Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
The product constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended LDAP query.
If user input is incorporated into an LDAP query without proper sanitization, an attacker can inject LDAP commands that could read or modify sensitive directory information.
इस भेद्यता को कैसे ठीक करें
3 Shoulder डिटेक्शन नियमों पर आधारित LDAP Injection के लिए रोकथाम रणनीतियाँ।
Use ldap.EscapeFilter to sanitize user input in LDAP queries
package main import ( "fmt" "net/http" "github.com/go-ldap/ldap/v3" ) func handler(w http.ResponseWriter, r *http.Request) { username := r.FormValue("username") - // Vulnerable: user input in LDAP filter - filter := fmt.Sprintf("(&(uid=%s)(objectClass=person))", username) + // Safe: escape special LDAP filter characters + escaped := ldap.EscapeFilter(username) + filter := fmt.Sprintf("(&(uid=%s)(objectClass=person))", escaped) searchRequest := ldap.NewSearchRequest( "dc=example,dc=com", ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, filter, []string{"dn", "cn"}, nil, ) result, _ := conn.Search(searchRequest) }
Escape LDAP special characters in user input before constructing LDAP queries
const express = require('express'); const ldap = require('ldapjs'); const app = express(); - app.post('/login', (req, res) => { - const username = req.body.username; + function escapeLDAP(str) { + return str.replace(/[\\*()\\x00]/g, c => + '\\' + c.charCodeAt(0).toString(16).padStart(2, '0')); + } + + app.post('/login', (req, res) => { + const username = escapeLDAP(req.body.username); const filter = `(&(uid=${username})(objectClass=person))`; client.search('dc=example,dc=com', { filter }, (err, result) => { res.json(result); }); });
Escape LDAP special characters using escape_filter_chars() before constructing filters
import ldap - from flask import request - - @app.route('/search') - def search(): - username = request.args.get('username') - conn = ldap.initialize('ldap://localhost') - filter_str = f"(uid={username})" + from ldap.filter import escape_filter_chars + from flask import request + + @app.route('/search') + def search(): + username = request.args.get('username', '') + safe_username = escape_filter_chars(username) + conn = ldap.initialize('ldap://localhost') + filter_str = f"(uid={safe_username})" results = conn.search_s('dc=example,dc=com', ldap.SCOPE_SUBTREE, filter_str) return str(results)
अपने कोड में भेद्यताएँ खोजें
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') पैटर्न के लिए अपने कोडबेस को स्कैन करने के लिए Shoulder का उपयोग करें। 3 नियम.
# Scan with Shoulder CLI npx @shoulderdev/cli trust --cwe=90 # Or scan entire project npx @shoulderdev/cli trust .
पहचान नियम (3)
कोड समीक्षा में किन बातों पर ध्यान दें
ये पैटर्न संभावित Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') भेद्यताओं का संकेत देते हैं। कोड समीक्षा और सुरक्षा ऑडिट के दौरान इन्हें देखें।
अपने कोडबेस को इसके लिए स्कैन करें: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
Shoulder CLI आपके पूरे कोडबेस में भेद्य पैटर्न खोजता है।