Is LDAP Explorer safe?

Findings

Clipboard Access

Flags items that access or monitor clipboard content. While clipboard access may be used for legitimate purposes, it can also be exploited to capture sensitive user data such as passwords, authentication tokens, or copied personal information. This behavior may indicate data harvesting or keylogging-like activity and warrants further scrutiny.

medium

Unverified Publisher

Flags items published by entities that haven’t gone through the publisher verification process of the marketplace. Lack of verification may indicate higher risk, as the publisher’s identity and trustworthiness are unconfirmed.

medium

Unmaintained Item

Flags items that are not maintained on the marketplace, suggesting concerns about the item's reputation and the publisher's reliability.

low

All findings are available for Enterprise users

Code analysis

AI-powered analysis of the extension's source code for security insights and risk assessment.

LDAP Explorer is a Visual Studio Code extension that provides an LDAP client interface. Its main purpose is to allow users to connect to LDAP servers, browse directory entries, manage connections, and export LDAP data.

Core Functionality

LDAP Connections: The extension manages LDAP connections, including protocols (ldap/ldaps), StartTLS, certificate verification, and SNI. It stores connection details in VSCode workspace settings.
CA Certificate Management: Users can add, edit, and remove CA certificates for secure LDAP connections. Certificate file paths are stored in settings and read from disk.
LDAP Search and Browsing: Users can search LDAP directories, view entries, and attributes. Results can be exported as CSV files.
Bookmarks: Allows bookmarking LDAP DNs for quick access.
Webviews: Uses VSCode webviews for search, connection management, and displaying results. Webviews use local scripts and styles, with no evidence of remote code loading.
Clipboard: Implements a command to copy text to the clipboard using t.env.clipboard.writeText(e).

API and Filesystem Activity

Filesystem: Reads CA certificate files using fs.readFileSync and checks existence with fs.existsSync. Writes CSV export files using fs.open and fs.write to user-specified locations.
Network: Connects to user-specified LDAP servers using the ldapjs library. No evidence of arbitrary or hidden network destinations.
Process Execution: No evidence of shell, PowerShell, or arbitrary process execution.
Persistence: No persistence mechanisms outside of standard VSCode extension state and settings.
Registry: No Windows Registry access.
User Creation: No OS-level user creation.

Example Code Snippets

Clipboard Access:

t.commands.registerCommand("ldap-explorer.copy", (e) => { t.env.clipboard.writeText(e); })

File Write (CSV Export):

fs.open(s.fsPath, "w", (a, d) => { ... fs.write(d, ...); })

LDAP Connection:

const s = ldapjs.createClient({ url: [this.getUrl()], ... });

Security Considerations

All network activity is user-driven and targets user-configured LDAP servers.
File writes are limited to user-selected export locations.
No evidence of obfuscation, backdoors, or data exfiltration to unauthorized destinations.

No strong indicators of malicious activity were observed.

API Calls

API calls detected through static analysis of the source code. For more accurate insights, explore our sandbox dynamic analysis.

high

Enterprise Only

medium

Enterprise Only

low

Enterprise Only

API CALLS ARE AVAILABLE FOR ENTERPRISE USERS

Secrets

Any encoded/decoded secrets we managed to find in the source code, git repository, or related files

Github

/extension/node_modules/@vscode/webview-ui-toolkit/dist/toolkit.js

Unverified

Github

/extension/node_modules/ldapjs/test/corked_emitter.test.js

Unverified

Github

/extension/node_modules/safer-buffer/Readme.md

Unverified

All secrets are available for Enterprise users

Vulnerabilities

Known vulnerabilities and security issues detected in the extension's dependencies and code.

high

Enterprise Only

medium

Enterprise Only

low

Enterprise Only

VULNERABILITIES ARE AVAILABLE FOR ENTERPRISE USERS

External communication

Any identifiers we detected that may indicate external communication from the item's code

https://ldap.com/ldap-filters/

extension/dist/extension.js

https://ldap.com/ldap-filters/

extension/dist/extension.js

All external communications are available for Enterprise users

Dependencies

Dependencies and third-party libraries used by the extension, including version information and license details.

vasync

Version:

2.2.1

@types/glob

Version:

Unknown

@types/mocha

Version:

Unknown

All dependencies are available for Enterprise users

Licenses & Compliance

Licenses

GNU General Public License v3.0 or later

View License

"### GNU GENERAL PUBLIC LICENSE\n\nVersion 3, 29 June 2007\n\nCopyright (C) 2007 Free Software Foundation, Inc.\n\u003chttps://fsf.org/\u003e\n\nEveryone is permitted to copy and distribute verbatim c...