Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
ldap-filters
Advanced tools
Build, generate, parse, and evaluate LDAP filters
A library for working with Lightweight Directory Access Protocol (LDAP) filters based on RFC 4515.
Although this format is typicaly used with the LDAP protocol, this library could be implemented in other applications that need portable string-based filters for the purpose of matching object data.
Use npm:
npm install ldap-filters
var Filter = require('ldap-filters');
var output = Filter.AND([
Filter.attribute('givenName').equalTo('jenny'),
Filter.attribute('sn').equalTo('jensen')
]);
console.log(output.toString());
Note: You must call the .toString()
method, to obtain the filter as a string.
Various methods can be used to build simple filters:
(attr=*)
(attr=value)
(attr=*value*)
(attr=*value)
(attr=value*)
(attr~=value)
(attr>=value)
(attr<=value)
(attr=value)
Added in 2.x The .raw
method is useful for building filters that
have complex substring matches not suitable for .startsWith()
,
.endsWith()
, or .contains()
— however, you will need to escape
any values that require escaping. This can be done using
Filter.escape()
like so:
var match_value = '*' + Filter.escape('James (Jimmy)') + '*';
var filter = Filter.attribute('cn').raw(match_value);
match_value == '*James \\28Jimmy\\29*' // true
Simple filters can be aggregated with AND, OR, and NOT:
(&(f1)(f2)..)
(|(f1)(f2)..)
(!(filter))
Aggregation and nesting can be used to build complex filters.
Parses a filter from a string, returning a Filter object.
var Filter = require('ldap-filters');
var input = '(&(givenName=jenny)(sn=jensen))';
Filter.parse(input);
The .simplify()
method will reduce any AND or OR filters that have only
one child/condition and replace them with that filter. NOT filters, and
any other filters will remain intact.
var input = '(&(uid=jenny))';
Filter.parse(input).simplify().toString() // => '(uid=jenny)'
Whether you've created a filter programatically or by parsing a filter, you
can output with toString()
method or by concatenating with a string, like so:
filter.toString()
filter + ''
This will result in compacted output with no whitespace like:
(&(givenName=jenny)(sn=jensen)(|(c=us)(st=ontario)))
If you pass a value of true
or a numeric indentation value to
toString()
, the output will be beautified with space indentation.
filter.toString(true)
filter.toString(2)
Will result in similar output to the following:
(&
(givenName=jenny)
(sn=jensen)
(|
(c=us)
(st=ontario)
)
)
A value of true
will use Filter.indent
property, which defaults to 4.
The indentation character defaults to a space, see Filter.indent_char
Test if (object) data matches a given filter. The filter can be one
created programatically, or parsed from a text string. A boolean
true
value will be returned for a successful match.
var Filter = require('ldap-filters');
var input = '(&(givenName~=jeni)(sn=jensen))';
var parsed = Filter.parse(input);
var data = { givenName: 'Jenny', sn: 'Jensen' };
console.log(parsed.match(data));
A complete test suite is included. To run it, you will need to have mocha and chai installed. Mocha should be installed globally (need sudo?).
npm install -g mocha
npm install chai
Tests can be run from npm or manually with mocha:
# Run tests with npm
npm test
# Run tests manually
mocha test/*.js
The parser is built with pegjs. To re-build the parser, you'll need the pegjs dev dependency installed.
# Build parser with npm
npm run build
# Build manually with pegjs
# requires pegjs command to be availble (npm i -g pegjs)
pegjs lib/parser.pegjs lib/parser.js
Version 1.x and lower used jison parser source originally written by tantaman found in the DATS-DAP repository.
Version 2.x and above are using an updated original pegjs-based parser. This version offers better RFC-compliance and improved matching for complicated substring matches and escaped characters, as well as addressing some bugs found in the previous jison parser.
FAQs
Library for generating, parsing, and evaluating LDAP filters
The npm package ldap-filters receives a total of 137 weekly downloads. As such, ldap-filters popularity was classified as not popular.
We found that ldap-filters demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.