Add start_tls_s() comment and use DataFlow::MethodCallNode instead

2025-12-18 01:33:15 +01:00 · 2021-09-07 19:00:14 +02:00
parent 1bc16fb31e
commit ee98c0c587
1 changed files with 6 additions and 4 deletions
--- a/python/ql/src/experimental/semmle/python/frameworks/LDAP.qll
+++ b/python/ql/src/experimental/semmle/python/frameworks/LDAP.qll
@@ -116,9 +116,9 @@ private module LDAP {
          (
            // ldap_connection.start_tls_s()
            // see https://www.python-ldap.org/en/python-ldap-3.3.0/reference/ldap.html#ldap.LDAPObject.start_tls_s
-            exists(DataFlow::AttrRead startTLS |
+            exists(DataFlow::MethodCallNode startTLS |
              startTLS.getObject().getALocalSource() = initialize and
-              startTLS.getAttributeName() = "start_tls_s"
+              startTLS.getMethodName() = "start_tls_s"
            )
            or
            // ldap_connection.set_option(ldap.OPT_X_TLS_%s, True)
@@ -221,8 +221,10 @@ private module LDAP {
              .flowsTo([serverCall.getArg(2), serverCall.getArgByName("use_ssl")])
        )
        or
-        exists(DataFlow::AttrRead startTLS |
-          startTLS.getAttributeName().matches("%start_tls%") and
+        // ldap_connection.start_tls_s()
+        // see https://www.python-ldap.org/en/python-ldap-3.3.0/reference/ldap.html#ldap.LDAPObject.start_tls_s
+        exists(DataFlow::MethodCallNode startTLS |
+          startTLS.getMethodName() = "start_tls_s" and
          startTLS.getObject().getALocalSource() = this
        )
      }