From ecb3dfbea5ef9df9d51ce894fe19f89f589c3dc1 Mon Sep 17 00:00:00 2001
From: Rebecka Gulliksson <rebecka.gulliksson@umu.se>
Date: Tue, 3 May 2016 09:19:30 +0200
Subject: [PATCH 1/2] Explicitly signal incorrect 'remote' metadata conf.

---
 src/saml2/mdstore.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/saml2/mdstore.py b/src/saml2/mdstore.py
index 07f199e..1d85d6a 100644
--- a/src/saml2/mdstore.py
+++ b/src/saml2/mdstore.py
@@ -847,6 +847,8 @@ class MetadataStore(MetaData):
             kwargs.update(_args)
             _md = InMemoryMetaData(self.attrc, args[0])
         elif typ == "remote":
+            if "url" not in kwargs:
+                raise ValueError("Remote metadata must be structured as a dict containing the key 'url'")
             key = kwargs["url"]
             for _key in ["node_name", "check_validity"]:
                 try:

From 7f03589c9914f209ffea2ab4d05d2337ee9bcb30 Mon Sep 17 00:00:00 2001
From: Rebecka Gulliksson <rebecka.gulliksson@umu.se>
Date: Tue, 3 May 2016 12:03:36 +0200
Subject: [PATCH 2/2] Use deepcopy to avoid modifying external data.

---
 src/saml2/assertion.py | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/src/saml2/assertion.py b/src/saml2/assertion.py
index c6e24d2..81eaf34 100644
--- a/src/saml2/assertion.py
+++ b/src/saml2/assertion.py
@@ -1,20 +1,19 @@
 #!/usr/bin/env python
 # -*- coding: utf-8 -*-
+import copy
 import importlib
 import logging
-
 import re
-from saml2.saml import NAME_FORMAT_URI
 import six
-from saml2 import xmlenc
 
 from saml2 import saml
-
-from saml2.time_util import instant, in_a_while
+from saml2 import xmlenc
 from saml2.attribute_converter import from_local, get_local_name
-from saml2.s_utils import sid, MissingValue
-from saml2.s_utils import factory
 from saml2.s_utils import assertion_factory
+from saml2.s_utils import factory
+from saml2.s_utils import sid, MissingValue
+from saml2.saml import NAME_FORMAT_URI
+from saml2.time_util import instant, in_a_while
 
 logger = logging.getLogger(__name__)
 
@@ -319,7 +318,7 @@ class Policy(object):
             a compiled regular expression.
         """
 
-        self._restrictions = restrictions.copy()
+        self._restrictions = copy.deepcopy(restrictions)
 
         for who, spec in self._restrictions.items():
             if spec is None: