Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix/filter username input #22

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Fix/filter username input #22

wants to merge 1 commit into from

Conversation

ulyssefontainecagip
Copy link

No description provided.

@ulyssefontainecagip ulyssefontainecagip force-pushed the fix/filter_username_input branch from d1f19b0 to c8e3f85 Compare March 29, 2023 12:30
evrardjp
evrardjp approved these changes Apr 13, 2023
View reviewed changes
Copy link
Contributor

@evrardjp evrardjp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't test this myself, but the tests do make sense.

evrardjp
evrardjp requested changes Apr 13, 2023
View reviewed changes
Copy link
Contributor

@evrardjp evrardjp left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Edit: Can you squash the CI changes into a different PR, and keep this PR clean to contain only the change, please?

@ulyssefontainecagip ulyssefontainecagip force-pushed the fix/filter_username_input branch from c8e3f85 to 867c9dc Compare April 28, 2023 14:01
@ulyssefontainecagip
Copy link
Author

CI changes was moved to PR #25 👍

@evrardjp
Copy link
Contributor

@zkonak can you check why this is pending?

@evrardjp-cagip
fix(api): filter username input on ldap query
71826e8 
Without this, it is possible to do an ldap query injection.
This is a problem as it is a possible vulnerability issue.
However, it is very unlikely to arrive to real case exploitation,
as the input is admin given.

This fixes it by ensuring filtering with a regexp and adding the
appropriate tests (here done with fuzzing).

Co-Authored-By: Jean-Philippe Evrard <[email protected]>
@evrardjp-cagip evrardjp-cagip force-pushed the fix/filter_username_input branch from 867c9dc to 71826e8 Compare December 17, 2024 16:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@evrardjp evrardjp evrardjp requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ulyssefontainecagip @evrardjp