Uploaded image for project: 'Ranger'
  1. Ranger
  2. RANGER-2006

Fix problems detected by static code analysis in ranger usersync for ldap sync source

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 0.7.1
    • Fix Version/s: 1.0.0, master
    • Component/s: Ranger, usersync
    • Labels:
      None

      Description

      1. Overview : The method goUpGroupHierarchyLdap() invokes a dynamically generated LDAP filter with unvalidated input, which could allow an attacker to modify the statement's meaning.
      In the file LdapDeltaUserGroupBuilder.java similar issues were on line numbers 913

      Comments : need to verify the search() parameters for validation
      2. Overview : The method goUpGroupHierarchyLdap() invokes a dynamically generated LDAP filter with unvalidated input, which could allow an attacker to modify the statement's meaning.
      In the file LdapUserGroupBuilder.java similar issues were on line numbers 818

      Comments : need to verify the search() parameters for validation

        Attachments

          Activity

            People

            • Assignee:
              spolavarapu Sailaja Polavarapu
              Reporter:
              spolavarapu Sailaja Polavarapu
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: