hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Copyedits

Browse Source
This commit is contained in:
Chris Smowton
2022-05-31 11:05:40 +01:00
committed by GitHub
parent 5c5e978d30
commit 8b32eaf05c
2 changed files with 7 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
go/ql/src/experimental/CWE-285/PamAuthBypass.qhelp
View File

@@ -7,8 +7,7 @@
to check the validity of a login can lead to authorization bypass vulnerabilities.
</p>
<p>
A
<code>pam.Authenticate</code>
A <code>pam.Authenticate</code> call
only verifies the credentials of a user. It does not check if a user has an
appropriate authorization to actually login. This means a user with an expired
login or a password can still access the system.

12
go/ql/src/experimental/CWE-285/PamAuthBypass.ql
View File

@@ -36,8 +36,8 @@ class PamStartFunc extends Function {
PamStartFunc() { this.hasQualifiedName("github.com/msteinert/pam", ["StartFunc", "Start"]) }
}
class PamAuthBypassConfiguration extends TaintTracking::Configuration {
PamAuthBypassConfiguration() { this = "PAM auth bypass" }
class PamStartToAcctMgmtConfig extends TaintTracking::Configuration {
PamStartToAcctMgmtConfig() { this = "PAM auth bypass (Start to AcctMgmt)" }
override predicate isSource(DataFlow::Node source) {
exists(PamStartFunc p | p.getACall().getResult(0) = source)
@@ -48,8 +48,8 @@ class PamAuthBypassConfiguration extends TaintTracking::Configuration {
}
}
class PamAuthBypassConfig extends TaintTracking::Configuration {
PamAuthBypassConfig() { this = "PAM auth bypass2" }
class PamStartToAuthenticateConfig extends TaintTracking::Configuration {
PamStartToAuthenticateConfig() { this = "PAM auth bypass (Start to Authenticate)" }
override predicate isSource(DataFlow::Node source) {
exists(PamStartFunc p | p.getACall().getResult(0) = source)
@@ -61,9 +61,9 @@ class PamAuthBypassConfig extends TaintTracking::Configuration {
}
from
PamAuthBypassConfiguration config, PamAuthBypassConfig config2, DataFlow::Node source,
PamStartToAcctMgmtConfig acctMgmtConfig, PamStartToAuthenticateConfig authConfig, DataFlow::Node source,
DataFlow::Node sink
where
not isInTestFile(source.asExpr()) and
(config2.hasFlow(source, sink) and not config.hasFlow(source, _))
(authConfig.hasFlow(source, sink) and not acctMgmtConfig.hasFlow(source, _))
select source, "This Pam transaction may not be secure."