Escapes the LDAP search filter to prevent LDAP injection attacks.

namespace Util
{
    using System.Text;

    /// <summary>
    /// LDAP utilities.
    /// </summary>
    public static class LdapUtil
    {
        #region - Escape Chars -

        private const char BackSlashChar = '\\';
        private const string BackSlashCharEscaped = "\\5c";

        private const char AsteriskChar = '*';
        private const string AsteriskCharEscaped = "\\2a";

        private const char LeftParenthesisChar = '(';
        private const string LeftParenthesisCharEscaped = "\\28";

        private const char RightParenthesisChar = ')';
        private const string RightParenthesisCharEscaped = "\\29";

        private const char NullUnicodeChar = '\u0000';
        private const string NullUnicodeCharEscaped = "\\00";

        private const char ForwardSlashChar = '/';
        private const string ForwardSlashCharEscaped = "\\2f";

        #endregion

        /// <summary>
        /// Escapes the LDAP search filter to prevent LDAP injection attacks.
        /// </summary>
        /// <param name="searchFilter">The search filter.</param>
        /// <returns>The escaped search filter.</returns>
        /// <remarks>
        ///     See: https://blogs.oracle.com/shankar/entry/what_is_ldap_injection
        ///     See: http://msdn.microsoft.com/en-us/library/aa746475.aspx
        /// </remarks>
        public static string EscapeSearchFilter(string searchFilter)
        {
            var escape = new StringBuilder();

            for (var i = 0; i < searchFilter.Length; ++i)
            {
                var current = searchFilter[i];

                switch (current)
                {
                    case BackSlashChar:
                        escape.Append(BackSlashCharEscaped);
                        break;
                    case AsteriskChar:
                        escape.Append(AsteriskCharEscaped);
                        break;
                    case LeftParenthesisChar:
                        escape.Append(LeftParenthesisCharEscaped);
                        break;
                    case RightParenthesisChar:
                        escape.Append(RightParenthesisCharEscaped);
                        break;
                    case NullUnicodeChar:
                        escape.Append(NullUnicodeCharEscaped);
                        break;
                    case ForwardSlashChar:
                        escape.Append(ForwardSlashCharEscaped);
                        break;
                    default:
                        escape.Append(current);
                        break;
                }
            }

            return escape.ToString();
        }
    }
}