Remove unnecessary imports and add returns

2026-05-05 05:35:13 +02:00 · 2023-10-26 01:16:43 +02:00
parent eccde3f4f1
commit a1e38c3444
3 changed files with 15 additions and 193 deletions
--- a/go/ql/test/experimental/CWE-287/ImproperLdapAuth.expected
+++ b/go/ql/test/experimental/CWE-287/ImproperLdapAuth.expected
@@ -1,14 +1,14 @@
 edges
 | ImproperLdapAuth.go:18:18:18:24 | selection of URL | ImproperLdapAuth.go:18:18:18:32 | call to Query |
 | ImproperLdapAuth.go:18:18:18:32 | call to Query | ImproperLdapAuth.go:28:23:28:34 | bindPassword |
-| ImproperLdapAuth.go:80:18:80:19 | "" | ImproperLdapAuth.go:90:23:90:34 | bindPassword |
+| ImproperLdapAuth.go:87:18:87:19 | "" | ImproperLdapAuth.go:97:23:97:34 | bindPassword |
 nodes
 | ImproperLdapAuth.go:18:18:18:24 | selection of URL | semmle.label | selection of URL |
 | ImproperLdapAuth.go:18:18:18:32 | call to Query | semmle.label | call to Query |
 | ImproperLdapAuth.go:28:23:28:34 | bindPassword | semmle.label | bindPassword |
-| ImproperLdapAuth.go:80:18:80:19 | "" | semmle.label | "" |
-| ImproperLdapAuth.go:90:23:90:34 | bindPassword | semmle.label | bindPassword |
+| ImproperLdapAuth.go:87:18:87:19 | "" | semmle.label | "" |
+| ImproperLdapAuth.go:97:23:97:34 | bindPassword | semmle.label | bindPassword |
 subpaths
 #select
 | ImproperLdapAuth.go:28:23:28:34 | bindPassword | ImproperLdapAuth.go:18:18:18:24 | selection of URL | ImproperLdapAuth.go:28:23:28:34 | bindPassword | LDAP binding password depends on a $@. | ImproperLdapAuth.go:18:18:18:24 | selection of URL | user-provided value |
-| ImproperLdapAuth.go:90:23:90:34 | bindPassword | ImproperLdapAuth.go:80:18:80:19 | "" | ImproperLdapAuth.go:90:23:90:34 | bindPassword | LDAP binding password depends on a $@. | ImproperLdapAuth.go:80:18:80:19 | "" | user-provided value |
+| ImproperLdapAuth.go:97:23:97:34 | bindPassword | ImproperLdapAuth.go:87:18:87:19 | "" | ImproperLdapAuth.go:97:23:97:34 | bindPassword | LDAP binding password depends on a $@. | ImproperLdapAuth.go:87:18:87:19 | "" | user-provided value |
--- a/go/ql/test/experimental/CWE-287/ImproperLdapAuth.go
+++ b/go/ql/test/experimental/CWE-287/ImproperLdapAuth.go
@@ -20,15 +20,16 @@ func bad(w http.ResponseWriter, req *http.Request) (interface{}, error) {
 	// Connect to the LDAP server
 	l, err := ldap.Dial("tcp", fmt.Sprintf("%s:%d", ldapServer, ldapPort))
 	if err != nil {
-		log.Fatalf("Failed to connect to LDAP server: %v", err)
+		return fmt.Errorf("Failed to connect to LDAP server: %v", err), err
 	}
 	defer l.Close()

 	// BAD: user input is not sanetized
 	err = l.Bind(bindDN, bindPassword)
 	if err != nil {
-		log.Fatalf("LDAP bind failed: %v", err)
+		return fmt.Errorf("LDAP bind failed: %v", err), err
 	}
+	return nil, nil
 }

 func good1(w http.ResponseWriter, req *http.Request) (interface{}, error) {
@@ -40,7 +41,7 @@ func good1(w http.ResponseWriter, req *http.Request) (interface{}, error) {
 	// Connect to the LDAP server
 	l, err := ldap.Dial("tcp", fmt.Sprintf("%s:%d", ldapServer, ldapPort))
 	if err != nil {
-		log.Fatalf("Failed to connect to LDAP server: %v", err)
+		return fmt.Errorf("Failed to connect to LDAP server: %v", err), err
 	}
 	defer l.Close()

@@ -50,6 +51,10 @@ func good1(w http.ResponseWriter, req *http.Request) (interface{}, error) {
 	if !hasEmptyInput {
 		l.Bind(bindDN, bindPassword)
 	}
+	if err != nil {
+		return fmt.Errorf("LDAP bind failed: %v", err), err
+	}
+	return nil, nil
 }

 func good2(w http.ResponseWriter, req *http.Request) (interface{}, error) {
@@ -61,14 +66,16 @@ func good2(w http.ResponseWriter, req *http.Request) (interface{}, error) {
 	// Connect to the LDAP server
 	l, err := ldap.Dial("tcp", fmt.Sprintf("%s:%d", ldapServer, ldapPort))
 	if err != nil {
-		log.Fatalf("Failed to connect to LDAP server: %v", err)
+		return fmt.Errorf("Failed to connect to LDAP server: %v", err), err
 	}
 	defer l.Close()

