hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 11:46:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
40e63a63e2b8712ec1c1be53ed9030b96d9f33e1
codeql/java/ql/lib/semmle/code/java/security/LdapInjectionQuery.qll

24 lines
954 B
Plaintext
Raw Blame History

/** Provides a taint tracking configuration to reason about unvalidated user input that is used to construct LDAP queries. */
import java
import semmle.code.java.dataflow.FlowSources
import semmle.code.java.security.LdapInjection
/**
* A taint-tracking configuration for unvalidated user input that is used to construct LDAP queries.
*/
module LdapInjectionFlowConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }
predicate isSink(DataFlow::Node sink) { sink instanceof LdapInjectionSink }
predicate isBarrier(DataFlow::Node node) { node instanceof LdapInjectionSanitizer }
predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
any(LdapInjectionAdditionalTaintStep a).step(pred, succ)
}
}
/** Tracks flow from remote sources to LDAP injection vulnerabilities. */
module LdapInjectionFlow = TaintTracking::Global<LdapInjectionFlowConfig>;
Reference in New Issue View Git Blame Copy Permalink