Skip to content

Commit 23ff34f

Browse files
d10cd10c
committed
Java: InsecureLdapAuth
1 parent 83465fc commit 23ff34f

File tree

1 file changed

+12
-10
lines changed

1 file changed

+12
-10
lines changed

java/ql/lib/semmle/code/java/security/InsecureLdapAuthQuery.qll

Lines changed: 12 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -41,12 +41,18 @@ private module BasicAuthConfig implements DataFlow::ConfigSig {
4141

4242
predicate isSink(DataFlow::Node sink) { sink instanceof InsecureLdapUrlSink }
4343

44-
predicate observeDiffInformedIncrementalMode() {
45-
any() // TODO: Make sure that the location overrides match the query's select clause: Column 5 does not select a source or sink originating from the flow call on line 21 (/Users/d10c/src/semmle-code/ql/java/ql/src/Security/CWE/CWE-522/InsecureLdapAuth.ql@23:79:23:94)
46-
}
44+
predicate observeDiffInformedIncrementalMode() { any() }
45+
46+
Location getASelectedSourceLocation(DataFlow::Node source) { none() }
4747

48-
Location getASelectedSourceLocation(DataFlow::Node source) {
49-
none() // TODO: Make sure that this source location matches the query's select clause: Column 5 does not select a source or sink originating from the flow call on line 21 (/Users/d10c/src/semmle-code/ql/java/ql/src/Security/CWE/CWE-522/InsecureLdapAuth.ql@23:79:23:94)
48+
Location getASelectedSinkLocation(DataFlow::Node sink) {
49+
result = sink.getLocation()
50+
or
51+
exists(InsecureLdapUrlFlow::PathNode pathSource, InsecureLdapUrlFlow::PathNode pathSink |
52+
result = pathSource.getNode().getLocation() and
53+
pathSink.getNode() = sink and
54+
InsecureLdapUrlFlow::flowPath(pathSource, pathSink)
55+
)
5056
}
5157
}
5258

@@ -66,11 +72,7 @@ private module RequiresSslConfig implements DataFlow::ConfigSig {
6672
predicate isSink(DataFlow::Node sink) { sink instanceof InsecureLdapUrlSink }
6773

6874
predicate observeDiffInformedIncrementalMode() {
69-
any() // TODO: Make sure that the location overrides match the query's select clause: Column 5 does not select a source or sink originating from the flow call on line 22 (/Users/d10c/src/semmle-code/ql/java/ql/src/Security/CWE/CWE-522/InsecureLdapAuth.ql@23:79:23:94)
70-
}
71-
72-
Location getASelectedSourceLocation(DataFlow::Node source) {
73-
none() // TODO: Make sure that this source location matches the query's select clause: Column 5 does not select a source or sink originating from the flow call on line 22 (/Users/d10c/src/semmle-code/ql/java/ql/src/Security/CWE/CWE-522/InsecureLdapAuth.ql@23:79:23:94)
75+
none() // only used negatively in InsecureLdapAuth.ql
7476
}
7577
}
7678

0 commit comments

Comments
 (0)