apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-06 19:35:13 +02:00
Code Issues Projects Releases Packages Wiki Activity
nyx/tests/fixtures/ldap_injection/javascript/safe_ldap_search.js
Eli Peter 7d0e7320e2
new capacity bits (#67)
2026-05-07 01:29:31 -04:00

16 lines
635 B
JavaScript
Raw Blame History

// Safe: ldap-escape's `filter` helper escapes the user-controlled substring
// before it lands in the filter expression. Mirrors the unsafe sibling's
// bound-variable shape so only the sanitiser introduction differs.
const ldap = require('ldapjs');
const ldapEscape = require('ldap-escape');
const client = ldap.createClient({ url: 'ldap://example.com' });
function lookup(req, res) {
const user = req.query.user;
const safe = ldapEscape(user);
const filter = '(uid=' + safe + ')';
client.search('ou=people,dc=example,dc=com', { filter: filter }, (err) => { res.json({ ok: !err }); });
}
module.exports = lookup;
Reference in a new issue View git blame Copy permalink