Skip to content

Fix/filter username input #22

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ulyssefontainecagip wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Fix/filter username input #22

ulyssefontainecagip wants to merge 1 commit into from

Conversation

@ulyssefontainecagip
Copy link

@ulyssefontainecagip ulyssefontainecagip commented Mar 29, 2023

No description provided.

@ulyssefontainecagip ulyssefontainecagip force-pushed the fix/filter_username_input branch from d1f19b0 to c8e3f85 Compare March 29, 2023 12:30
evrardjp
evrardjp approved these changes Apr 13, 2023
View reviewed changes
Copy link
Contributor

@evrardjp evrardjp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't test this myself, but the tests do make sense.

evrardjp
evrardjp requested changes Apr 13, 2023
View reviewed changes
Copy link
Contributor

@evrardjp evrardjp left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Edit: Can you squash the CI changes into a different PR, and keep this PR clean to contain only the change, please?

@ulyssefontainecagip ulyssefontainecagip force-pushed the fix/filter_username_input branch from c8e3f85 to 867c9dc Compare April 28, 2023 14:01
@ulyssefontainecagip
Copy link
Author

ulyssefontainecagip commented Apr 28, 2023

CI changes was moved to PR #25 👍

@evrardjp
Copy link
Contributor

evrardjp commented Oct 24, 2024

@zkonak can you check why this is pending?

@evrardjp-cagip
fix(api): filter username input on ldap query
71826e8 
Without this, it is possible to do an ldap query injection.
This is a problem as it is a possible vulnerability issue.
However, it is very unlikely to arrive to real case exploitation,
as the input is admin given.

This fixes it by ensuring filtering with a regexp and adding the
appropriate tests (here done with fuzzing).

Co-Authored-By: Jean-Philippe Evrard <jean-philippe.evrard-prestataire@ca-gip.fr>
@evrardjp-cagip evrardjp-cagip force-pushed the fix/filter_username_input branch from 867c9dc to 71826e8 Compare December 17, 2024 16:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@evrardjp evrardjp evrardjp requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ulyssefontainecagip @evrardjp