Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2025-02-15 03:11:50 +01:00
Code Issues Projects Releases Wiki Activity

Call EscapeFilter for filter to avoid security issue

Browse Source
This commit is contained in:
stonezdj 2017-12-26 15:34:14 +08:00
parent 027fa72df7
commit 9f99d0400c
2 changed files with 1 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/common/utils/ldap/ldap.go
View File

@ -353,7 +353,7 @@ func (session *Session) createUserFilter(username string) string {
if username == "" {
filterTag = "*"
} else {
filterTag = username
filterTag = goldap.EscapeFilter(username)
}
ldapFilter := session.ldapConfig.LdapFilter

7
src/ui/auth/ldap/ldap.go
View File

@ -28,8 +28,6 @@ import (
// Auth implements AuthenticateHelper interface to authenticate against LDAP
type Auth struct{}
const metaChars = "&|!=~*<>()"
// Authenticate checks user's credential against LDAP based on basedn template and LDAP URL,
// if the check is successful a dummy record will be inserted into DB, such that this user can
// be associated to other entities in the system.
@ -40,11 +38,6 @@ func (l *Auth) Authenticate(m models.AuthModel) (*models.User, error) {
log.Debugf("LDAP authentication failed for empty user id.")
return nil, nil
}
for _, c := range metaChars {
if strings.ContainsRune(p, c) {
return nil, fmt.Errorf("the principal contains meta char: %q", c)
}
}
ldapSession, err := ldapUtils.LoadSystemLdapConfig()