Sailaja Polavarapu created RANGER-2006: ------------------------------------------
Summary: Fix problems detected by static code analysis in ranger usersync for ldap sync source Key: RANGER-2006 URL: https://issues.apache.org/jira/browse/RANGER-2006 Project: Ranger Issue Type: Bug Components: Ranger, usersync Affects Versions: 0.7.1 Reporter: Sailaja Polavarapu Fix For: master 1. *Overview* : The method goUpGroupHierarchyLdap() invokes a dynamically generated LDAP filter with unvalidated input, which could allow an attacker to modify the statement's meaning. In the file LdapDeltaUserGroupBuilder.java similar issues were on line numbers 913 *Comments* : need to verify the search() parameters for validation 2. *Overview* : The method goUpGroupHierarchyLdap() invokes a dynamically generated LDAP filter with unvalidated input, which could allow an attacker to modify the statement's meaning. In the file LdapUserGroupBuilder.java similar issues were on line numbers 818 *Comments* : need to verify the search() parameters for validation -- This message was sent by Atlassian JIRA (v7.6.3#76005)