베타 Shoulder는 베타 버전입니다 — 결과가 가끔 잘못될 수 있습니다. 여러분의 피드백이 다음에 무엇을 고칠지 결정합니다. 피드백 공유
Shoulder.dev

개발자를 위한 위협 인텔리전스
📇

Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

🛡️ 3 개의 규칙이 이를 탐지합니다

Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

The product constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended LDAP query.

If user input is incorporated into an LDAP query without proper sanitization, an attacker can inject LDAP commands that could read or modify sensitive directory information.

보급률
높음
자주 악용됨
영향
높음
3개의 높은 심각도 규칙
예방
문서화됨
3개의 수정 예시
2 예방
2 예방

이 취약점을 수정하는 방법

3개의 Shoulder 탐지 규칙을 기반으로 한 LDAP Injection 예방 전략.

🐹 Go 모두 보기 Go 자세히 →
LDAP Injection HIGH

Use ldap.EscapeFilter to sanitize user input in LDAP queries

+3 -2 go 
  package main
  
  import (
      "fmt"
      "net/http"
      "github.com/go-ldap/ldap/v3"
  )
  
  func handler(w http.ResponseWriter, r *http.Request) {
      username := r.FormValue("username")
-     // Vulnerable: user input in LDAP filter
-     filter := fmt.Sprintf("(&(uid=%s)(objectClass=person))", username)
+     // Safe: escape special LDAP filter characters
+     escaped := ldap.EscapeFilter(username)
+     filter := fmt.Sprintf("(&(uid=%s)(objectClass=person))", escaped)
      searchRequest := ldap.NewSearchRequest(
          "dc=example,dc=com",
          ldap.ScopeWholeSubtree, ldap.NeverDerefAliases,
          0, 0, false, filter, []string{"dn", "cn"}, nil,
      )
      result, _ := conn.Search(searchRequest)
  }
🟨 JavaScript 모두 보기 JavaScript 자세히 →
LDAP Injection HIGH

Escape LDAP special characters in user input before constructing LDAP queries

+7 -2 javascript 
  const express = require('express');
  const ldap = require('ldapjs');
  const app = express();
  
- app.post('/login', (req, res) => {
-   const username = req.body.username;
+ function escapeLDAP(str) {
+   return str.replace(/[\\*()\\x00]/g, c =>
+     '\\' + c.charCodeAt(0).toString(16).padStart(2, '0'));
+ }
+ 
+ app.post('/login', (req, res) => {
+   const username = escapeLDAP(req.body.username);
    const filter = `(&(uid=${username})(objectClass=person))`;
    client.search('dc=example,dc=com', { filter }, (err, result) => {
      res.json(result);
    });
  });
🐍 Python 모두 보기 Python 자세히 →
LDAP Injection HIGH

Escape LDAP special characters using escape_filter_chars() before constructing filters

+9 -7 python 
  import ldap
- from flask import request
- 
- @app.route('/search')
- def search():
-     username = request.args.get('username')
-     conn = ldap.initialize('ldap://localhost')
-     filter_str = f"(uid={username})"
+ from ldap.filter import escape_filter_chars
+ from flask import request
+ 
+ @app.route('/search')
+ def search():
+     username = request.args.get('username', '')
+     safe_username = escape_filter_chars(username)
+     conn = ldap.initialize('ldap://localhost')
+     filter_str = f"(uid={safe_username})"
      results = conn.search_s('dc=example,dc=com', ldap.SCOPE_SUBTREE, filter_str)
      return str(results)
3 탐지
3 탐지

코드에서 취약점 찾기

Shoulder를 사용하여 코드에서 Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') 패턴을 스캔하세요. 3 규칙.

터미널
# Scan with Shoulder CLI
npx @shoulderdev/cli trust --cwe=90

# Or scan entire project
npx @shoulderdev/cli trust .

탐지 규칙 (3)

4 경고 신호
4 경고 신호

코드 리뷰에서 주의할 점

이 패턴은 잠재적인 Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') 취약점을 나타냅니다. 코드 리뷰와 보안 감사 중에 찾아보세요.

🟠
user input flowing to LDAP queries without proper escaping go-ldap-injection
🟠
LDAP queries constructed with unsanitized user input python-ldap-injection
🔍

코드베이스를 스캔하세요: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

Shoulder CLI는 전체 코드베이스에서 취약한 패턴을 찾아냅니다.

npx shoulder trust 모든 규칙 보기