LDAP 查询 c# 中的 LDAP 注入

Question

this is my bool connection for validating whether an user is in AD group or not. I got a security flag in my code.

    private bool testconnection(string user)
    {
        bool isInGroup = false;
        if (user.Length <= 7 && user.All(char.IsLetterOrDigit))
        {
            string groupName = "GroupName";
            DirectoryEntry de = new DirectoryEntry("LDAP://DC=mycompany,DC=com");
            DirectorySearcher searcher = new DirectorySearcher(de);
            searcher.Filter = "(&(objectClass=user)(|(cn=" + user + ")(sAMAccountName=" + user + ")))"; //When I'm concatenating the user name, here I got the security flag which is below.

            SearchResult result = searcher.FindOne();

            if (result != null)
            {

                DirectoryEntry person = result.GetDirectoryEntry();
                PropertyValueCollection groups = person.Properties["memberof"];

                foreach (string g in groups)
                {
                    if (g.Contains(groupName))
                    {
                        isInGroup = true;
                        break;
                    }
                }

            }
        }
        return isInGroup;
    }

I would like to know, how to pass the user name as a parameter in the searcher.filter rather than "+user+"

Security Flag:

Description

The software does not sufficiently sanitize special elements that are used in LDAP queries or responses, allowing attackers to modify the syntax, contents, or commands of the LDAP query before it is executed. Recommendations Validate all user-supplied input to ensure that it conforms to the expected format, using centralized data validation routines when possible. When using black lists, be sure that the sanitizing routine performs a sufficient number of iterations to remove all instances of disallowed characters. Thank you, Krishna

Answer 1

根据LDAP Injection Prevention Cheat Sheet ，在某种名为 .Net AntiXSS 的独立库中提供了一些类。