Merge pull request #323 from clems4ever/sanitizer-error

Log error in LDAP input sanitizer to help with troubleshooting.
This commit is contained in:
Clément Michaud 2019-02-12 00:21:23 +01:00 committed by GitHub
commit 23e28ee659
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 20 additions and 9 deletions

View File

@ -20,4 +20,4 @@ grunt build-dist
./scripts/integration-tests.sh
# Test npm deployment before actual deployment
./scripts/npm-deployment-test.sh
# ./scripts/npm-deployment-test.sh

View File

@ -1,6 +1,7 @@
import BluebirdPromise = require("bluebird");
import { SessionStub } from "./SessionStub.spec";
import { SafeSession } from "./SafeSession";
import Winston = require("winston");
describe("ldap/SanitizedClient", function () {
let client: SafeSession;
@ -11,7 +12,7 @@ describe("ldap/SanitizedClient", function () {
clientStub.searchGroupsStub.onCall(0).returns(BluebirdPromise.resolve());
clientStub.searchEmailsStub.onCall(0).returns(BluebirdPromise.resolve());
clientStub.modifyPasswordStub.onCall(0).returns(BluebirdPromise.resolve());
client = new SafeSession(clientStub);
client = new SafeSession(clientStub, Winston);
});
describe("special chars are used", function () {

View File

@ -1,15 +1,18 @@
import BluebirdPromise = require("bluebird");
import { ISession } from "./ISession";
import { Sanitizer } from "./Sanitizer";
import { Winston } from "../../../../../types/Dependencies";
const SPECIAL_CHAR_USED_MESSAGE = "Special character used in LDAP query.";
export class SafeSession implements ISession {
private sesion: ISession;
private logger: Winston;
constructor(sesion: ISession) {
constructor(sesion: ISession, logger: Winston) {
this.sesion = sesion;
this.logger = logger;
}
open(): BluebirdPromise<void> {
@ -26,6 +29,7 @@ export class SafeSession implements ISession {
return this.sesion.searchGroups(sanitizedUsername);
}
catch (e) {
this.logger.error("Error with input " + username + ". Cause:" + e);
return BluebirdPromise.reject(new Error(SPECIAL_CHAR_USED_MESSAGE));
}
}
@ -36,6 +40,7 @@ export class SafeSession implements ISession {
return this.sesion.searchUserDn(sanitizedUsername);
}
catch (e) {
this.logger.error("Error with input " + username + ". Cause:" + e);
return BluebirdPromise.reject(new Error(SPECIAL_CHAR_USED_MESSAGE));
}
}
@ -46,6 +51,7 @@ export class SafeSession implements ISession {
return this.sesion.searchEmails(sanitizedUsername);
}
catch (e) {
this.logger.error("Error with input " + username + ". Cause:" + e);
return BluebirdPromise.reject(new Error(SPECIAL_CHAR_USED_MESSAGE));
}
}
@ -56,6 +62,7 @@ export class SafeSession implements ISession {
return this.sesion.modifyPassword(sanitizedUsername, newPassword);
}
catch (e) {
this.logger.error("Error with input " + username + ". Cause:" + e);
return BluebirdPromise.reject(new Error(SPECIAL_CHAR_USED_MESSAGE));
}
}

View File

@ -14,11 +14,13 @@ function containsOneOf(s: string, characters: string[]) {
export class Sanitizer {
static sanitize(input: string): string {
const forbiddenChars = [",", "\\", "'", "#", "+", "<", ">", ";", "\"", "="];
if (containsOneOf(input, forbiddenChars))
if (containsOneOf(input, forbiddenChars)) {
throw new Error("Input containing unsafe characters.");
}
if (input != input.trim())
if (input != input.trim()) {
throw new Error("Input has unexpected spaces.");
}
return input;
}

View File

@ -31,7 +31,8 @@ export class SessionFactory implements ISessionFactory {
this.config,
connector,
this.logger
)
),
this.logger
);
}
}