Scala Ldap Query Injection
Description
Detects potential LDAP injection vulnerabilities in Scala applications using the Play Framework and JNDI directory services. This vulnerability occurs when untrusted user input can be used in LDAP queries, potentially allowing attackers to manipulate the query logic or bypass authentication controls.
Detection Strategy
• Application must use Play Framework (play.api.mvc) and JNDI directory services (javax.naming.directory)
• Identifies calls to LDAP query methods using DirContext
• Checks if untrusted data from user inputs or external sources flows into LDAP query parameters
• Reports a vulnerability when query parameters can be controlled by external inputs without proper sanitization
Vulnerable code example
import javax.naming.directory.{DirContext, InitialDirContext, SearchControls}
def vulnerableSearch(username: String): Unit = {
val filter = s"(uid=$username)" // Vulnerable: unsanitized user input in LDAP filter
val ctx = new InitialDirContext()
ctx.search("ou=people,dc=example,dc=com", filter, new SearchControls()) // LDAP injection possible here
}✅ Secure code example
import javax.naming.directory.{DirContext, InitialDirContext, SearchControls}
import javax.naming.ldap.Rdn
def secureSearch(username: String): Unit = {
val safeUsername = Rdn.escapeValue(username) // Secure: properly escape LDAP special chars
val filter = s"(uid=$safeUsername)"
val ctx = new InitialDirContext()
ctx.search("ou=people,dc=example,dc=com", filter, new SearchControls())...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.