Log error in LDAP input sanitizer to help with troubleshooting.

This commit is contained in:
Clement Michaud 2019-02-09 23:50:57 +01:00
parent b118ac5516
commit cc8cb36e04
4 changed files with 19 additions and 8 deletions

View File

@ -1,6 +1,7 @@
import BluebirdPromise = require("bluebird");
import { SessionStub } from "./SessionStub.spec";
import { SafeSession } from "./SafeSession";
import Winston = require("winston");
describe("ldap/SanitizedClient", function () {
let client: SafeSession;
@ -11,7 +12,7 @@ describe("ldap/SanitizedClient", function () {
clientStub.searchGroupsStub.onCall(0).returns(BluebirdPromise.resolve());
clientStub.searchEmailsStub.onCall(0).returns(BluebirdPromise.resolve());
clientStub.modifyPasswordStub.onCall(0).returns(BluebirdPromise.resolve());
client = new SafeSession(clientStub);
client = new SafeSession(clientStub, Winston);
});
describe("special chars are used", function () {
@ -73,4 +74,4 @@ describe("ldap/SanitizedClient", function () {
return client.modifyPassword("dummy_user", "abc");
});
});
});
});

View File

@ -1,15 +1,18 @@
import BluebirdPromise = require("bluebird");
import { ISession } from "./ISession";
import { Sanitizer } from "./Sanitizer";
import { Winston } from "../../../../../types/Dependencies";
const SPECIAL_CHAR_USED_MESSAGE = "Special character used in LDAP query.";
export class SafeSession implements ISession {
private sesion: ISession;
private logger: Winston;
constructor(sesion: ISession) {
constructor(sesion: ISession, logger: Winston) {
this.sesion = sesion;
this.logger = logger;
}
open(): BluebirdPromise<void> {
@ -26,6 +29,7 @@ export class SafeSession implements ISession {
return this.sesion.searchGroups(sanitizedUsername);
}
catch (e) {
this.logger.error("Error with input " + username + ". Cause:" + e);
return BluebirdPromise.reject(new Error(SPECIAL_CHAR_USED_MESSAGE));
}
}
@ -36,6 +40,7 @@ export class SafeSession implements ISession {
return this.sesion.searchUserDn(sanitizedUsername);
}
catch (e) {
this.logger.error("Error with input " + username + ". Cause:" + e);
return BluebirdPromise.reject(new Error(SPECIAL_CHAR_USED_MESSAGE));
}
}
@ -46,6 +51,7 @@ export class SafeSession implements ISession {
return this.sesion.searchEmails(sanitizedUsername);
}
catch (e) {
this.logger.error("Error with input " + username + ". Cause:" + e);
return BluebirdPromise.reject(new Error(SPECIAL_CHAR_USED_MESSAGE));
}
}
@ -56,6 +62,7 @@ export class SafeSession implements ISession {
return this.sesion.modifyPassword(sanitizedUsername, newPassword);
}
catch (e) {
this.logger.error("Error with input " + username + ". Cause:" + e);
return BluebirdPromise.reject(new Error(SPECIAL_CHAR_USED_MESSAGE));
}
}

View File

@ -14,12 +14,14 @@ function containsOneOf(s: string, characters: string[]) {
export class Sanitizer {
static sanitize(input: string): string {
const forbiddenChars = [",", "\\", "'", "#", "+", "<", ">", ";", "\"", "="];
if (containsOneOf(input, forbiddenChars))
if (containsOneOf(input, forbiddenChars)) {
throw new Error("Input containing unsafe characters.");
}
if (input != input.trim())
if (input != input.trim()) {
throw new Error("Input has unexpected spaces.");
}
return input;
}
}
}

View File

@ -31,7 +31,8 @@ export class SessionFactory implements ISessionFactory {
this.config,
connector,
this.logger
)
),
this.logger
);
}
}
}