gitlab.security_code_scan.SCS0026-1.SCS0031-1

unknown

Download Count*

License

The software constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended LDAP query when it is sent to a downstream component.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: security_code_scan.SCS0026-1.SCS0031-1
    patterns:
      - pattern-either:
          - patterns:
              - pattern: (DirectorySearcher $SOURCE).Filter = ...
              - pattern-not: (DirectorySearcher $SOURCE).Filter = "..."
          - patterns:
              - pattern: (DirectorySearcher $SOURCE).Path = ...
              - pattern-not: (DirectorySearcher $SOURCE).Path = "..."
    message: |
      The software constructs all or part of an LDAP query using
      externally-influenced input from an upstream component, but it does not
      neutralize or incorrectly neutralizes special elements that could modify
      the intended LDAP query when it is sent to a downstream component.
    languages:
      - csharp
    severity: WARNING
    metadata:
      category: security
      cwe: "CWE-90: Improper Neutralization of Special Elements used in an LDAP Query
        (‘LDAP Injection’)"
      license: MIT

Short Link: https://sg.run/0ZWj