apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-12 19:55:14 +02:00
Code Issues Projects Releases Packages Wiki Activity

new capacity bits (#67)

Browse source
This commit is contained in:
Eli Peter 2026-05-07 01:29:31 -04:00 committed by GitHub
parent afaffc0df6
commit 7d0e7320e2
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
261 changed files with 10591 additions and 231 deletions
Download patch file Download diff file Expand all files Collapse all files

19
tests/fixtures/ldap_injection/java/SafeLdapSearch.java vendored Normal file
View file

@ -0,0 +1,19 @@
// Safe: the user-supplied substring is run through Spring LDAP's
// LdapEncoder.filterEncode (RFC 4515 escape) before being assembled into the
// filter. The Sanitizer(LDAP_INJECTION) clears the cap and the sink does not
// fire.
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchControls;
import javax.servlet.http.HttpServletRequest;
import org.springframework.ldap.support.LdapEncoder;
public class SafeLdapSearch {
private DirContext ctx;
public Object lookup(HttpServletRequest req) throws Exception {
String user = req.getParameter("user");
String safe = LdapEncoder.filterEncode(user);
String filter = "(uid=" + safe + ")";
return ctx.search("ou=people,dc=example,dc=com", filter, new SearchControls());
}
}