hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Change qhelp explanation

Browse Source
This commit is contained in:
jorgectf
2021-06-17 17:43:34 +02:00
parent d34d2ed2b1
commit 13cfcec968
1 changed files with 3 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
python/ql/src/experimental/Security/CWE-287/ImproperLdapAuth.qhelp
View File

@@ -3,8 +3,8 @@
"qhelp.dtd">
<qhelp>
<overview>
<p>If an LDAP query is built using string concatenation or string formatting, and it doesn't carry any kind of authentication,
anonymous binds causes an empty or None-set password to result in a successful authentication.</p>
<p>If an LDAP query doesn't carry any kind of authentication, anonymous binds causes an empty or None-set password
to result in a successful authentication.</p>
</overview>
<recommendation>
@@ -12,8 +12,7 @@ anonymous binds causes an empty or None-set password to result in a successful a
</recommendation>
<example>
<p>In the following examples, the code accepts both <code>username</code> and <code>dc</code> from the user,
which it then uses to build a LDAP query and DN while the connection carries no authentication or binds anonymously.</p>
<p>In the following examples, the code builds a LDAP query whose execution carries no authentication or binds anonymously.</p>
<sample src="examples/auth_bad_2.py" />
<sample src="examples/auth_bad_3.py" />