Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search

Page History

Versions Compared

Old Version 75

changes.mady.by.user G. Ann Campbell

Saved on Jul 21, 2017

compared with

New Version Current

changes.mady.by.user Michal Rozenau

Saved on Jan 10, 2023

Key

This line was added.
This line was removed.
Formatting was changed.

Comment: Parasoft Jtest 2022.2

...

Characters and Sequences to Exclude from Whitelists

Character	Name
`'` and `"`	Single and double quote
`/` and `\`	Forward slash and backslash
`\\`	Double slashes*
space	Space character at beginning or end of string
`#`	Hash character at the beginning of the string
`<` and `>`	Angle brackets
`,` and `;`	Comma and semicolon
`+` and `*`	Addition and multiplication operators
`(` and `)`	Round braces
`\u0000`	Unicode `NULL` character

* This is a character sequence.

...

Failure to sanitize untrusted input can result in information disclosure and privilege escalation.

Automated Detection

Tool

Version

Checker

Description

The Checker Framework

Include Page

	The Checker Framework_V
	The Checker Framework_V

Tainting Checker

Trust and security errors (see Chapter 8)

SonarQube Java Plugin

Include Page

	Parasoft_V
	Parasoft_V

CERT.IDS54.TDLDAP

Protect against LDAP injection

Include Page

	SonarQube

Java Plugin

_V
	SonarQube

Java Plugin

_V

S2078

Bibliography

Preventing LDAP Injection in Java

...

...

Image Modified Image Modified Image Modified