Add guard to limit amount of namespaces and transforms

Author: tvdijen

src/Constants.php

@@ -163,6 +163,13 @@ class Constants extends \SimpleSAML\XML\Constants
 
     public const string XMLENC_EXI = 'http://www.w3.org/2009/xmlenc11#EXI';
 
+    /**
+     * Library default limits
+     */
+    public const int MAX_TRANSFORMS = 2;
+
+    public const int MAX_XPATH_NAMESPACES = 20;
+
 
     /** @var string[] */
     public static array $KEY_WRAP_ALGORITHMS = [

src/XML/CanonicalizableElementTrait.php

@@ -5,6 +5,7 @@
 namespace SimpleSAML\XMLSecurity\XML;
 
 use DOMElement;
+use SimpleSAML\XMLSecurity\Assert\Assert;
 use SimpleSAML\XMLSecurity\Constants as C;
 use SimpleSAML\XMLSecurity\Exception\CanonicalizationFailedException;
 use SimpleSAML\XMLSecurity\Exception\ReferenceValidationFailedException;
@@ -120,9 +121,18 @@ public function processTransforms(
         Transforms $transforms,
         DOMElement $data,
     ): string {
+        Assert::maxCount(
+            $transforms->getTransform(),
+            C::MAX_TRANSFORMS,
+            ReferenceValidationFailedException::class,
+            'Too many transforms.',
+        );
+
         $canonicalMethod = C::C14N_EXCLUSIVE_WITHOUT_COMMENTS;
         $arXPath = null;
         $prefixList = null;
+        $xpCache = XPath::getXPath($data);
+
         foreach ($transforms->getTransform() as $transform) {
             $canonicalMethod = $transform->getAlgorithm()->getValue();
             switch ($canonicalMethod) {
@@ -144,7 +154,6 @@ public function processTransforms(
                         $arXPath['query'] = '(.//. | .//@* | .//namespace::*)[' . $xpathValue . ']';
                         $arXpath['namespaces'] = $xpath->getNamespaces();
 
-                        $xpCache = XPath::getXPath($data);
                         $nslist = $xpCache->query('./namespace::*', $xpath->toXML());
                         Assert::lessThanEq(
                             $nslist->count(),