limit transforms for signed node

node-saml · May 19, 2021 · 80e6fd6 · 80e6fd6
1 parent 683f767
commit 80e6fd6
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/src/node-saml/saml.ts b/src/node-saml/saml.ts
@@ -710,6 +710,19 @@ class SAML {
     if (signatures.length !== 1) {
       return false;
     }
+    const xpathTransformQuery =
+      ".//*[" +
+      "local-name(.)='Transform' and " +
+      "namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#' and " +
+      "ancestor::*[local-name(.)='Reference' and @URI='#" +
+      currentNode.getAttribute("ID") +
+      "']" +
+      "]";
+    const transforms = xpath.selectElements(currentNode, xpathTransformQuery);
+    // Reject also XMLDSIG with more than 2 Transform
+    if (transforms.length > 2) {
+      return false;
+    }
 
     const signature = signatures[0];
     return certs.some((certToCheck) => {