Dynamic (#77)

2026-06-15 20:05:13 +02:00 · 2026-06-05 10:16:30 -05:00 · 2026-06-05 10:16:30 -05:00 · 991c84a1eb
commit 991c84a1eb
parent 55247b7fcd
1464 changed files with 225448 additions and 1985 deletions
--- a/tests/dynamic_fixtures/ldap_injection/python/benign.py
+++ b/tests/dynamic_fixtures/ldap_injection/python/benign.py
@ -0,0 +1,14 @@
+"""Phase 06 (Track J.4) — Python LDAP_INJECTION benign control fixture.
+
+Same shape as `vuln.py` but routes the attacker-controlled `uid`
+through `ldap.dn.escape_filter_chars`, escaping the wildcard /
+paren breakout so the directory keeps returning at most one entry.
+"""
+import ldap
+import ldap.dn
+
+
+def run(uid: str):
+    con = ldap.initialize("ldap://127.0.0.1")
+    filt = "(uid=" + ldap.dn.escape_filter_chars(uid) + ")"
+    return con.search_s("ou=people,dc=nyx,dc=test", ldap.SCOPE_SUBTREE, filt)
--- a/tests/dynamic_fixtures/ldap_injection/python/vuln.py
+++ b/tests/dynamic_fixtures/ldap_injection/python/vuln.py
@ -0,0 +1,14 @@
+"""Phase 06 (Track J.4) — Python LDAP_INJECTION vuln fixture.
+
+The function string-concatenates the attacker-controlled `uid` into the
+LDAP filter passed to `ldap.search_s`; a payload like `alice*)(uid=*`
+breaks out of the host `(uid=…)` clause and matches every directory
+entry.
+"""
+import ldap
+
+
+def run(uid: str):
+    con = ldap.initialize("ldap://127.0.0.1")
+    filt = "(uid=" + uid + ")"
+    return con.search_s("ou=people,dc=nyx,dc=test", ldap.SCOPE_SUBTREE, filt)