Sailaja Polavarapu created RANGER-2006:
------------------------------------------
Summary: Fix problems detected by static code analysis in ranger
usersync for ldap sync source
Key: RANGER-2006
URL: https://issues.apache.org/jira/browse/RANGER-2006
Project: Ranger
Issue Type: Bug
Components: Ranger, usersync
Affects Versions: 0.7.1
Reporter: Sailaja Polavarapu
Fix For: master
1. *Overview* : The method goUpGroupHierarchyLdap() invokes a dynamically
generated LDAP filter with unvalidated input, which could allow an attacker to
modify the statement's meaning.
In the file LdapDeltaUserGroupBuilder.java similar issues were on line numbers
913
*Comments* : need to verify the search() parameters for validation
2. *Overview* : The method goUpGroupHierarchyLdap() invokes a dynamically
generated LDAP filter with unvalidated input, which could allow an attacker to
modify the statement's meaning.
In the file LdapUserGroupBuilder.java similar issues were on line numbers 818
*Comments* : need to verify the search() parameters for validation
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
