hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
codeql-cli-2.23.1
codeql/python/ql/test/experimental/query-tests/Security/CWE-522/ldap2_remote.py
jorgectf 18b05bc56e Fix tests and add global option
2021-09-12 20:35:57 +02:00

67 lines
1.6 KiB
Python
Raw Permalink Blame History

import ldap
from flask import request, Flask
app = Flask(__name__)
schema = "ldap://"
remote_host = "somethingon.theinternet.com"
full_host = "ldap://somethingon.theinternet.com"
# GOOD
# SSL through ldap variable option
# host from variable + variable
@app.route("/one")
def one():
ldap_connection_5 = ldap.initialize(schema + remote_host)
ldap_connection_5.set_option(ldap.OPT_X_TLS_DEMAND, True)
ldap_connection_5.simple_bind_s('', '')
user = ldap_connection_5.search_s(
"dn", ldap.SCOPE_SUBTREE, "search_filter")
return user
# SSL through ldap start_tls_s
# hardcoded host
@app.route("/two")
def two():
ldap_connection_6 = ldap.initialize("ldap://somethingon.theinternet.com")
ldap_connection_6.start_tls_s()
ldap_connection_6.simple_bind_s('', '')
user = ldap_connection_6.search_s(
"dn", ldap.SCOPE_SUBTREE, "search_filter")
return user
# BAD
@app.route("/one_bad")
def one_bad():
ldap_connection_7 = ldap.initialize(schema + remote_host)
ldap_connection_7.set_option(ldap.OPT_X_TLS_DEMAND, False)
ldap_connection_7.simple_bind_s('', '')
user = ldap_connection_7.search_s(
"dn", ldap.SCOPE_SUBTREE, "search_filter")
return user
@app.route("/one_bad_2")
def one_bad_2():
ldap_connection_8 = ldap.initialize(schema + remote_host)
ldap_connection_8.set_option(ldap.OPT_X_TLS_NEVER, True)
ldap_connection_8.simple_bind_s('', '')
user = ldap_connection_8.search_s(
"dn", ldap.SCOPE_SUBTREE, "search_filter")
return user
# if __name__ == "__main__":
# app.run(debug=True)
Reference in New Issue View Git Blame Copy Permalink