An LDAP query that relies on potentially untrusted inputs might allow attackers to inject unwanted elements into the query. This can allow attackers to read or modify sensitive data, run code, and perform other unwanted actions.
1from flask import app
2
3
4@app.route('/getUsers')
5def get_users_noncompliant():
6 import ldap
7 from flask import request
8 username = request.args['username']
9 filter_string = '(uid=' + username + ')'
10 ldap_conn = ldap.initialize('ldaps://ldap.amazon.com:636')
11 # Noncompliant: user-supplied filter is not sanitized.
12 result = ldap_conn.search_s('o=amazon.com',
13 ldap.SCOPE_SUBTREE,
14 filter_string)
15 return result
1from flask import app
2
3
4@app.route('/getUsers')
5def get_users_compliant(request):
6 import ldap
7 import re
8 from flask import request
9 username = request.args['username']
10 # Compliant: user-supplied filter is checked for allowed characters.
11 filter_string = "(uid=" + re.sub('[!@#$%^&*()_+-=]', '', username) + ")"
12 ldap_conn = ldap.initialize('ldaps://ldap.amazon.com:636')
13 result = ldap_conn.search('o=amazon.com',
14 ldap.SCOPE_SUBTREE,
15 filter_string)
16 return result