hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add a test without attributes

Browse Source
This commit is contained in:
jorgectf
2021-03-29 23:28:28 +02:00
parent ad36bea9d4
commit 8223539f0c
2 changed files with 23 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
python/ql/src/experimental/Security/CWE-090/unit_tests/ldap_bad.py
View File

@@ -14,6 +14,16 @@ def normal():
unsafe_dn, ldap.SCOPE_SUBTREE, unsafe_filter, ["testAttr1", "testAttr2"])
@app.route("/normal_noAttrs")
def normal_noAttrs():
unsafe_dn = "dc=%s" % request.args['dc']
unsafe_filter = "(user=%s)" % request.args['username']
ldap_connection = ldap.initialize("ldap://127.0.0.1:1337")
user = ldap_connection.search_s(
unsafe_dn, ldap.SCOPE_SUBTREE, unsafe_filter)
@app.route("/direct")
def direct():
unsafe_dn = "dc=%s" % request.args['dc']

13
python/ql/src/experimental/Security/CWE-090/unit_tests/ldap_good.py
View File

@@ -19,6 +19,19 @@ def normal():
safe_dn, ldap.SCOPE_SUBTREE, safe_filter, ["testAttr1", "testAttr2"])
@app.route("/normal_noAttrs")
def normal_noAttrs():
unsafe_dn = "dc=%s" % request.args['dc']
unsafe_filter = "(user=%s)" % request.args['username']
safe_dn = ldap.dn.escape_dn_chars(unsafe_dn)
safe_filter = ldap.filter.escape_filter_chars(unsafe_filter)
ldap_connection = ldap.initialize("ldap://127.0.0.1:1337")
user = ldap_connection.search_s(
safe_dn, ldap.SCOPE_SUBTREE, safe_filter)
@app.route("/direct")
def direct():
unsafe_dn = "dc=%s" % request.args['dc']