hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Improve tests, move them and create qhelp examples

Browse Source
This commit is contained in:
jorgectf
2021-04-09 00:50:47 +02:00
parent 2392be08c7
commit 015d203fcb
8 changed files with 143 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
python/ql/src/experimental/Security/CWE-287/examples/auth_bad_2.py Normal file
View File

@@ -0,0 +1,12 @@
from flask import request, Flask
import ldap
@app.route("/bind_example")
def bind_example():
dn = request.args['dc']
search_filter = request.args['search']
ldap_connection = ldap.initialize("ldap://127.0.0.1:1337")
ldap_connection.bind('cn=root', "")
user = ldap_connection.search_s(dn, ldap.SCOPE_SUBTREE, search_filter)

12
python/ql/src/experimental/Security/CWE-287/examples/auth_bad_3.py Normal file
View File

@@ -0,0 +1,12 @@
from ldap3 import Server, Connection, ALL
from flask import request, Flask
@app.route("/passwordNone")
def passwordNone():
dn = request.args['dc']
search_filter = request.args['search']
srv = Server('servername', get_info=ALL)
conn = Connection(srv, user='user_dn', password=None)
status, result, response, _ = conn.search(dn, search_filter)

13
python/ql/src/experimental/Security/CWE-287/examples/auth_good_2.py Normal file
View File

@@ -0,0 +1,13 @@
from flask import request, Flask
import ldap
import os
@app.route("/bind_example")
def bind_example():
dn = request.args['dc']
search_filter = request.args['search']
ldap_connection = ldap.initialize("ldap://127.0.0.1:1337")
ldap_connection.bind('cn=root', os.environ.get('LDAP_PASSWORD'))
user = ldap_connection.search_s(dn, ldap.SCOPE_SUBTREE, search_filter)

6
python/ql/src/experimental/Security/CWE-287/tests/3_auth_good.py → python/ql/src/experimental/Security/CWE-287/examples/auth_good_3.py
View File

@@ -2,8 +2,6 @@ from ldap3 import Server, Connection, ALL
from flask import request, Flask
import os
app = Flask(__name__)
@app.route("/passwordFromEnv")
def passwordFromEnv():
@@ -14,7 +12,3 @@ def passwordFromEnv():
conn = Connection(srv, user='user_dn',
password=os.environ.get('LDAP_PASSWORD'))
status, result, response, _ = conn.search(dn, search_filter)
return result
# if __name__ == "__main__":
# app.run(debug=True)

30
python/ql/src/experimental/Security/CWE-287/tests/3_auth_bad.py
View File

@@ -1,30 +0,0 @@
from ldap3 import Server, Connection, ALL
from flask import request, Flask
app = Flask(__name__)
@app.route("/passwordNone")
def passwordNone():
dn = request.args['dc']
search_filter = request.args['search']
srv = Server('servername', get_info=ALL)
conn = Connection(srv, user='user_dn', password=None)
status, result, response, _ = conn.search(dn, search_filter)
return result
@app.route("/notPassword")
def notPassword():
dn = request.args['dc']
search_filter = request.args['search']
srv = Server('servername', get_info=ALL)
conn = Connection(srv, user='user_dn')
status, result, response, _ = conn.search(dn, search_filter)
return result
# if __name__ == "__main__":
# app.run(debug=True)

52
python/ql/src/experimental/Security/CWE-287/tests/auth_bad.py
View File

@@ -1,52 +0,0 @@
from flask import request, Flask
import ldap
app = Flask(__name__)
@app.route("/simple_bind")
def simple_bind():
dn = request.args['dc']
search_filter = request.args['search']
ldap_connection = ldap.initialize("ldap://127.0.0.1:1337")
ldap_connection.simple_bind('cn=root')
user = ldap_connection.search_s(dn, ldap.SCOPE_SUBTREE, search_filter)
return user[0]
@app.route("/simple_bind_s")
def simple_bind_s():
dn = request.args['dc']
search_filter = request.args['search']
ldap_connection = ldap.initialize("ldap://127.0.0.1:1337")
ldap_connection.simple_bind_s('cn=root')
user = ldap_connection.search_s(dn, ldap.SCOPE_SUBTREE, search_filter)
return user[0]
@app.route("/bind_s")
def bind_s():
dn = request.args['dc']
search_filter = request.args['search']
ldap_connection = ldap.initialize("ldap://127.0.0.1:1337")
ldap_connection.bind_s('cn=root', None)
user = ldap_connection.search_s(dn, ldap.SCOPE_SUBTREE, search_filter)
return user[0]
@app.route("/bind")
def bind():
dn = request.args['dc']
search_filter = request.args['search']
ldap_connection = ldap.initialize("ldap://127.0.0.1:1337")
ldap_connection.bind('cn=root', None)
user = ldap_connection.search_s(dn, ldap.SCOPE_SUBTREE, search_filter)
return user[0]
# if __name__ == "__main__":
# app.run(debug=True)

52
python/ql/src/experimental/Security/CWE-287/tests/auth_good.py
View File

@@ -1,52 +0,0 @@
from flask import request, Flask
import ldap
import os
app = Flask(__name__)
@app.route("/simple_bind")
def simple_bind():
dn = request.args['dc']
search_filter = request.args['search']
ldap_connection = ldap.initialize("ldap://127.0.0.1:1337")
ldap_connection.simple_bind('cn=root', os.environ.get('LDAP_PASSWORD'))
user = ldap_connection.search_s(dn, ldap.SCOPE_SUBTREE, search_filter)
return user[0]
@app.route("/simple_bind_s")
def simple_bind_s():
dn = request.args['dc']
search_filter = request.args['search']
ldap_connection = ldap.initialize("ldap://127.0.0.1:1337")
ldap_connection.simple_bind_s('cn=root', os.environ.get('LDAP_PASSWORD'))
user = ldap_connection.search_s(dn, ldap.SCOPE_SUBTREE, search_filter)
return user[0]
@app.route("/bind_s")
def bind_s():
dn = request.args['dc']
search_filter = request.args['search']
ldap_connection = ldap.initialize("ldap://127.0.0.1:1337")
ldap_connection.bind_s('cn=root', os.environ.get('LDAP_PASSWORD'))
user = ldap_connection.search_s(dn, ldap.SCOPE_SUBTREE, search_filter)
return user[0]
@app.route("/bind")
def bind():
dn = request.args['dc']
search_filter = request.args['search']
ldap_connection = ldap.initialize("ldap://127.0.0.1:1337")
ldap_connection.bind('cn=root', os.environ.get('LDAP_PASSWORD'))
user = ldap_connection.search_s(dn, ldap.SCOPE_SUBTREE, search_filter)
return user[0]
# if __name__ == "__main__":
# app.run(debug=True)