Add assertions to prevent denial of service

tvdijen · tvdijen · commit 7f7f5c57ed62 · 2025-06-29T18:43:06.000+02:00
diff --git a/src/XMLSchema/XML/xs/AbstractElement.php b/src/XMLSchema/XML/xs/AbstractElement.php
@@ -6,6 +6,7 @@
 
 use DOMElement;
 use SimpleSAML\XML\Assert\Assert;
+use SimpleSAML\XML\Constants as C;
 use SimpleSAML\XMLSchema\Exception\{ProtocolViolationException, SchemaViolationException};
 use SimpleSAML\XMLSchema\Type\Builtin\{BooleanValue, IDValue, NCNameValue, QNameValue, StringValue};
 use SimpleSAML\XMLSchema\Type\{BlockSetValue, DerivationSetValue, FormChoiceValue, MaxOccursValue, MinOccursValue};
@@ -64,6 +65,7 @@ public function __construct(
         ?IDValue $id = null,
         array $namespacedAttributes = [],
     ) {
+        Assert::maxCount($identityConstraint, C::UNBOUNDED_LIMIT);
         Assert::allIsInstanceOf(
             $identityConstraint,
             IdentityConstraintInterface::class,
diff --git a/src/XMLSchema/XML/xs/AbstractGroup.php b/src/XMLSchema/XML/xs/AbstractGroup.php
@@ -5,6 +5,8 @@
 namespace SimpleSAML\XMLSchema\XML\xs;
 
 use DOMElement;
+use SimpleSAML\XML\Assert\Assert;
+use SimpleSAML\XML\Constants as C;
 use SimpleSAML\XMLSchema\Type\Builtin\{IDValue, NCNameValue, QNameValue};
 use SimpleSAML\XMLSchema\Type\{MinOccursValue, MaxOccursValue};
 
@@ -42,6 +44,8 @@ public function __construct(
         ?IDValue $id = null,
         array $namespacedAttributes = [],
     ) {
+        Assert::maxCount($particles, C::UNBOUNDED_LIMIT);
+
         parent::__construct($annotation, $id, $namespacedAttributes);
 
         $this->setName($name);
diff --git a/src/XMLSchema/XML/xs/AbstractKeybase.php b/src/XMLSchema/XML/xs/AbstractKeybase.php
@@ -6,6 +6,7 @@
 
 use DOMElement;
 use SimpleSAML\XML\Assert\Assert;
+use SimpleSAML\XML\Constants as C;
 use SimpleSAML\XMLSchema\Exception\MissingElementException;
 use SimpleSAML\XMLSchema\Type\Builtin\{IDValue, NCNameValue};
 
@@ -36,6 +37,7 @@ public function __construct(
         protected ?IDValue $id = null,
         array $namespacedAttributes = [],
     ) {
+        Assert::maxCount($field, C::UNBOUNDED_LIMIT);
         Assert::allIsInstanceOf($field, Field::class, MissingElementException::class);
 
         parent::__construct($annotation, $id, $namespacedAttributes);
diff --git a/src/XMLSchema/XML/xs/AttrDeclsTrait.php b/src/XMLSchema/XML/xs/AttrDeclsTrait.php
@@ -5,6 +5,7 @@
 namespace SimpleSAML\XMLSchema\XML\xs;
 
 use SimpleSAML\XML\Assert\Assert;
+use SimpleSAML\XML\Constants as C;
 use SimpleSAML\XMLSchema\Exception\SchemaViolationException;
 
 /**
@@ -67,6 +68,7 @@ public function getAnyAttribute(): ?AnyAttribute
      */
     protected function setAttributes(array $attributes): void
     {
+        Assert::maxCount($attributes, C::UNBOUNDED_LIMIT);
         Assert::allIsInstanceOfAny(
             $attributes,
             [LocalAttribute::class, ReferencedAttributeGroup::class],
diff --git a/src/XMLSchema/XML/xs/Documentation.php b/src/XMLSchema/XML/xs/Documentation.php
@@ -53,6 +53,7 @@ final public function __construct(
         protected ?AnyURIValue $source = null,
         array $namespacedAttributes = [],
     ) {
+        Assert::lessThanEq($content->count(), C::UNBOUNDED_LIMIT);
         $this->setAttributesNS($namespacedAttributes);
     }
 
diff --git a/src/XMLSchema/XML/xs/Redefine.php b/src/XMLSchema/XML/xs/Redefine.php
@@ -42,6 +42,7 @@ public function __construct(
         protected array $redefineElements = [],
         array $namespacedAttributes = [],
     ) {
+        Assert::maxCount($redefineElements, C::UNBOUNDED_LIMIT);
         Assert::allIsInstanceOfAny(
             $redefineElements,
             [RedefinableInterface::class, Annotation::class],
diff --git a/src/XMLSchema/XML/xs/Schema.php b/src/XMLSchema/XML/xs/Schema.php
@@ -77,11 +77,14 @@ public function __construct(
         protected ?XMLAttribute $lang = null,
         array $namespacedAttributes = [],
     ) {
+        Assert::maxCount($topLevelElements, C::UNBOUNDED_LIMIT);
         Assert::allIsInstanceOfAny(
             $topLevelElements,
             [XsInclude::class, Import::class, Redefine::class, Annotation::class],
             SchemaViolationException::class,
         );
+
+        Assert::maxCount($schemaTopElements, C::UNBOUNDED_LIMIT);
         Assert::allIsInstanceOfAny(
             $schemaTopElements,
             [
diff --git a/src/XMLSchema/XML/xs/Union.php b/src/XMLSchema/XML/xs/Union.php
@@ -6,6 +6,7 @@
 
 use DOMElement;
 use SimpleSAML\XML\Assert\Assert;
+use SimpleSAML\XML\Constants as C;
 use SimpleSAML\XML\{SchemaValidatableElementInterface, SchemaValidatableElementTrait};
 use SimpleSAML\XMLSchema\Exception\{
     InvalidDOMElementException,
@@ -55,6 +56,7 @@ public function __construct(
         Assert::allIsInstanceOf($simpleType, LocalSimpleType::class, SchemaViolationException::class);
         Assert::allIsInstanceOf($memberTypes, QNameValue::class, SchemaViolationException::class);
 
+        Assert::maxCount($memberTypes, C::UNBOUNDED_LIMIT);
         if (empty($memberTypes)) {
             Assert::minCount($simpleType, 1, MissingElementException::class);
         }

Original file line number	Diff line number	Diff line change
`@@ -53,6 +53,7 @@ final public function __construct(`
`53`	`53`	`protected ?AnyURIValue $source = null,`
`54`	`54`	`array $namespacedAttributes = [],`
`55`	`55`	`) {`
	`56`	`+ Assert::lessThanEq($content->count(), C::UNBOUNDED_LIMIT);`
`56`	`57`	`$this->setAttributesNS($namespacedAttributes);`
`57`	`58`	`}`
`58`	`59`