include::../description.adoc[]

== Noncompliant Code Example

[source,python]
----
from flask import request
import ldap

@app.route("/user")
def user():
    dn =  request.args['dn']
    username =  request.args['username']

    search_filter = "(&(objectClass=*)(uid="+username+"))"
    ldap_connection = ldap.initialize("ldap://127.0.0.1:389")
    user = ldap_connection.search_s(dn, ldap.SCOPE_SUBTREE, search_filter) # Noncompliant
    return user[0]
----

== Compliant Solution

[source,python]
----
from flask import request
import ldap
import ldap.filter
import ldap.dn

@app.route("/user")
def user():
    dn = "dc=%s" % ldap.dn.escape_dn_chars(request.args['dc']) # Escape distinguished names special characters 
    username = ldap.filter.escape_filter_chars(request.args['username']) # Escape search filters special characters 

    search_filter = "(&(objectClass=*)(uid="+username+"))"
    ldap_connection = ldap.initialize("ldap://127.0.0.1:389")
    user = ldap_connection.search_s(dn, ldap.SCOPE_SUBTREE, search_filter) # Compliant
    return user[0]
----

include::../see.adoc[]

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

'''
== Comments And Links
(visible only on this page)

include::../comments-and-links.adoc[]
endif::env-github,rspecator-view[]