Improperly implemented security check for standard

scala.ldap.scala_ldap_rule_entrypoisoning

Severity

high

Resource

Ldap

Language

Scala

Description

Without proper access control, executing an LDAP statement that contains a user-controlled value can allow an attacker to abuse poorly configured LDAP context

Rationale

Without proper access control, executing an LDAP statement that contains a user-controlled value can allow an attacker to abuse poorly configured LDAP context

The following code illustrates a vulnerable pattern detected by this rule:

def unsafe1(): Unit = {
  // VULNERABLE: Improperly implemented security check for standard
  new SearchControls(scope, countLimit, timeLimit, attributes, true, //!! It will flag line 14 ... the beginning of the call
    deref)
}

Remediation

Follow secure coding practices and review the references below for detailed remediation guidance.

Configuration

This detector does not need any configuration.

References

CWE-358
OWASP Top 10 2021 - A03 : Injection.