{"id":16772612,"url":"https://github.com/jonlabelle/antildapinjection","last_synced_at":"2025-07-12T04:42:53.231Z","repository":{"id":40250128,"uuid":"334846069","full_name":"jonlabelle/AntiLdapInjection","owner":"jonlabelle","description":"A .NET library that provides protections against LDAP Injection.","archived":false,"fork":false,"pushed_at":"2024-05-04T16:58:56.000Z","size":210,"stargazers_count":6,"open_issues_count":0,"forks_count":2,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-05-04T17:31:53.925Z","etag":null,"topics":["active-directory","csharp","dotnet","ldap","ldap-encoder","ldap-filter","ldap-injection","nuget-package","sanitizer","security"],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jonlabelle.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-02-01T05:56:50.000Z","updated_at":"2024-06-28T01:51:47.139Z","dependencies_parsed_at":"2023-10-01T18:09:20.796Z","dependency_job_id":"c491a4d1-f3a5-4f4e-95dd-a825b3c9720f","html_url":"https://github.com/jonlabelle/AntiLdapInjection","commit_stats":null,"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jonlabelle%2FAntiLdapInjection","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jonlabelle%2FAntiLdapInjection/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jonlabelle%2FAntiLdapInjection/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jonlabelle%2FAntiLdapInjection/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jonlabelle","download_url":"https://codeload.github.com/jonlabelle/AntiLdapInjection/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248284077,"owners_count":21077988,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["active-directory","csharp","dotnet","ldap","ldap-encoder","ldap-filter","ldap-injection","nuget-package","sanitizer","security"],"created_at":"2024-10-13T06:43:22.422Z","updated_at":"2025-04-10T19:52:30.167Z","avatar_url":"https://github.com/jonlabelle.png","language":"C#","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Anti-LDAP Injection\n\n[![nuget package](https://img.shields.io/nuget/dt/AntiLdapInjection?color=blue)](https://www.nuget.org/packages/AntiLdapInjection \"nuget package\")\n[![nuget version](https://img.shields.io/nuget/v/AntiLdapInjection)](https://www.nuget.org/packages/AntiLdapInjection \"nuget version\")\n[![ci build status](https://github.com/jonlabelle/AntiLdapInjection/actions/workflows/ci.yml/badge.svg)](https://github.com/jonlabelle/AntiLdapInjection/actions/workflows/ci.yml \"ci build status\")\n[![cd release status](https://github.com/jonlabelle/AntiLdapInjection/actions/workflows/cd.yml/badge.svg)](https://github.com/jonlabelle/AntiLdapInjection/actions/workflows/cd.yml \"cd release status\")\n\nA .NET library that provides protections against [LDAP Injection](https://owasp.org/www-community/attacks/LDAP_Injection), a type of attack that can manipulate LDAP queries to access unauthorized information or perform unauthorized actions.\n\n\u003e [!NOTE]  \n\u003e Most of the code was extracted from Microsoft's AntiXss library LDAP Encoder, which is no longer maintained.\n\n## Installation\n\nThe latest **AntiLdapInjection** package is available for installation on [NuGet].\n\n### Using dotnet CLI\n\n```bash\ndotnet add package AntiLdapInjection\n```\n\n### Using NuGet Package Manager\n\n```powershell\nInstall-Package AntiLdapInjection\n```\n\nSee [NuGet page] for additional installation options.\n\n## Usage\n\n### FilterEncode\n\n`FilterEncode` encodes input according to [RFC 4515](https://tools.ietf.org/html/rfc4515), where unsafe values are converted to `\\XX` \\(`XX` is the representation of the unsafe character\\).\n\n```csharp\nLdapEncoder.FilterEncode(string filterToEncode)\n```\n\n#### FilterEncode encoding chart\n\n| Character | Encoded |\n| --------- | ------- |\n| `(`       | `\\28`   |\n| `)`       | `\\29`   |\n| `\\`       | `\\5c`   |\n| `*`       | `\\2a`   |\n| `/`       | `\\2f`   |\n| `NUL`     | `\\0`    |\n\n#### FilterEncode examples\n\n##### Opening and closing parenthesis\n\n```csharp\nstring filter = \"Parens R Us (for all your parenthetical needs)\";\nstring encoded = LdapEncoder.FilterEncode(filter);\n\nConsole.WriteLine(encoded); // \"Parens R Us \\28for all your parenthetical needs\\29\"\n```\n\n##### Asterisk in search filter\n\n```csharp\nstring filter = \"*\";\nstring encoded = LdapEncoder.FilterEncode(filter);\n\nConsole.WriteLine(encoded); // \"\\2A\"\n```\n\n##### Backslash in search filter\n\n```csharp\nstring filter = @\"C:\\MyFile\";\nstring encoded = LdapEncoder.FilterEncode(filter);\n\nConsole.WriteLine(encoded); // \"C:\\5CMyFile\"\n```\n\n##### Accents in search filter\n\n```csharp\nstring filter = \"Lučić\";\nstring encoded = LdapEncoder.FilterEncode(filter);\n\nConsole.WriteLine(encoded); // \"Lu\\C4\\8Di\\C4\\87\"\n```\n\n---\n\n### DistinguishedNameEncode\n\n`DistinguishedNameEncode` encodes input according to [RFC 2253](https://www.ietf.org/rfc/rfc2253.txt),\nwhere unsafe characters are converted to `#XX` where `XX` is the representation\nof the unsafe character and the comma, plus, quote, slash, less than and great\nthan signs are escaped using slash notation (`\\X`). In addition to this, a space\nor octothorpe (`#`) at the beginning of the input string is escaped (`\\`), as is\na space at the end of a string.