hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 18:55:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Handle both positional and keyword args for LDAP bind

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2021-06-28 10:46:13 +02:00
parent 1d7ddce8db
commit dfe16aae4c
4 changed files with 56 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
python/ql/src/experimental/semmle/python/frameworks/LDAP.qll
View File

@@ -82,7 +82,9 @@ private module LDAP {
private class LDAP2Bind extends DataFlow::CallCfgNode, LDAPBind::Range {
LDAP2Bind() { this.getFunction() = ldapBind() }
override DataFlow::Node getPassword() { result = this.getArg(1) }
override DataFlow::Node getPassword() {
result in [this.getArg(1), this.getArgByName("cred")]
}
}
/**
@@ -147,7 +149,9 @@ private module LDAP {
class LDAP3Bind extends DataFlow::CallCfgNode, LDAPBind::Range {
LDAP3Bind() { this = ldap3Connection().getACall() }
override DataFlow::Node getPassword() { result = this.getArgByName("password") }
override DataFlow::Node getPassword() {
result in [this.getArg(2), this.getArgByName("password")]
}
}
/**