ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S2078/java/rule.adoc
Arseniy Zaostrovnykh cdd7690a79 Export comments and rspec-to-rspec links from jira
2021-06-02 20:44:38 +02:00

46 lines
1.5 KiB
Plaintext
Raw Blame History

include::../description.adoc[]
== Noncompliant Code Example
----
public boolean authenticate(javax.servlet.http.HttpServletRequest request, DirContext ctx) throws NamingException {
String user = request.getParameter("user");
String pass = request.getParameter("pass");
String filter = "(&(uid=" + user + ")(userPassword=" + pass + "))"; // Unsafe
// If the special value "*)(uid=*))(|(uid=*" is passed as user, authentication is bypassed
// Indeed, if it is passed as a user, the filter becomes:
// (&(uid=*)(uid=*))(|(uid=*)(userPassword=...))
// as uid=* match all users, it is equivalent to:
// (|(uid=*)(userPassword=...))
// again, as uid=* match all users, the filter becomes useless
NamingEnumeration<SearchResult> results = ctx.search("ou=system", filter, new SearchControls()); // Noncompliant
return results.hasMore();
}
----
== Compliant Solution
----
public boolean authenticate(javax.servlet.http.HttpServletRequest request, DirContext ctx) throws NamingException {
String user = request.getParameter("user");
String pass = request.getParameter("pass");
String filter = "(&(uid={0})(userPassword={1}))"; // Safe
NamingEnumeration<SearchResult> results = ctx.search("ou=system", filter, new String[]{user, pass}, new SearchControls());
return results.hasMore();
}
----
include::../see.adoc[]
ifdef::rspecator-view[]
== Comments And Links
(visible only on this page)
include::../comments-and-links.adoc[]
endif::rspecator-view[]
Reference in New Issue View Git Blame Copy Permalink