File tree Expand file tree Collapse file tree
semmle/code/java/security Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -13,9 +13,7 @@ class LdapInjectionFlowConfig extends TaintTracking::Configuration {
1313
1414 override predicate isSink ( DataFlow:: Node sink ) { sink instanceof LdapInjectionSink }
1515
16- override predicate isSanitizer ( DataFlow:: Node node ) {
17- node .getType ( ) instanceof PrimitiveType or node .getType ( ) instanceof BoxedType
18- }
16+ override predicate isSanitizer ( DataFlow:: Node node ) { node instanceof LdapInjectionSanitizer }
1917
2018 override predicate isAdditionalTaintStep ( DataFlow:: Node node1 , DataFlow:: Node node2 ) {
2119 ldapNameStep ( node1 , node2 ) or
Original file line number Diff line number Diff line change @@ -10,6 +10,9 @@ import semmle.code.java.frameworks.ApacheLdap
1010/** A data flow sink for unvalidated user input that is used to construct LDAP queries. */
1111abstract class LdapInjectionSink extends DataFlow:: Node { }
1212
13+ /** A class that identifies sanitizers that prevent LDAP injection attacks. */
14+ abstract class LdapInjectionSanitizer extends DataFlow:: Node { }
15+
1316private predicate jndiLdapInjectionSinkMethod ( Method m , int index ) {
1417 m .getDeclaringType ( ) .getAnAncestor ( ) instanceof TypeDirContext and
1518 m .hasName ( "search" ) and
@@ -105,3 +108,13 @@ private class ApacheLdapInjectionSink extends LdapInjectionSink {
105108 )
106109 }
107110}
111+
112+ /** A sanitizer that clears the taint on primitive types. */
113+ private class PrimitiveTypeLdapSanitizer extends LdapInjectionSanitizer {
114+ PrimitiveTypeLdapSanitizer ( ) { this .getType ( ) instanceof PrimitiveType }
115+ }
116+
117+ /** A sanitizer that clears the taint on boxed primitive types. */
118+ private class BoxedTypeLdapSanitizer extends LdapInjectionSanitizer {
119+ BoxedTypeLdapSanitizer ( ) { this .getType ( ) instanceof BoxedType }
120+ }
You can’t perform that action at this time.
0 commit comments