-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathLdapInjectionApache.java
More file actions
22 lines (18 loc) · 1004 Bytes
/
LdapInjectionApache.java
File metadata and controls
22 lines (18 loc) · 1004 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
import org.apache.directory.ldap.client.api.LdapConnection;
import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.api.ldap.model.name.Rdn;
import org.apache.directory.api.ldap.model.message.SearchRequest;
import org.apache.directory.api.ldap.model.message.SearchRequestImpl;
import static org.apache.directory.ldap.client.api.search.FilterBuilder.equal;
public void ldapQueryGood(HttpServletRequest request, LdapConnection c) {
String organizationName = request.getParameter("organization_name");
String username = request.getParameter("username");
// GOOD: Organization name is encoded before being used in DN
Dn safeDn = new Dn(new Rdn("OU", "People"), new Rdn("O", organizationName));
// GOOD: User input is encoded before being used in search filter
String safeFilter = equal("username", username);
SearchRequest searchRequest = new SearchRequestImpl();
searchRequest.setBase(safeDn);
searchRequest.setFilter(safeFilter);
c.search(searchRequest);
}