[RANGER-2006] Fix problems detected by static code analysis in ranger usersync for ldap sync source - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: 0.7.1
Fix Version/s: 1.0.0, master
Component/s: Ranger, usersync
Labels:
None

Description

1. Overview : The method goUpGroupHierarchyLdap() invokes a dynamically generated LDAP filter with unvalidated input, which could allow an attacker to modify the statement's meaning.
In the file LdapDeltaUserGroupBuilder.java similar issues were on line numbers 913

Comments : need to verify the search() parameters for validation
2. Overview : The method goUpGroupHierarchyLdap() invokes a dynamically generated LDAP filter with unvalidated input, which could allow an attacker to modify the statement's meaning.
In the file LdapUserGroupBuilder.java similar issues were on line numbers 818

Comments : need to verify the search() parameters for validation

Attachments

Activity

People

Assignee:: Sailaja Polavarapu

Reporter:: Sailaja Polavarapu

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 02/Mar/18 18:52

Updated:: 14/Mar/18 23:24

Resolved:: 14/Mar/18 23:24