Skip to content

Add ldap.filter.is_filter() which checks filter syntax #272

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
spaceone wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Add ldap.filter.is_filter() which checks filter syntax #272

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
94d2133
feat(ldap.filter): add `is_filter()` to verify filter syntax
spaceone Mar 30, 2019
2a823e8
test(ldap.filter): Implement test cases for `is_filter()`
spaceone Mar 30, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 25 additions & 0 deletions Lib/ldap/filter.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
- Tested with Python 2.0+
"""

import _ldap
from ldap import __version__

from ldap.functions import strf_secs
Expand Down Expand Up @@ -89,3 +90,27 @@ def time_span_filter(
until_timestr=strf_secs(until_timestamp),
)
# end of time_span_filter()


def is_filter(ldap_filter):
"""
Returns True if `ldap_filter' can be parsed as a valid LDAP filter, otherwise False is returned.
"""
if hasattr(_ldap, 'is_filter'):
return _ldap.is_filter(ldap_filter)

# workaround for libldap <= 2.7
if '\x00' in ldap_filter:
raise ValueError('embedded null character')
import ldap
lo = ldap.initialize('')
try:
lo.search_ext_s('', ldap.SCOPE_BASE, ldap_filter)
except (ldap.FILTER_ERROR, TypeError, ValueError):
return False
except ldap.SERVER_DOWN:
# the filter syntax is valid, as the connection is not bound we expect SERVER_DOWN here
return True
finally:
lo.unbind()
raise RuntimeError('Could not check filter syntax.') # can not happen
28 changes: 28 additions & 0 deletions Modules/functions.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -399,6 +399,31 @@ l_ldap_get_option(PyObject *self, PyObject *args)
return LDAP_get_option(NULL, option);
}


#ifdef HAVE_LDAP_PUT_FILTER
/* ldap_is_filter */
static PyObject *l_ldap_is_filter(PyObject *self, PyObject *args)
{
const char *filter;
if(!PyArg_ParseTuple(args, "s", &filter))
return NULL;

BerElement *ber = ber_alloc_t(LBER_USE_DER);
if(!ber) {
Py_RETURN_FALSE;
}

int rc = ldap_pvt_put_filter(ber, filter);
ber_free(ber, 1);

if (rc == 0) {
Py_RETURN_TRUE;
}
Py_RETURN_FALSE;
}
#endif


/* methods */

static PyMethodDef methods[] = {
Expand All @@ -410,6 +435,9 @@ static PyMethodDef methods[] = {
{"dn2str", (PyCFunction)l_ldap_dn2str, METH_VARARGS},
{"set_option", (PyCFunction)l_ldap_set_option, METH_VARARGS},
{"get_option", (PyCFunction)l_ldap_get_option, METH_VARARGS},
#ifdef HAVE_LDAP_PUT_FILTER
{"is_filter", (PyCFunction)l_ldap_is_filter, METH_VARARGS},
#endif
{NULL, NULL}
};

Expand Down
7 changes: 7 additions & 0 deletions Modules/pythonldap.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,13 @@ LDAP_F(int) ldap_init_fd(ber_socket_t fd, int proto, LDAP_CONST char *url,
LDAP **ldp);
#endif

#if LDAP_VENDOR_VERSION >= 20700
/* openldap.h made ldap_pvt_put_filter() public in 2.7.x
* see https://bugs.openldap.org/show_bug.cgi?id=9393
*/
#define HAVE_LDAP_PUT_FILTER 1
#endif

#if defined(MS_WINDOWS)
#include <winsock.h>
#else /* unix */
Expand Down
27 changes: 25 additions & 2 deletions Tests/t_ldap_filter.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,14 +10,37 @@
# Switch off processing .ldaprc or ldap.conf before importing _ldap
os.environ['LDAPNOINIT'] = '1'

from ldap.filter import escape_filter_chars
from ldap.filter import escape_filter_chars, is_filter, filter_format


class TestDN(unittest.TestCase):
class TestFilter(unittest.TestCase):
"""
test ldap.functions
"""

def test_is_filter(self):
"""
test function is_filter()
"""
self.assertEqual(is_filter(''), True)
self.assertEqual(is_filter('foo='), True)
self.assertEqual(is_filter('foo=bar'), True)
self.assertEqual(is_filter('foo=*'), True)
self.assertEqual(is_filter(filter_format('foo=%s', ['*'])), True)
self.assertEqual(is_filter('(foo=bar)'), True)
self.assertEqual(is_filter('(&(foo=bar))'), True)
self.assertEqual(is_filter('(|(foo=bar))'), True)
self.assertEqual(is_filter(filter_format('foo=%s', ['\x00'])), True)
self.assertEqual(is_filter('foo>='), True)
self.assertEqual(is_filter('(foo>=)'), True)
self.assertEqual(is_filter('foo==bar'), True)
self.assertEqual(is_filter('foobar'), False)
self.assertEqual(is_filter('(foo='), False)
self.assertEqual(is_filter('foo=)'), False)
self.assertEqual(is_filter('=bar'), False)
with self.assertRaises(ValueError):
is_filter('foo=\x00')

def test_escape_filter_chars_mode0(self):
"""
test function escape_filter_chars() with escape_mode=0
Expand Down
Loading