Security

Reply
Occasional Contributor II

What does the NwaNormalizeEmail conversion do?

In Aruba ClearPass Guest Management, when customizing a form field (in this case, my sponsor_email field) I have a need to ensure that there is nothing malicious about the email entered prior to perofrming the LDAP validation.

 

I have chosen to use the NwaNormalizeEmail conversion in the advanced section, but there is nothing in the Guest User Guide that tells me what this actually does.  It talks about how it normalizes a phone number with NwaNormalizePhoneNumber but makes no mention of what NwaNormalizeEmail operates.

 

Can someone clarify this?

 

And, to be clear, I do NOT want to use the email validator to validate the email against RFC822.  I am using the isValidEmail validator with a do_ldap_lookup param to perform an LDAP lookup.  

Highlighted
Guru Elite

Re: What does the NwaNormalizeEmail conversion do?

What do you mean by "nothing malicious" about the email?


Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: What does the NwaNormalizeEmail conversion do?

Like an LDAP injection attempt? Or perhaps some kind of DoS attempt?
Aruba Employee

Re: What does the NwaNormalizeEmail conversion do?

From the horse's mouth:

 

/**

* Strips common fluff out of an email.  Not meant as a validator nor to be perfect. 

* Bad input should still be flagged. 

*  " name@address.com   " => Kill surrounding whitespace

*  "mailto:name@address.com" => Kill 'mailto:'

*  "name@address.com;" => Kill trailing delimiters ';'

*  "First Last <name@address.com>" => Kill name wrapper

* @see IsValidEmail

*/

Occasional Contributor II

Re: What does the NwaNormalizeEmail conversion do?

Would it be safe to say it will protect against LDAP injection as per my case posted?
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: