You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Sailaja Polavarapu (JIRA)" <ji...@apache.org> on 2018/03/14 23:25:00 UTC
[jira] [Resolved] (RANGER-2006) Fix problems detected by static
code analysis in ranger usersync for ldap sync source
[ https://issues.apache.org/jira/browse/RANGER-2006?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sailaja Polavarapu resolved RANGER-2006.
----------------------------------------
Resolution: Fixed
Reverted changes from both ranger-1.0 branch and master
> Fix problems detected by static code analysis in ranger usersync for ldap sync source
> -------------------------------------------------------------------------------------
>
> Key: RANGER-2006
> URL: https://issues.apache.org/jira/browse/RANGER-2006
> Project: Ranger
> Issue Type: Bug
> Components: Ranger, usersync
> Affects Versions: 0.7.1
> Reporter: Sailaja Polavarapu
> Assignee: Sailaja Polavarapu
> Priority: Minor
> Fix For: 1.0.0, master
>
>
> 1. *Overview* : The method goUpGroupHierarchyLdap() invokes a dynamically generated LDAP filter with unvalidated input, which could allow an attacker to modify the statement's meaning.
> In the file LdapDeltaUserGroupBuilder.java similar issues were on line numbers 913
> *Comments* : need to verify the search() parameters for validation
> 2. *Overview* : The method goUpGroupHierarchyLdap() invokes a dynamically generated LDAP filter with unvalidated input, which could allow an attacker to modify the statement's meaning.
> In the file LdapUserGroupBuilder.java similar issues were on line numbers 818
> *Comments* : need to verify the search() parameters for validation
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)