2.0.6 • Published 2 years ago

ldap-escape v2.0.6

Weekly downloads
2,708
License
ISC
Repository
github
Last release
2 years ago

ldap-escape

Template literal tag functions for LDAP filters and distinguished names to prevent LDAP injection attacks. Uses the escape codes from Active Directory: Characters to Escape.

Installation

npm install --save ldap-escape

Specification

escapes for search filter

CharacterEscape
*\2A
(\28
)\29
\ | \5C
NUL\00

escapes for distinguished names

CharacterEscape
,\,
\ | \\
#\#
+\+
<\<
>\>
;\;
"\"
=\=
SPC (leading or trailing)\

Template Literal Tag Functions

ldapEscape.filter

Escapes input for use as an LDAP filter.

ldapEscape.dn

Escapes input for use as an LDAP distinguished name.

Examples

Escape a Search Filter

"use strict";

const ldapEscape = require('ldap-escape');

const uid = 1337;

console.log(ldapEscape.filter`uid=${uid}`); // -> 'uid=1337'

Escape a DN

"use strict";

const ldapEscape = require('ldap-escape');

const cn = 'alice';

console.log(ldapEscape.dn`cn=${cn},dc=test`); // -> 'cn=alice,dc=test'

Testing

npm test

License

See LICENSE.md

LDAPescapesecurityinjectionfilterdn
@everything-registry/sub-chunk-2051@immobiliarelabs/backstage-plugin-ldap-auth-backendldap-vc-status@zalastax/nolb-ldapi-ldap
2.0.6

2 years ago

2.0.5

3 years ago

2.0.4

4 years ago

2.0.3

5 years ago

2.0.2

5 years ago

2.0.1

5 years ago

2.0.0

6 years ago

1.1.5

6 years ago

1.1.4

8 years ago

1.1.3

8 years ago

1.1.2

8 years ago

1.1.1

8 years ago

1.1.0

8 years ago

1.0.1

8 years ago

1.0.0

8 years ago