Summary
The transformer's USLM parser sets processEntities: { maxEntityCount: 128 } — an explicit anti-billion-laughs / entity-expansion-DoS control on untrusted upstream XML — but no test exercises the cap. A future refactor of the parser options could silently remove the protection and every existing test would still pass.
Location
packages/transformer/src/parser.ts:19,30-32 — the maxEntityCount: 128 option is the only thing bounding internal-entity expansion. mixed-content.test.ts re-declares the parser config locally only to assert node shape; it never feeds parseUslmXml an entity bomb and asserts the cap fires.
Impact
This is a regression-guard gap, not a live defect — the control works today (confirmed in a 2026-06-29 transformer security review: external entities are off, so XXE is impossible, and the 128-count cap bounds expansion). The risk is purely that a later "simplification" (raising/removing maxEntityCount, dropping the processEntities block, or swapping the parser) silently removes DoS protection, with no failing test to catch it. The exposure only surfaces in production on a malicious/oversized release-point XML.
Fix (test-only)
Add a test that feeds parseUslmXml a <!DOCTYPE> with nested internal entities exceeding 128 expansions and asserts it returns err(...) (or does not expand the payload) rather than parsing/hanging. No production code change required.
Severity
Low (test-hardening / regression guard). Captured per "make issues for problems identified"; safe to batch with other transformer test work.
Summary
The transformer's USLM parser sets
processEntities: { maxEntityCount: 128 }— an explicit anti-billion-laughs / entity-expansion-DoS control on untrusted upstream XML — but no test exercises the cap. A future refactor of the parser options could silently remove the protection and every existing test would still pass.Location
packages/transformer/src/parser.ts:19,30-32— themaxEntityCount: 128option is the only thing bounding internal-entity expansion.mixed-content.test.tsre-declares the parser config locally only to assert node shape; it never feedsparseUslmXmlan entity bomb and asserts the cap fires.Impact
This is a regression-guard gap, not a live defect — the control works today (confirmed in a 2026-06-29 transformer security review: external entities are off, so XXE is impossible, and the 128-count cap bounds expansion). The risk is purely that a later "simplification" (raising/removing
maxEntityCount, dropping theprocessEntitiesblock, or swapping the parser) silently removes DoS protection, with no failing test to catch it. The exposure only surfaces in production on a malicious/oversized release-point XML.Fix (test-only)
Add a test that feeds
parseUslmXmla<!DOCTYPE>with nested internal entities exceeding 128 expansions and asserts it returnserr(...)(or does not expand the payload) rather than parsing/hanging. No production code change required.Severity
Low (test-hardening / regression guard). Captured per "make issues for problems identified"; safe to batch with other transformer test work.