Ensure message is of type AttributeQuery

Author: tvdijen

composer.json

@@ -37,6 +37,7 @@
         "php": "^8.1",
 
         "nyholm/psr7": "~1.8.2",
+        "simplesamlphp/assert": "~1.9.0",
         "simplesamlphp/saml2": "~5.0.3",
         "simplesamlphp/simplesamlphp": "~2.4.0",
         "simplesamlphp/xml-common": "~1.25.0",

src/Controller/AttributeServer.php

@@ -6,6 +6,7 @@
 
 use DateInterval;
 use Nyholm\Psr7\ServerRequest;
+use SimpleSAML\Assert\Assert;
 use SimpleSAML\{Configuration, Error, Logger};
 use SimpleSAML\HTTP\RunnableResponse;
 use SimpleSAML\Metadata\MetaDataStorageHandler;
@@ -27,6 +28,7 @@
 };
 use SimpleSAML\SAML2\XML\samlp\{AttributeQuery, Response, Status, StatusCode};
 use SimpleSAML\Utils;
+use SimpleSAML\XML\Exception\InvalidDOMElementException;
 use SimpleSAML\XML\Utils\Random;
 use SimpleSAML\XMLSecurity\Alg\Signature\SignatureAlgorithmFactory;
 use SimpleSAML\XMLSecurity\Key\PrivateKey;
@@ -83,6 +85,8 @@ public function setMetadataStorageHandler(MetaDataStorageHandler $handler): void
     public function main(/** @scrutinizer ignore-unused */ SOAP $soap, ServerRequest $request): RunnableResponse
     {
         $message = $soap->receive($request);
+        Assert::isInstanceOf($message, AttributeQuery::class, InvalidDOMElement::class);
+
         $idpEntityId = $this->metadataHandler->getMetaDataCurrentEntityID('saml20-idp-hosted');
 
         $issuer = $message->getIssuer();