Skip to content

Escape user inputs and DN in LDAP search filters#65

Merged
rezib merged 2 commits intomainfrom
pr/fix-63
Dec 22, 2025
Merged

Escape user inputs and DN in LDAP search filters#65
rezib merged 2 commits intomainfrom
pr/fix-63

Conversation

@rezib
Copy link
Contributor

@rezib rezib commented Dec 22, 2025

fix #63

rezib added 2 commits December 22, 2025 11:26
@rezib
fix(auth): LDAP filter escaping for user inputs
cd5f4fa 
Escape user-provided values in LDAP search filters using
ldap.filter.escape_filter_chars() to prevent LDAP injection
attacks and support input values with parenthesis. Applied escaping to:
- user parameter in _lookup_user_dn method
- user_name and user_dn parameters in _get_groups method

fix #63
@rezib
tests(auth): cover ldap escaped inputs
02e2a9c
@rezib rezib added this to the v1.7.0 milestone Dec 22, 2025
@rezib rezib self-assigned this Dec 22, 2025
@rezib rezib merged commit 8501867 into main Dec 22, 2025
18 checks passed
@rezib rezib deleted the pr/fix-63 branch December 22, 2025 10:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@rezib rezib

Labels

None yet

Projects

None yet

Milestone

v1.7.0

Development

Successfully merging this pull request may close these issues.

Escape LDAP filters

1 participant

@rezib