AntiLdapInjection 1.0.0-pre

.NET Standard 2.1 This package targets .NET Standard 2.1. The package is compatible with this framework or higher.
This is a prerelease version of AntiLdapInjection.
There is a newer version of this package available.
See the version list below for details. 
dotnet add package AntiLdapInjection --version 1.0.0-pre                

                    
                

            
NuGet\Install-Package AntiLdapInjection -Version 1.0.0-pre
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="AntiLdapInjection" Version="1.0.0-pre" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
paket add AntiLdapInjection --version 1.0.0-pre                

                    
                

            
#r "nuget: AntiLdapInjection, 1.0.0-pre"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
// Install AntiLdapInjection as a Cake Addin
#addin nuget:?package=AntiLdapInjection&version=1.0.0-pre&prerelease

// Install AntiLdapInjection as a Cake Tool
#tool nuget:?package=AntiLdapInjection&version=1.0.0-pre&prerelease

Anti-LDAP Injection

CI build status

A .NET library that provides protection against LDAP Injection.

Most of the of the code was extracted from Microsoft's AntiXss library (v4.3) LDAP Encoder, which is no longer maintained.

Usage

FilterEncode

FilterEncode encodes input according to RFC 4515, where unsafe values are converted to \XX (XX is the representation of the unsafe character).

Example: opening/closing parenthesis
string filter = "Parens R Us (for all your parenthetical needs)";
string encoded = LdapEncoder.FilterEncode(filter);
Console.WriteLine(encoded); // "Parens R Us \28for all your parenthetical needs\29"
Example: asterisk in search filter
string filter = "*";
string encoded = LdapEncoder.FilterEncode(filter);
Console.WriteLine(encoded); // "\2A"
Example: backslash in search filter
string filter = @"C:\MyFile";
string encoded = LdapEncoder.FilterEncode(filter);
Console.WriteLine(encoded); // "C:\5CMyFile"
Example: accents in search filter
string filter = "Lučić";
string encoded = LdapEncoder.FilterEncode(filter);
Console.WriteLine(encoded); // "Lu\C4\8Di\C4\87"

DistinguishedNameEncode

DistinguishedNameEncode encodes input according to RFC 2253, where unsafe characters are converted to #XX where XX is the representation of the unsafe character and the comma, plus, quote, slash, less than and great than signs are escaped using slash notation (\X). In addition to this, a space or octothorpe (#) at the beginning of the input string is escaped (\), as is a space at the end of a string.

Example: distinguished name slash notation
string dn = @", + \ "" \ < >";
string encoded = LdapEncoder.DistinguishedNameEncode(dn);
Console.WriteLine(encoded); // "\, \+ \" \\ \< \>"
Example: leading space in distinguished name
string dn = " Hello";
string encoded = LdapEncoder.DistinguishedNameEncode(dn);
Console.WriteLine(encoded); // "\ Hello"
Example: trailing space in distinguished name
string dn = "Hello ";
string encoded = LdapEncoder.DistinguishedNameEncode(dn);
Console.WriteLine(encoded); // "Hello\ "
Example: octothorpe character in distinguished name
string dn = "#Hello";
string encoded = LdapEncoder.DistinguishedNameEncode(dn);
Console.WriteLine(encoded); // "\#Hello"
Example: accents in distinguished name
string dn = "Lučić";
string encoded = LdapEncoder.DistinguishedNameEncode(dn);
Console.WriteLine(encoded); // "Lu#C4#8Di#C4#87"
Initial and final character overrides

You have the option to turn off initial or final character escaping rules. For example, if you are concatenating a escaped distinguished name fragment into the midst of a complete distinguished name.

DistinguishedNameEncode(
string input,
 bool useInitialCharacterRules,
 bool useFinalCharacterRule)

In addition to the RFC mandated escaping, the safe list excludes the characters listed under the LDAP escape sequences section.

LDAP injection resources

Similar libraries

Similar libraries providing protections against LDAP injection, not necessarily in .NET.

Node.js

ldap-escape

ldap-escape is an npm package that provides template literal tag functions for LDAP filters and distinguished names to prevent LDAP injection attacks.

Product Compatible and additional computed target framework versions.
.NET net5.0 was computed.  net5.0-windows was computed.  net6.0 was computed.  net6.0-android was computed.  net6.0-ios was computed.  net6.0-maccatalyst was computed.  net6.0-macos was computed.  net6.0-tvos was computed.  net6.0-windows was computed.  net7.0 was computed.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed.  net8.0 was computed.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 was computed.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed. 
.NET Core netcoreapp3.0 was computed.  netcoreapp3.1 was computed. 
.NET Standard netstandard2.1 is compatible. 
MonoAndroid monoandroid was computed. 
MonoMac monomac was computed. 
MonoTouch monotouch was computed. 
Tizen tizen60 was computed. 
Xamarin.iOS xamarinios was computed. 
Xamarin.Mac xamarinmac was computed. 
Xamarin.TVOS xamarintvos was computed. 
Xamarin.WatchOS xamarinwatchos was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

  • .NETStandard 2.1

    • No dependencies.

NuGet packages (1)

Showing the top 1 NuGet packages that depend on AntiLdapInjection:

Package Downloads
Quaero.Ldap

Package Description

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
2.0.0 8,942 11/29/2024
1.1.4 77,939 5/20/2022
1.1.3 430 5/20/2022
1.1.2 479 5/18/2022
1.1.1 447 5/18/2022
1.1.0 424 1/6/2022
1.0.9 3,910 6/13/2021
1.0.8 397 2/26/2021
1.0.7 603 2/8/2021
1.0.6 398 2/5/2021
1.0.5 375 2/5/2021
1.0.4 387 2/5/2021
1.0.3 365 2/4/2021
1.0.2 359 2/3/2021
1.0.1 397 2/3/2021
1.0.0 396 2/3/2021
1.0.0-pre 256 2/1/2021

https://github.com/jonlabelle/AntiLdapInjection