Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit a53da37

Browse files
owen-mcowen-mc
committed
Make LDAPInjection use new API
1 parent f60ca76 commit a53da37

2 files changed

Lines changed: 16 additions & 5 deletions

File tree

go/ql/src/experimental/CWE-090/LDAPInjection.ql

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -12,9 +12,9 @@
1212

1313
import go
1414
import LDAPInjection
15-
import DataFlow::PathGraph
15+
import LdapInjectionFlow::PathGraph
1616

17-
from LdapInjectionConfiguration config, DataFlow::PathNode source, DataFlow::PathNode sink
18-
where config.hasFlowPath(source, sink)
17+
from LdapInjectionFlow::PathNode source, LdapInjectionFlow::PathNode sink
18+
where LdapInjectionFlow::flowPath(source, sink)
1919
select sink.getNode(), source, sink, "LDAP query parameter depends on a $@.", source.getNode(),
2020
"user-provided value"

go/ql/src/experimental/CWE-090/LDAPInjection.qll

Lines changed: 13 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,4 @@
11
import go
2-
import DataFlow::PathGraph
32

43
/**
54
* A sanitizer function that prevents LDAP injection attacks.
@@ -97,10 +96,12 @@ private class LdapClientDNSink extends LdapSink {
9796
}
9897

9998
/**
99+
* DEPRECATED: Use `LdapInjectionFlow` instead.
100+
*
100101
* A taint-tracking configuration for reasoning about when an `UntrustedFlowSource`
101102
* flows into an argument or field that is vulnerable to LDAP injection.
102103
*/
103-
class LdapInjectionConfiguration extends TaintTracking::Configuration {
104+
deprecated class LdapInjectionConfiguration extends TaintTracking::Configuration {
104105
LdapInjectionConfiguration() { this = "Ldap injection" }
105106

106107
override predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource }
@@ -109,3 +110,13 @@ class LdapInjectionConfiguration extends TaintTracking::Configuration {
109110

110111
override predicate isSanitizer(DataFlow::Node sanitizer) { sanitizer instanceof LdapSanitizer }
111112
}
113+
114+
private module LdapInjectionConfig implements DataFlow::ConfigSig {
115+
predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource }
116+
117+
predicate isSink(DataFlow::Node sink) { sink instanceof LdapSink }
118+
119+
predicate isBarrier(DataFlow::Node node) { node instanceof LdapSanitizer }
120+
}
121+
122+
module LdapInjectionFlow = TaintTracking::Global<LdapInjectionConfig>;

0 commit comments

Comments
 (0)