remove unnecessary imports and edit .qhelp

2026-02-19 08:23:45 +01:00 · 2023-05-28 17:40:31 +02:00
parent 065b69460d
commit 2d8318dc02
2 changed files with 4 additions and 3 deletions
--- a/ruby/ql/lib/codeql/ruby/frameworks/Ldap.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/Ldap.qll
@@ -6,8 +6,6 @@ private import ruby
 private import codeql.ruby.ApiGraphs
 private import codeql.ruby.dataflow.FlowSummary
 private import codeql.ruby.Concepts
-private import codeql.ruby.CFG
-private import codeql.ruby.AST

 /**
 * Provides modeling for `net-ldap` a ruby library for LDAP.
--- a/ruby/ql/src/experimental/ldap-injection/LdapInjection.qhelp
+++ b/ruby/ql/src/experimental/ldap-injection/LdapInjection.qhelp
@@ -40,11 +40,14 @@ components, and search for a completely different set of values.</p>
 <p>In the second example, the input provided by the user is sanitized before it is included in the search filter or DN.
 This ensures the meaning of the query cannot be changed by a malicious user.</p>

-<sample src="examples/LdapInjectionBad.rb" />
+<sample src="examples/LdapInjectionGood.rb" />
 </example>

 <references>
 <li>OWASP: <a href="https://cheatsheetseries.owasp.org/cheatsheets/LDAP_Injection_Prevention_Cheat_Sheet.html">LDAP Injection Prevention Cheat Sheet</a>.</li>
 <li>OWASP: <a href="https://owasp.org/www-community/attacks/LDAP_Injection">LDAP Injection</a>.</li>
+<li>Wikipedia: <a href="https://en.wikipedia.org/wiki/LDAP_injection">LDAP injection</a>.</li>
+<li>BlackHat: <a href="https://www.blackhat.com/presentations/bh-europe-08/Alonso-Parada/Whitepaper/bh-eu-08-alonso-parada-WP.pdf">LDAP Injection and Blind LDAP Injection</a>.</li>
+<li>LDAP: <a href="https://ldap.com/2018/05/04/understanding-and-defending-against-ldap-injection-attacks/">Understanding and Defending Against LDAP Injection Attacks</a>.</li>
 </references>
 </qhelp>