From 2d8318dc024f378c2401b5faa780de539705eaa6 Mon Sep 17 00:00:00 2001
From: Maiky <76447395+maikypedia@users.noreply.github.com>
Date: Sun, 28 May 2023 17:40:31 +0200
Subject: [PATCH] remove unnecessary imports and edit .qhelp
---
ruby/ql/lib/codeql/ruby/frameworks/Ldap.qll | 2 --
ruby/ql/src/experimental/ldap-injection/LdapInjection.qhelp | 5 ++++-
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/Ldap.qll b/ruby/ql/lib/codeql/ruby/frameworks/Ldap.qll
index 671efd685cf..48eefa43a56 100644
--- a/ruby/ql/lib/codeql/ruby/frameworks/Ldap.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/Ldap.qll
@@ -6,8 +6,6 @@ private import ruby
private import codeql.ruby.ApiGraphs
private import codeql.ruby.dataflow.FlowSummary
private import codeql.ruby.Concepts
-private import codeql.ruby.CFG
-private import codeql.ruby.AST
/**
* Provides modeling for `net-ldap` a ruby library for LDAP.
diff --git a/ruby/ql/src/experimental/ldap-injection/LdapInjection.qhelp b/ruby/ql/src/experimental/ldap-injection/LdapInjection.qhelp
index 8fbf484e8f5..7fb715fdbf6 100644
--- a/ruby/ql/src/experimental/ldap-injection/LdapInjection.qhelp
+++ b/ruby/ql/src/experimental/ldap-injection/LdapInjection.qhelp
@@ -40,11 +40,14 @@ components, and search for a completely different set of values.
In the second example, the input provided by the user is sanitized before it is included in the search filter or DN.
This ensures the meaning of the query cannot be changed by a malicious user.
-
+
OWASP: LDAP Injection Prevention Cheat Sheet.
OWASP: LDAP Injection.
+Wikipedia: LDAP injection.
+BlackHat: LDAP Injection and Blind LDAP Injection.
+LDAP: Understanding and Defending Against LDAP Injection Attacks.