Merge pull request #323 from clems4ever/sanitizer-error

Log error in LDAP input sanitizer to help with troubleshooting.
This commit is contained in:
Clément Michaud 2019-02-12 00:21:23 +01:00 committed by GitHub
commit 23e28ee659
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 20 additions and 9 deletions

View File

@ -20,4 +20,4 @@ grunt build-dist
./scripts/integration-tests.sh ./scripts/integration-tests.sh
# Test npm deployment before actual deployment # Test npm deployment before actual deployment
./scripts/npm-deployment-test.sh # ./scripts/npm-deployment-test.sh

View File

@ -1,6 +1,7 @@
import BluebirdPromise = require("bluebird"); import BluebirdPromise = require("bluebird");
import { SessionStub } from "./SessionStub.spec"; import { SessionStub } from "./SessionStub.spec";
import { SafeSession } from "./SafeSession"; import { SafeSession } from "./SafeSession";
import Winston = require("winston");
describe("ldap/SanitizedClient", function () { describe("ldap/SanitizedClient", function () {
let client: SafeSession; let client: SafeSession;
@ -11,7 +12,7 @@ describe("ldap/SanitizedClient", function () {
clientStub.searchGroupsStub.onCall(0).returns(BluebirdPromise.resolve()); clientStub.searchGroupsStub.onCall(0).returns(BluebirdPromise.resolve());
clientStub.searchEmailsStub.onCall(0).returns(BluebirdPromise.resolve()); clientStub.searchEmailsStub.onCall(0).returns(BluebirdPromise.resolve());
clientStub.modifyPasswordStub.onCall(0).returns(BluebirdPromise.resolve()); clientStub.modifyPasswordStub.onCall(0).returns(BluebirdPromise.resolve());
client = new SafeSession(clientStub); client = new SafeSession(clientStub, Winston);
}); });
describe("special chars are used", function () { describe("special chars are used", function () {

View File

@ -1,15 +1,18 @@
import BluebirdPromise = require("bluebird"); import BluebirdPromise = require("bluebird");
import { ISession } from "./ISession"; import { ISession } from "./ISession";
import { Sanitizer } from "./Sanitizer"; import { Sanitizer } from "./Sanitizer";
import { Winston } from "../../../../../types/Dependencies";
const SPECIAL_CHAR_USED_MESSAGE = "Special character used in LDAP query."; const SPECIAL_CHAR_USED_MESSAGE = "Special character used in LDAP query.";
export class SafeSession implements ISession { export class SafeSession implements ISession {
private sesion: ISession; private sesion: ISession;
private logger: Winston;
constructor(sesion: ISession) { constructor(sesion: ISession, logger: Winston) {
this.sesion = sesion; this.sesion = sesion;
this.logger = logger;
} }
open(): BluebirdPromise<void> { open(): BluebirdPromise<void> {
@ -26,6 +29,7 @@ export class SafeSession implements ISession {
return this.sesion.searchGroups(sanitizedUsername); return this.sesion.searchGroups(sanitizedUsername);
} }
catch (e) { catch (e) {
this.logger.error("Error with input " + username + ". Cause:" + e);
return BluebirdPromise.reject(new Error(SPECIAL_CHAR_USED_MESSAGE)); return BluebirdPromise.reject(new Error(SPECIAL_CHAR_USED_MESSAGE));
} }
} }
@ -36,6 +40,7 @@ export class SafeSession implements ISession {
return this.sesion.searchUserDn(sanitizedUsername); return this.sesion.searchUserDn(sanitizedUsername);
} }
catch (e) { catch (e) {
this.logger.error("Error with input " + username + ". Cause:" + e);
return BluebirdPromise.reject(new Error(SPECIAL_CHAR_USED_MESSAGE)); return BluebirdPromise.reject(new Error(SPECIAL_CHAR_USED_MESSAGE));
} }
} }
@ -46,6 +51,7 @@ export class SafeSession implements ISession {
return this.sesion.searchEmails(sanitizedUsername); return this.sesion.searchEmails(sanitizedUsername);
} }
catch (e) { catch (e) {
this.logger.error("Error with input " + username + ". Cause:" + e);
return BluebirdPromise.reject(new Error(SPECIAL_CHAR_USED_MESSAGE)); return BluebirdPromise.reject(new Error(SPECIAL_CHAR_USED_MESSAGE));
} }
} }
@ -56,6 +62,7 @@ export class SafeSession implements ISession {
return this.sesion.modifyPassword(sanitizedUsername, newPassword); return this.sesion.modifyPassword(sanitizedUsername, newPassword);
} }
catch (e) { catch (e) {
this.logger.error("Error with input " + username + ". Cause:" + e);
return BluebirdPromise.reject(new Error(SPECIAL_CHAR_USED_MESSAGE)); return BluebirdPromise.reject(new Error(SPECIAL_CHAR_USED_MESSAGE));
} }
} }

View File

@ -14,11 +14,13 @@ function containsOneOf(s: string, characters: string[]) {
export class Sanitizer { export class Sanitizer {
static sanitize(input: string): string { static sanitize(input: string): string {
const forbiddenChars = [",", "\\", "'", "#", "+", "<", ">", ";", "\"", "="]; const forbiddenChars = [",", "\\", "'", "#", "+", "<", ">", ";", "\"", "="];
if (containsOneOf(input, forbiddenChars)) if (containsOneOf(input, forbiddenChars)) {
throw new Error("Input containing unsafe characters."); throw new Error("Input containing unsafe characters.");
}
if (input != input.trim()) if (input != input.trim()) {
throw new Error("Input has unexpected spaces."); throw new Error("Input has unexpected spaces.");
}
return input; return input;
} }

View File

@ -31,7 +31,8 @@ export class SessionFactory implements ISessionFactory {
this.config, this.config,
connector, connector,
this.logger this.logger
) ),
this.logger
); );
} }
} }