Skip to content

Commit 8b32eaf

Browse files
smowtonsmowton
authored
Copyedits
1 parent 5c5e978 commit 8b32eaf

File tree

2 files changed

+7
-8
lines changed

2 files changed

+7
-8
lines changed

go/ql/src/experimental/CWE-285/PamAuthBypass.qhelp

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,8 +7,7 @@
77
to check the validity of a login can lead to authorization bypass vulnerabilities.
88
</p>
99
<p>
10-
A
11-
<code>pam.Authenticate</code>
10+
A <code>pam.Authenticate</code> call
1211
only verifies the credentials of a user. It does not check if a user has an
1312
appropriate authorization to actually login. This means a user with an expired
1413
login or a password can still access the system.

go/ql/src/experimental/CWE-285/PamAuthBypass.ql

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -36,8 +36,8 @@ class PamStartFunc extends Function {
3636
PamStartFunc() { this.hasQualifiedName("github.com/msteinert/pam", ["StartFunc", "Start"]) }
3737
}
3838

39-
class PamAuthBypassConfiguration extends TaintTracking::Configuration {
40-
PamAuthBypassConfiguration() { this = "PAM auth bypass" }
39+
class PamStartToAcctMgmtConfig extends TaintTracking::Configuration {
40+
PamStartToAcctMgmtConfig() { this = "PAM auth bypass (Start to AcctMgmt)" }
4141

4242
override predicate isSource(DataFlow::Node source) {
4343
exists(PamStartFunc p | p.getACall().getResult(0) = source)
@@ -48,8 +48,8 @@ class PamAuthBypassConfiguration extends TaintTracking::Configuration {
4848
}
4949
}
5050

51-
class PamAuthBypassConfig extends TaintTracking::Configuration {
52-
PamAuthBypassConfig() { this = "PAM auth bypass2" }
51+
class PamStartToAuthenticateConfig extends TaintTracking::Configuration {
52+
PamStartToAuthenticateConfig() { this = "PAM auth bypass (Start to Authenticate)" }
5353

5454
override predicate isSource(DataFlow::Node source) {
5555
exists(PamStartFunc p | p.getACall().getResult(0) = source)
@@ -61,9 +61,9 @@ class PamAuthBypassConfig extends TaintTracking::Configuration {
6161
}
6262

6363
from
64-
PamAuthBypassConfiguration config, PamAuthBypassConfig config2, DataFlow::Node source,
64+
PamStartToAcctMgmtConfig acctMgmtConfig, PamStartToAuthenticateConfig authConfig, DataFlow::Node source,
6565
DataFlow::Node sink
6666
where
6767
not isInTestFile(source.asExpr()) and
68-
(config2.hasFlow(source, sink) and not config.hasFlow(source, _))
68+
(authConfig.hasFlow(source, sink) and not acctMgmtConfig.hasFlow(source, _))
6969
select source, "This Pam transaction may not be secure."

0 commit comments

Comments
 (0)