Description
CWE: 90 LDAP Injection
BadSource: environment Read input from an environment variable
GoodSource: Use a fixed string
Sinks:
BadSink : data concatenated into LDAP search, which could result in LDAP Injection
Flow Variant: 83 Data flow: data passed to class constructor and destructor by declaring the class object on the stack
Flaws
Test Suites
Documentation
Have any comments on this test case? Please, send us an email.