このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
ID: csharp-security/ldap-injection
Language: C#
Severity: Warning
Category: Security
Description
Unvalidated user inputs may lead to LDAP injection. Always escape characters in your LDAP queries. Do not build LDAP queries manually.
Learn More
Non-Compliant Code Examples
public class MyController : Controller
{
public bool userExists(string user, string pass)
{
DirectoryEntry directory = new DirectoryEntry();
DirectorySearcher directorySearch = new DirectorySearcher(directory);
directorySearch.Filter = "(&(uid=" + user + ")(userPassword=" + pass + "))";
return directorySearch.FindOne() != null;
}
}
Seamless integrations. Try Datadog Code Analysis
