hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
codeql-cli-2.20.5
codeql/python/ql/test/query-tests/Security/CWE-090-LdapInjection/ldap_good.py
Rasmus Lerchedahl Petersen 4c3c4deb34 python: Move over query and tests
2022-01-28 09:19:11 +01:00

71 lines
1.9 KiB
Python
Raw Permalink Blame History

from flask import request, Flask
import ldap
import ldap.filter
import ldap.dn
app = Flask(__name__)
@app.route("/normal")
def normal():
"""
A RemoteFlowSource is sanitized and used as DN and search filter
"""
unsafe_dc = request.args['dc']
unsafe_filter = request.args['username']
safe_dc = ldap.dn.escape_dn_chars(unsafe_dc)
safe_filter = ldap.filter.escape_filter_chars(unsafe_filter)
dn = "dc={}".format(safe_dc)
search_filter = "(user={})".format(safe_filter)
ldap_connection = ldap.initialize("ldap://127.0.0.1")
user = ldap_connection.search_s(
dn, ldap.SCOPE_SUBTREE, search_filter)
@app.route("/direct")
def direct():
"""
A RemoteFlowSource is sanitized and used as DN and search filter using a oneline call to .search_s
"""
unsafe_dc = request.args['dc']
unsafe_filter = request.args['username']
safe_dc = ldap.dn.escape_dn_chars(unsafe_dc)
safe_filter = ldap.filter.escape_filter_chars(unsafe_filter)
dn = "dc={}".format(safe_dc)
search_filter = "(user={})".format(safe_filter)
user = ldap.initialize("ldap://127.0.0.1").search_s(
dn, ldap.SCOPE_SUBTREE, search_filter, ["testAttr1", "testAttr2"])
@app.route("/normal_argbyname")
def normal_argbyname():
"""
A RemoteFlowSource is sanitized and used as DN and search filter, while the search filter is specified as
an argument by name
"""
unsafe_dc = request.args['dc']
unsafe_filter = request.args['username']
safe_dc = ldap.dn.escape_dn_chars(unsafe_dc)
safe_filter = ldap.filter.escape_filter_chars(unsafe_filter)
dn = "dc={}".format(safe_dc)
search_filter = "(user={})".format(safe_filter)
ldap_connection = ldap.initialize("ldap://127.0.0.1")
user = ldap_connection.search_s(
dn, ldap.SCOPE_SUBTREE, filterstr=search_filter)
# if __name__ == "__main__":
# app.run(debug=True)
Reference in New Issue View Git Blame Copy Permalink