Add guard to limit amount of namespaces and transforms

Author: tvdijen

src/Constants.php

@@ -253,4 +253,10 @@ class Constants extends \SimpleSAML\XML\Constants
         self::C14N11_INCLUSIVE_WITH_COMMENTS,
         self::C14N11_INCLUSIVE_WITHOUT_COMMENTS,
     ];
+
+    /**
+     * Library default limits
+     */
+    public const int MAX_TRANSFORMS = 2;
+    public const int MAX_XPATH_NAMESPACES = 20;
 }

src/XML/CanonicalizableElementTrait.php

@@ -5,6 +5,7 @@
 namespace SimpleSAML\XMLSecurity\XML;
 
 use DOMElement;
+use SimpleSAML\XMLSecurity\Assert\Assert;
 use SimpleSAML\XMLSecurity\Constants as C;
 use SimpleSAML\XMLSecurity\Exception\CanonicalizationFailedException;
 use SimpleSAML\XMLSecurity\Exception\ReferenceValidationFailedException;
@@ -120,9 +121,18 @@ public function processTransforms(
         Transforms $transforms,
         DOMElement $data,
     ): string {
+        Assert::maxCount(
+            $transforms->getTransform(),
+            C::MAX_TRANSFORMS,
+            ReferenceValidationFailedException::class,
+            'Too many transforms.',
+        );
+
         $canonicalMethod = C::C14N_EXCLUSIVE_WITHOUT_COMMENTS;
         $arXPath = null;
         $prefixList = null;
+        $xpCache = XPath::getXPath($data);
+
         foreach ($transforms->getTransform() as $transform) {
             $canonicalMethod = $transform->getAlgorithm()->getValue();
             switch ($canonicalMethod) {
@@ -144,7 +154,6 @@ public function processTransforms(
                         $arXPath['query'] = '(.//. | .//@* | .//namespace::*)[' . $xpathValue . ']';
                         $arXpath['namespaces'] = $xpath->getNamespaces();
 
-                        $xpCache = XPath::getXPath($data);
                         $nslist = $xpCache->query('./namespace::*', $xpath->toXML());
                         Assert::lessThanEq(
                             $nslist->count(),