 	// GOOD : bindPassword is not empty
 	if bindPassword != "" {
 		l.Bind(bindDN, bindPassword)
+		return nil, err
 	}
+	return nil, nil
 }

 func bad2(req *http.Request) {
--- a/go/vendor/gopkg.in/ldap.v2/stub.go
+++ b/go/vendor/gopkg.in/ldap.v2/stub.go
@@ -1,185 +0,0 @@
-// Code generated by depstubber. DO NOT EDIT.
-// This is a simple stub for gopkg.in/ldap.v2, strictly for use in testing.
-
-// See the LICENSE file for information about the licensing of the original library.
-// Source: gopkg.in/ldap.v2 (exports: Conn; functions: Dial)
-
-// Package ldap is a stub of gopkg.in/ldap.v2, generated by depstubber.
-package ldap
-
-import (
-	tls "crypto/tls"
-	time "time"
-)
-
-type AddRequest struct {
-	DN         string
-	Attributes []Attribute
-}
-
-func (_ *AddRequest) Attribute(_ string, _ []string) {}
-
-type Attribute struct {
-	Type string
-	Vals []string
-}
-
-type Conn struct {
-	Debug interface{}
-}
-
-func (_ *Conn) Add(_ *AddRequest) error {
-	return nil
-}
-
-func (_ *Conn) Bind(_ string, _ string) error {
-	return nil
-}
-
-func (_ *Conn) Close() {}
-
-func (_ *Conn) Compare(_ string, _ string, _ string) (bool, error) {
-	return false, nil
-}
-
-func (_ *Conn) Del(_ *DelRequest) error {
-	return nil
-}
-
-func (_ *Conn) Modify(_ *ModifyRequest) error {
-	return nil
-}
-
-func (_ *Conn) PasswordModify(_ *PasswordModifyRequest) (*PasswordModifyResult, error) {
-	return nil, nil
-}
-
-func (_ *Conn) Search(_ *SearchRequest) (*SearchResult, error) {
-	return nil, nil
-}
-
-func (_ *Conn) SearchWithPaging(_ *SearchRequest, _ uint32) (*SearchResult, error) {
-	return nil, nil
-}
-
-func (_ *Conn) SetTimeout(_ time.Duration) {}
-
-func (_ *Conn) SimpleBind(_ *SimpleBindRequest) (*SimpleBindResult, error) {
-	return nil, nil
-}
-
-func (_ *Conn) Start() {}
-
-func (_ *Conn) StartTLS(_ *tls.Config) error {
-	return nil
-}
-
-type Control interface {
-	Encode() interface{}
-	GetControlType() string
-	String() string
-}
-
-type DelRequest struct {
-	DN       string
-	Controls []Control
-}
-
-func Dial(_ string, _ string) (*Conn, error) {
-	return nil, nil
-}
-
-type Entry struct {
-	DN         string
-	Attributes []*EntryAttribute
-}
-
-func (_ *Entry) GetAttributeValue(_ string) string {
-	return ""
-}
-
-func (_ *Entry) GetAttributeValues(_ string) []string {
-	return nil
-}
-
-func (_ *Entry) GetRawAttributeValue(_ string) []byte {
-	return nil
-}
-
-func (_ *Entry) GetRawAttributeValues(_ string) [][]byte {
-	return nil
-}
-
-func (_ *Entry) PrettyPrint(_ int) {}
-
-func (_ *Entry) Print() {}
-
-type EntryAttribute struct {
-	Name       string
-	Values     []string
-	ByteValues [][]byte
-}
-
-func (_ *EntryAttribute) PrettyPrint(_ int) {}
-
-func (_ *EntryAttribute) Print() {}
-
-type ModifyRequest struct {
-	DN                string
-	AddAttributes     []PartialAttribute
-	DeleteAttributes  []PartialAttribute
-	ReplaceAttributes []PartialAttribute
-}
-
-func (_ *ModifyRequest) Add(_ string, _ []string) {}
-
-func (_ *ModifyRequest) Delete(_ string, _ []string) {}
-
-func (_ *ModifyRequest) Replace(_ string, _ []string) {}
-
-type PartialAttribute struct {
-	Type string
-	Vals []string
-}
-
-type PasswordModifyRequest struct {
-	UserIdentity string
-	OldPassword  string
-	NewPassword  string
-}
-
-type PasswordModifyResult struct {
-	GeneratedPassword string
-}
-
-type SearchRequest struct {
-	BaseDN       string
-	Scope        int
-	DerefAliases int
-	SizeLimit    int
-	TimeLimit    int
-	TypesOnly    bool
-	Filter       string
-	Attributes   []string
-	Controls     []Control
-}
-
-type SearchResult struct {
-	Entries   []*Entry
-	Referrals []string
-	Controls  []Control
-}
-
-func (_ *SearchResult) PrettyPrint(_ int) {}
-
-func (_ *SearchResult) Print() {}
-
-type SimpleBindRequest struct {
-	Username string
-	Password string
-	Controls []Control
-}
-
-type SimpleBindResult struct {
-	Controls []Control
-}