https://github.com/tcort/ldap-escape

Escape functions for LDAP filters and distinguished names to prevent LDAP injection attacks.
https://github.com/tcort/ldap-escape

escape ldap

Last synced: 6 months ago
JSON representation

Escape functions for LDAP filters and distinguished names to prevent LDAP injection attacks.

• Host: GitHub
• URL: https://github.com/tcort/ldap-escape
• Owner: tcort
• License: isc
• Created: 2015-11-12T22:10:00.000Z (almost 10 years ago)
• Default Branch: master
• Last Pushed: 2023-01-08T15:14:40.000Z (over 2 years ago)
• Last Synced: 2025-03-28T02:45:58.096Z (6 months ago)
• Topics: escape, ldap
• Language: JavaScript
• Size: 268 KB
• Stars: 10
• Watchers: 2
• Forks: 1
• Open Issues: 4
• Metadata Files:
  • Readme: README.md
  • Changelog: CHANGELOG.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE.md

Awesome Lists containing this project

README

          
# ldap-escape

Template literal tag functions for LDAP filters and distinguished names to prevent [LDAP injection](https://www.owasp.org/index.php/LDAP_injection) attacks.

Uses the escape codes from [Active Directory: Characters to Escape](http://social.technet.microsoft.com/wiki/contents/articles/5312.active-directory-characters-to-escape.aspx).

## Installation

    npm install --save ldap-escape

## Specification

### escapes for search filter

| Character | Escape |

|-----------|--------|

| `*`       | `\2A`  |

| `(`       | `\28`  |

| `)`       | `\29`  |

| `\`       | `\5C`  |

| `NUL`     | `\00`  |

### escapes for distinguished names

| Character                   | Escape |

|-----------------------------|--------|

| `,`                         | `\,`   |

| `\`                         | `\\`   |

| `#`                         | `\#`   |

| `+`                         | `\+`   |

| `<`                         | `\<`   |

| `>`                         | `\>`   |

| `;`                         | `\;`   |

| `"`                         | `\"`   |

| `=`                         | `\=`   |

| `SPC` (leading or trailing) | `\ `   |

## Template Literal Tag Functions

### ldapEscape.filter

Escapes input for use as an LDAP filter.

### ldapEscape.dn

Escapes input for use as an LDAP distinguished name.

## Examples

### Escape a Search Filter

    "use strict";

    const ldapEscape = require('ldap-escape');

    const uid = 1337;

    console.log(ldapEscape.filter`uid=${uid}`); // -> 'uid=1337'

### Escape a DN

    "use strict";

    const ldapEscape = require('ldap-escape');

    const cn = 'alice';

    console.log(ldapEscape.dn`cn=${cn},dc=test`); // -> 'cn=alice,dc=test'

## Testing

    npm test

## License

See [LICENSE.md](https://github.com/tcort/ldap-escape/blob/master/LICENSE.md)