public void ldapSearchCompliant()

in src/java/detectors/ldap_injection/LdapInjection.java [37:54]

• 17 lines of code
• 3 McCabe index (conditional complexity)

    public void ldapSearchCompliant(HttpServletRequest request) {
        try {
            DirContext directoryContext = new InitialDirContext();
            SearchControls controls = new SearchControls();
            final String filter = request.getParameter("filter");
            // Compliant: user-supplied filter is checked for allowed characters to prevent ldap injection.
            if (!filter.matches("[a-z]+")) {
                throw new IllegalArgumentException();
            }
            Object[] args = new Object[]{"Some object"};
            String base = "some base";
            NamingEnumeration<SearchResult> results =
                    directoryContext.search(base, filter, args, controls);
            System.out.println(results);
        } catch (NamingException e) {
            System.out.println(e);
        }
    }