zeppelin icon indicating copy to clipboard operation
zeppelin copied to clipboard

Published 20 hours ago verified publisher icon apache

[HOTFIX] Escape Ldap search filters

Open jongyoul opened this issue 1 year ago • 3 comments

What is this PR for?

Escaping Ldap filters to mitigate un-intended behaviors

What type of PR is it?

Hot Fix

Todos

  • [x] - Add filters based on https://github.com/apache/tomcat/blob/main/java/org/apache/catalina/realm/JNDIRealm.java#L2921

What is the Jira issue?

N/A

How should this be tested?

  • CI should be green

Screenshots (if appropriate)

Questions:

  • Does the license files need to update? No
  • Is there breaking changes for older versions? No
  • Does this needs documentation? No

jongyoul avatar Feb 17 '24 14:02 jongyoul

Is there no ready-made implementation, e.g. in Java or in the Shiro project?

Reamer avatar Feb 19 '24 08:02 Reamer

After you commented, I tried to find related code in javax.security and shiro. I, however, couldn't find a similar one.

jongyoul avatar Feb 19 '24 08:02 jongyoul

ping @zjffdu @Reamer @huage1994

FYI, it's a kind of potential security issue so please review it if you have time.

jongyoul avatar Feb 24 '24 14:02 jongyoul