Inject LDAPInjection

Just like SQL, all inputs passed to an LDAP query need to be passed in safely. Unfortunately, LDAP doesn't have prepared statement interfaces like SQL. Therefore, the primary defense against LDAP injection is strong input validation of any untrusted data before including it in an LDAP query.

IndexedPublic repositoryMediumHigh confidenceVerifiedMITscala

greprules fetch gitlab-sast-scala-inject-rule-ldapinjection --engine opengrep

Description

Just like SQL, all inputs passed to an LDAP query need to be passed in safely. Unfortunately, LDAP doesn't have prepared statement interfaces like SQL. Therefore, the primary defense against LDAP injection is strong input validation of any untrusted data before including it in an LDAP query.

Detection target

Not provided

Recommended fix

Not provided

False-positive notes

Not provided

License: MIT
Source context: Public repository
Source: https://gitlab.com/gitlab-org/security-products/sast-rules
Validation status: Verified
Trust signals: 99 downloads
0 direct99 via packs
· 0 stars · Trust score 90How trust works
Included packs: 2 packs

Community feedback

Sign in to report false positives, mark this rule useful, or suggest metadata improvements.

Mark useful Report false positive Suggest metadata