nyx/tests/fixtures/ldap_injection/java/SafeLdapSearch.java

// Safe: the user-supplied substring is run through Spring LDAP's
// LdapEncoder.filterEncode (RFC 4515 escape) before being assembled into the
// filter.  The Sanitizer(LDAP_INJECTION) clears the cap and the sink does not
// fire.
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchControls;
import javax.servlet.http.HttpServletRequest;
import org.springframework.ldap.support.LdapEncoder;

public class SafeLdapSearch {
    private DirContext ctx;

    public Object lookup(HttpServletRequest req) throws Exception {
        String user = req.getParameter("user");
        String safe = LdapEncoder.filterEncode(user);
        String filter = "(uid=" + safe + ")";
        return ctx.search("ou=people,dc=example,dc=com", filter, new SearchControls());
    }
}
new capacity bits (#67) 2026-05-07 01:29:31 -04:00			`// Safe: the user-supplied substring is run through Spring LDAP's`
			`// LdapEncoder.filterEncode (RFC 4515 escape) before being assembled into the`
			`// filter. The Sanitizer(LDAP_INJECTION) clears the cap and the sink does not`
			`// fire.`
			`import javax.naming.directory.DirContext;`
			`import javax.naming.directory.SearchControls;`
			`import javax.servlet.http.HttpServletRequest;`
			`import org.springframework.ldap.support.LdapEncoder;`

			`public class SafeLdapSearch {`
			`private DirContext ctx;`

			`public Object lookup(HttpServletRequest req) throws Exception {`
			`String user = req.getParameter("user");`
			`String safe = LdapEncoder.filterEncode(user);`
			`String filter = "(uid=" + safe + ")";`
			`return ctx.search("ou=people,dc=example,dc=com", filter, new SearchControls());`
			`}`
			`}`