[
https://issues.apache.org/jira/browse/RANGER-2006?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16399569#comment-16399569
]
Velmurugan Periasamy commented on RANGER-2006:
----------------------------------------------
[~spolavarapu] - +1 for the proposal to revert.
> Fix problems detected by static code analysis in ranger usersync for ldap
> sync source
> -------------------------------------------------------------------------------------
>
> Key: RANGER-2006
> URL: https://issues.apache.org/jira/browse/RANGER-2006
> Project: Ranger
> Issue Type: Bug
> Components: Ranger, usersync
> Affects Versions: 0.7.1
> Reporter: Sailaja Polavarapu
> Assignee: Sailaja Polavarapu
> Priority: Minor
> Fix For: 1.0.0, master
>
>
> 1. *Overview* : The method goUpGroupHierarchyLdap() invokes a dynamically
> generated LDAP filter with unvalidated input, which could allow an attacker
> to modify the statement's meaning.
> In the file LdapDeltaUserGroupBuilder.java similar issues were on line
> numbers 913
> *Comments* : need to verify the search() parameters for validation
> 2. *Overview* : The method goUpGroupHierarchyLdap() invokes a dynamically
> generated LDAP filter with unvalidated input, which could allow an attacker
> to modify the statement's meaning.
> In the file LdapUserGroupBuilder.java similar issues were on line numbers 818
> *Comments* : need to verify the search() parameters for validation
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
