hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 06:42:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

feature add common sanitizer

Browse Source
This commit is contained in:
pupiles
2021-11-04 13:16:24 +08:00
parent adea73da23
commit 4f1052b3a7
1 changed files with 14 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
ql/src/experimental/CWE-090/LDAPinjection.qll
View File

@@ -7,6 +7,16 @@ import DataFlow::PathGraph
abstract class LdapSanitizer extends DataFlow::Node {
}
/*
* some common Sanitizer func
*/
private class CommonLdapEscape extends LdapSanitizer {
CommonLdapEscape() { exists(DataFlow::MethodCallNode m
| m.getTarget().getName() in ["sanitizedUserQuery","sanitizedUserDN","sanitizedGroupFilter","sanitizedGroupDN"]
| this = m.getResult(0)) }
}
/*
* The Sanitizer func from github.com/go-ldap/ldap or github.com/go-ldap/ldap/v3
*/
@@ -96,5 +106,9 @@ class LdapVul extends TaintTracking::Configuration {
super.isSanitizer(sanitizer) or sanitizer instanceof LdapSanitizer
}
}
from LdapVul config, DataFlow::PathNode source, DataFlow::PathNode sink
where config.hasFlowPath(source, sink)
select sink.getNode(), source, sink, "$@ LDAP query parameter comes from $@.", sink.getNode(),
"This", source.getNode(), "a user-provided value"