Add start_tls_s() comment and use DataFlow::MethodCallNode instead

jorgectf · jorgectf · commit ee98c0c58726 · 2021-09-07T19:00:14.000+02:00
diff --git a/python/ql/src/experimental/semmle/python/frameworks/LDAP.qll b/python/ql/src/experimental/semmle/python/frameworks/LDAP.qll
@@ -116,9 +116,9 @@ private module LDAP {
           (
             // ldap_connection.start_tls_s()
             // see https://www.python-ldap.org/en/python-ldap-3.3.0/reference/ldap.html#ldap.LDAPObject.start_tls_s
-            exists(DataFlow::AttrRead startTLS |
+            exists(DataFlow::MethodCallNode startTLS |
               startTLS.getObject().getALocalSource() = initialize and
-              startTLS.getAttributeName() = "start_tls_s"
+              startTLS.getMethodName() = "start_tls_s"
             )
             or
             // ldap_connection.set_option(ldap.OPT_X_TLS_%s, True)
@@ -221,8 +221,10 @@ private module LDAP {
               .flowsTo([serverCall.getArg(2), serverCall.getArgByName("use_ssl")])
         )
         or
-        exists(DataFlow::AttrRead startTLS |
-          startTLS.getAttributeName().matches("%start_tls%") and
+        // ldap_connection.start_tls_s()
+        // see https://www.python-ldap.org/en/python-ldap-3.3.0/reference/ldap.html#ldap.LDAPObject.start_tls_s
+        exists(DataFlow::MethodCallNode startTLS |
+          startTLS.getMethodName() = "start_tls_s" and
           startTLS.getObject().getALocalSource() = this
         )
       }

Original file line number	Diff line number	Diff line change
`@@ -116,9 +116,9 @@ private module LDAP {`
`116`	`116`	`(`
`117`	`117`	`// ldap_connection.start_tls_s()`
`118`	`118`	`// see https://www.python-ldap.org/en/python-ldap-3.3.0/reference/ldap.html#ldap.LDAPObject.start_tls_s`
`119`		`- exists(DataFlow::AttrRead startTLS \|`
	`119`	`+ exists(DataFlow::MethodCallNode startTLS \|`
`120`	`120`	`startTLS.getObject().getALocalSource() = initialize and`
`121`		`- startTLS.getAttributeName() = "start_tls_s"`
	`121`	`+ startTLS.getMethodName() = "start_tls_s"`
`122`	`122`	`)`
`123`	`123`	`or`
`124`	`124`	`// ldap_connection.set_option(ldap.OPT_X_TLS_%s, True)`
`@@ -221,8 +221,10 @@ private module LDAP {`
`221`	`221`	`.flowsTo([serverCall.getArg(2), serverCall.getArgByName("use_ssl")])`
`222`	`222`	`)`
`223`	`223`	`or`
`224`		`- exists(DataFlow::AttrRead startTLS \|`
`225`		`- startTLS.getAttributeName().matches("%start_tls%") and`
	`224`	`+ // ldap_connection.start_tls_s()`
	`225`	`+ // see https://www.python-ldap.org/en/python-ldap-3.3.0/reference/ldap.html#ldap.LDAPObject.start_tls_s`
	`226`	`+ exists(DataFlow::MethodCallNode startTLS \|`
	`227`	`+ startTLS.getMethodName() = "start_tls_s" and`
`226`	`228`	`startTLS.getObject().getALocalSource() = this`
`227`	`229`	`)`
`228`	`230`	`}`