hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
alexet/avoid-path-node-java
codeql/ruby/ql/test/query-tests/experimental/LdapInjection/LdapInjection.rb
Maiky d45d046fa7 Add test file and .expected
2023-05-28 17:29:34 +02:00

66 lines
2.1 KiB
Ruby
Raw Permalink Blame History

class FooController < ActionController::Base
def some_request_handler
# A string tainted by user input is used directly as DN
# (i.e a remote flow source)
dc = params[:dc]
# A string tainted by user input is used directly as search filter or attribute
# (i.e a remote flow source)
name = params[:user_name]
# LDAP Connection
ldap = Net::LDAP.new(
host: 'ldap.example.com',
port: 636,
encryption: :simple_tls,
auth: {
method: :simple,
username: 'uid=admin,dc=example,dc=com',
password: 'adminpassword'
}
)
# BAD: user input is used as DN
# where dc is unsanitized
ldap.search(base: "ou=people,dc=#{dc},dc=com", filter: "cn=George", attributes: [""])
# BAD: user input is used as search filter
# where name is unsanitized
ldap.search(base: "ou=people,dc=example,dc=com", filter: "cn=#{name}", attributes: [""])
# BAD: user input is used as attribute
# where name is unsanitized
ldap.search(base: "ou=people,dc=example,dc=com", filter: "cn=George", attributes: [name])
# BAD: user input is used as search filter
# where name is unsanitized
filter = Net::LDAP::Filter.eq('cn', name)
ldap.search(base: "ou=people,dc=example,dc=com", filter: filter, attributes: [""])
# GOOD: user input is not used in the LDAP query
result = ldap.search(base: "ou=people,dc=example,dc=com", filter: "cn=George", attributes: [""])
end
end
class BarController < ApplicationController
def safe_paths
dc = params[:dc]
# GOOD: barrier guard prevents taint flow
if dc == "example"
base = "ou=people,dc=#{dc},dc=com"
else
base = "ou=people,dc=default,dc=com"
end
ldap.search(base: base, filter: "cn=George", attributes: [""])
name = params[:user_name]
# GOOD: barrier guard prevents taint flow
name = if ["George", "Nicolas"].include? name
name
else
name = "Guest"
end
result = ldap.search(base: "ou=people,dc=example,dc=com", filter: "cn=#{name}", attributes: [""])
end
end
Reference in New Issue View Git Blame Copy Permalink