hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 17:25:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Move LdapInjection to new dataflow API

Browse Source 
We could have switched to a stateful config, but I tried to keep changes
as straight forward as possible.
This commit is contained in:
Rasmus Wriedt Larsen
2023-08-25 16:03:53 +02:00
parent c360346e9e
commit 05573904a5
2 changed files with 37 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
python/ql/src/Security/CWE-090/LdapInjection.ql
View File

@@ -14,14 +14,14 @@
// Determine precision above
import python
import semmle.python.security.dataflow.LdapInjectionQuery
import DataFlow::PathGraph
import LdapInjectionFlow::PathGraph
from DataFlow::PathNode source, DataFlow::PathNode sink, string parameterName
from LdapInjectionFlow::PathNode source, LdapInjectionFlow::PathNode sink, string parameterName
where
any(DnConfiguration dnConfig).hasFlowPath(source, sink) and
LdapInjectionDnFlow::flowPath(source.asPathNode1(), sink.asPathNode1()) and
parameterName = "DN"
or
any(FilterConfiguration filterConfig).hasFlowPath(source, sink) and
LdapInjectionFilterFlow::flowPath(source.asPathNode2(), sink.asPathNode2()) and
parameterName = "filter"
select sink.getNode(), source, sink,
"LDAP query parameter (" + parameterName + ") depends on a $@.", source.getNode(),