ldap3 is a pure-Python LDAP client. Connection.search() accepts a search_filter — LDAP injection sink when the filter is built from user input without escaping. Use ldap3.utils.conv.escape_filter_chars() for safe construction.
.search().search()SinkConnection.search(search_base, search_filter, search_scope=SUBTREE, ...) -> bool
Runs an LDAP search. Injection sink when search_filter is built from user input.
1| FQN | Field | |
|---|---|---|
| ldap3 | fqns[0] | |
| ldap3.Connection | fqns[1] |
Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.
from codepathfinder.go_rule import PyLdap3