hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 10:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Improve qhelp

Browse Source
This commit is contained in:
jorgectf
2021-04-09 00:48:57 +02:00
parent 7e456494ef
commit 63bd32359a
2 changed files with 32 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
python/ql/src/experimental/Security/CWE-287/ImproperLdapAuth.qhelp Normal file
View File

@@ -0,0 +1,32 @@
<!DOCTYPE qhelp PUBLIC
"-//Semmle//qhelp//EN"
"qhelp.dtd">
<qhelp>
<overview>
<p>If an LDAP query is built using string concatenation or string formatting, and it doesn't carry any kind of authentication,
anonymous binds causes an empty or None-set password to result in a successful authentication.</p>
</overview>
<recommendation>
<p>Use a strong password while establishing a LDAP connection to execute a query a user controls.</p>
</recommendation>
<example>
<p>In the following examples, the code accepts both <code>username</code> and <code>dc</code> from the user,
which it then uses to build a LDAP query and DN while the connection carries no authentication or binds anonymously.</p>
<sample src="examples/auth_bad_2.py" />
<sample src="examples/auth_bad_3.py" />
<p>In the third and fourth examples, the authentication is established using a password from a secure source such as environment variables.</p>
<sample src="examples/auth_good_2.py" />
<sample src="examples/auth_good_3.py" />
</example>
<references>
<li>SonarSource: <a href="https://rules.sonarsource.com/python/type/Vulnerability/RSPEC-4433">RSPEC-4433</a>.</li>
<li>Python2: <a href="https://www.python-ldap.org/en/python-ldap-3.3.0/reference/ldap.html">LDAP Documentation</a>.</li>
<li>Python3: <a href="https://ldap3.readthedocs.io/en/latest/">LDAP Documentation</a>.</li>
</references>
</qhelp>

28
python/ql/src/experimental/Security/CWE-287/LDAPImproperAuth.qhelp
View File

@@ -1,28 +0,0 @@
<!DOCTYPE qhelp PUBLIC "-//Semmle//qhelp//EN" "qhelp.dtd">
<qhelp>
<overview>
<p>If an LDAP connection doesn't carry any kind of authentication, gets produced an access to information
in the LDAP directory.</p>
<p>Simple authentication in LDAP can be used with three different mechanisms:<p>
<li>Anonymous Authentication Mechanism by performing a bind request with a username and password value of zero length.</li>
<li>Unauthenticated Authentication Mechanism by performing a bind request with a password value of zero length.</li>
<li>Name/Password Authentication Mechanism by performing a bind request with a password value of non-zero length.</li>
</overview>
<recommendation>
<p>Every LDAP authentication should be done by using a password taken from a safe place.
<recommendation>
<references>
<li>
SonarSource
<a href="https://rules.sonarsource.com/python/type/Vulnerability/RSPEC-4433">RSPEC-4433</a>
</li>
</references>
</qhelp>