public void ldapSearchNoncompliant()

in src/java/detectors/ldap_injection/LdapInjection.java [19:33]

• 14 lines of code
• 2 McCabe index (conditional complexity)

    public void ldapSearchNoncompliant(HttpServletRequest request) {
        try {
            DirContext directoryContext = new InitialDirContext();
            SearchControls controls = new SearchControls();
            final String filter = request.getParameter("filter");
            Object[] args = new Object[]{"Some object"};
            String base = "some base";
            // Noncompliant: unsanitized user-supplied filter is used.
            NamingEnumeration<SearchResult> results =
                    directoryContext.search(base, filter, args, controls);
            System.out.println(results);
        } catch (NamingException e) {
            System.out.println(e);
        }
    }