\n\n```csharp\nLdapEncoder.DistinguishedNameEncode(string distinguishedNameToEncode)\n```\n\nYou have the option to turn off initial or final character escaping rules. For\nexample, if you are concatenating an escaped distinguished name fragment into the\nmidst of a complete distinguished name.\n\n```csharp\nLdapEncoder.DistinguishedNameEncode(\n    string distinguishedNameToEncode,\n    bool useInitialCharacterRules,\n    bool useFinalCharacterRule\n)\n```\n\n#### DistinguishedNameEncode encoding chart\n\n| Character | Encoded |\n|-----------|---------|\n| `\u0026`       | `\\\u0026`    |\n| `!`       | `\\!`    |\n| `\\|`      | `\\\\|`   |\n| `=`       | `\\=`    |\n| `\u003c`       | `\\\u003c`    |\n| `\u003e`       | `\\\u003e`    |\n| `,`       | `\\,`    |\n| `+`       | `\\+`    |\n| `-`       | `\\-`    |\n| `\"`       | `\\\"`    |\n| `'`       | `\\'`    |\n| `;`       | `\\;`    |\n\n#### DistinguishedNameEncode examples\n\n##### Distinguished name slash notation\n\n```csharp\nstring dn = @\", + \\ \"\" \\ \u003c \u003e\";\nstring encoded = LdapEncoder.DistinguishedNameEncode(dn);\n\nConsole.WriteLine(encoded); // \"\\, \\+ \\\" \\\\ \\\u003c \\\u003e\"\n```\n\n##### Leading space in distinguished name\n\n```csharp\nstring dn = \" Hello\";\nstring encoded = LdapEncoder.DistinguishedNameEncode(dn);\n\nConsole.WriteLine(encoded); // \"\\ Hello\"\n```\n\n##### Trailing space in distinguished name\n\n```csharp\nstring dn = \"Hello \";\nstring encoded = LdapEncoder.DistinguishedNameEncode(dn);\n\nConsole.WriteLine(encoded); // \"Hello\\ \"\n```\n\n##### Octothorpe character in distinguished name\n\n```csharp\nstring dn = \"#Hello\";\nstring encoded = LdapEncoder.DistinguishedNameEncode(dn);\n\nConsole.WriteLine(encoded); // \"\\#Hello\"\n```\n\n##### Accents in distinguished name\n\n```csharp\nstring dn = \"Lučić\";\nstring encoded = LdapEncoder.DistinguishedNameEncode(dn);\n\nConsole.WriteLine(encoded); // \"Lu#C4#8Di#C4#87\"\n```\n\n## LDAP injection resources\n\n- [OWASP: LDAP Injection Prevention Cheat Sheet](https://www.owasp.org/index.php/LDAP_injection)\n- [OWASP: Testing for LDAP Injection](https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/07-Input_Validation_Testing/06-Testing_for_LDAP_Injection.html)\n- [Microsoft TechNet: Active Directory Characters to Escape](https://social.technet.microsoft.com/wiki/contents/articles/5312.active-directory-characters-to-escape.aspx)\n- [Web Application Security Consortium: LDAP Injection]\n- [Black Hat: PDF Whitepaper on LDAP Injection and Blind LDAP Injection](https://www.blackhat.com/presentations/bh-europe-08/Alonso-Parada/Whitepaper/bh-eu-08-alonso-parada-WP.pdf)\n- [RFC-1960: A String Representation of LDAP Search Filters](https://www.ietf.org/rfc/rfc1960.html)\n- [IBM Redbooks: Understanding LDAP - Design and Implementation](https://www.redbooks.ibm.com/abstracts/sg244986.html)\n- [CWE: Improper Neutralization of Special Elements used in an LDAP Query \\(LDAP Injection\\)](https://cwe.mitre.org/data/definitions/90.html)\n\n## Similar libraries\n\nSimilar libraries providing protections against LDAP injection, not necessarily\nin .NET.\n\n### Node.js\n\n#### ldap-escape\n\n[ldap-escape](https://github.com/tcort/ldap-escape \"ldap-escape npm page\")\nis an [npm package](https://www.npmjs.com/package/ldap-escape) that provides\ntemplate literal tag functions for LDAP filters and distinguished names to\nprevent LDAP injection attacks.\n\n## Other noteworthy .NET LDAP-related libraries\n\n- **LdapForNet:** Cross platform port of OpenLdap Client library and Windows LDAP to .NET Core\n  - [NuGet](https://www.nuget.org/packages/LdapForNet) [GitHub](https://github.com/flamencist/ldap4net)\n- **Linq2Ldap:** Wrapper around System.DirectoryServices using LINQ Expressions as LDAP filters\n  - [NuGet](https://www.nuget.org/packages/Linq2Ldap) [GitHub](https://github.com/cdibbs/linq2ldap)\n\n[Web Application Security Consortium: LDAP Injection]: http://projects.webappsec.org/w/page/13246947/LDAP%20Injection\n[NuGet]: https://www.nuget.org/packages/AntiLdapInjection\n[NuGet page]: https://www.nuget.org/packages/AntiLdapInjection\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjonlabelle%2Fantildapinjection","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjonlabelle%2Fantildapinjection","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjonlabelle%2Fantildapinjection/lists"}