hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update java/ql/src/Security/CWE/CWE-90/LdapInjection.qhelp

Browse Source 
Co-Authored-By: Felicity Chapman <felicitymay@github.com>
This commit is contained in:
ggolawski
2020-01-29 20:05:20 +01:00
committed by GitHub
parent bbcfbd7a28
commit ebd2b932e8
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/src/Security/CWE/CWE-90/LdapInjection.qhelp
View File

@@ -14,7 +14,7 @@ avoid a malicious user providing special characters that change the meaning
of the query. If possible build the LDAP query using framework helper methods, for example
from Spring's <code>LdapQueryBuilder</code> and <code>LdapNameBuilder</code>,
instead of string concatenation. Alternatively, escape user input using an appropriate
LDAP encoding method, for example: <code>encodeForLDAP</code> or </code>encodeForDN</code>
LDAP encoding method, for example: <code>encodeForLDAP</code> or <code>encodeForDN</code>
from OWASP ESAPI, <code>LdapEncoder.filterEncode</code> or <code>LdapEncoder.nameEncode</code>
from Spring LDAP, or <code>Filter.encodeValue</code> from UnboundID library.</p>
</recommendation>