
"class": "cve_2024_45409",
"family": "CVE-2024-45409",
"requirement_ids": ["CVE-REG-01"],
"expected_error_type": "untrusted_certificate",
"provenance": {
"source": "ruby-saml GHSA-jw9c-mfg7-9rx2",
"kind": "ported-fixture",
"captured_at": "2026-05-07"
},
"source_ref": "GHSA-jw9c-mfg7-9rx2:keyinfo-trust-bypass",
"xml": "<Response Destination=\"https://sp.example.com/saml/acs\" InResponseTo=\"id_request_123\" ConnectionId=\"conn-123\"><Issuer>https://idp.example.com/metadata</Issuer><Status><StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/></Status><Assertion ID=\"assertion-keyinfo\"><Issuer>https://idp.example.com/metadata</Issuer><Subject><NameID>user@example.com</NameID><SubjectConfirmation><SubjectConfirmationData Recipient=\"https://sp.example.com/saml/acs\" NotOnOrAfter=\"2026-04-24T16:05:00Z\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2026-04-24T15:58:00Z\" NotOnOrAfter=\"2026-04-24T16:05:00Z\"><AudienceRestriction><Audience>https://sp.example.com/metadata</Audience></AudienceRestriction></Conditions></Assertion><Signature><KeyInfo><X509Data>attacker-controlled-cert</X509Data></KeyInfo><SignedInfo><SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\"/><Reference URI=\"#assertion-keyinfo\"><DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/></Reference></SignedInfo></Signature></Response>",
"notes": "Document-provided KeyInfo must never become a trust anchor."
},
{
"id": "cve-2024-45409-duplicate-id-001",
"class": "cve_2024_45409",
"family": "CVE-2024-45409",
"requirement_ids": ["CVE-REG-01"],
"expected_error_type": "duplicate_xml_id",
"provenance": {
"source": "CVE-2024-45409 / ruby-saml advisory lineage",
"kind": "ported-fixture",
"captured_at": "2026-05-07"
},
"source_ref": "CVE-2024-45409:signed-node-selection-bypass",
"xml": "<Response Destination=\"https://sp.example.com/saml/acs\" InResponseTo=\"id_request_123\" ConnectionId=\"conn-123\"><Issuer>https://idp.example.com/metadata</Issuer><Status><StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/></Status><Assertion ID=\"assertion-cve-dup\"><Issuer>https://idp.example.com/metadata</Issuer><Subject><NameID>user@example.com</NameID><SubjectConfirmation><SubjectConfirmationData Recipient=\"https://sp.example.com/saml/acs\" NotOnOrAfter=\"2026-04-24T16:05:00Z\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2026-04-24T15:58:00Z\" NotOnOrAfter=\"2026-04-24T16:05:00Z\"><AudienceRestriction><Audience>https://sp.example.com/metadata</Audience></AudienceRestriction></Conditions></Assertion><Assertion ID=\"assertion-cve-dup\"><Issuer>https://idp.example.com/metadata</Issuer><Subject><NameID>attacker@example.com</NameID><SubjectConfirmation><SubjectConfirmationData Recipient=\"https://sp.example.com/saml/acs\" NotOnOrAfter=\"2026-04-24T16:05:00Z\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2026-04-24T15:58:00Z\" NotOnOrAfter=\"2026-04-24T16:05:00Z\"><AudienceRestriction><Audience>https://sp.example.com/metadata</Audience></AudienceRestriction></Conditions></Assertion><Signature><SignedInfo><SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\"/><Reference URI=\"#assertion-cve-dup\"><DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/></Reference></SignedInfo></Signature></Response>",
"notes": "Pinned duplicate-ID variant covers signed-node selection bypasses in the CVE family."
}
]
