Change v3 to v2

Author: maikypedia

go/ql/src/experimental/CWE-287/ImproperLdapAuth.qll

@@ -32,23 +32,6 @@ private class GoLdapBindSink extends LdapAuthSink {
   }
 }
 
-/**
- * A vulnerable argument to `go-ldap` or `ldap`'s `UnauthenticatedBind` function (Only v3).
- */
-private class GoLdapAnonymousBindSink extends LdapAuthSink {
-  GoLdapAnonymousBindSink() {
-    exists(Method meth, string base, string t, string m |
-      t = ["Conn"] and
-      meth.hasQualifiedName([
-          "github.com/go-ldap/ldap", "github.com/go-ldap/ldap/v3", "gopkg.in/ldap.v3"
-        ], t, m) and
-      this = meth.getACall().getArgument(0)
-    |
-      base = ["UnauthenticatedBind"] and m = base
-    )
-  }
-}
-
 /**
  * A call to a regexp match function, considered as a barrier guard for sanitizing untrusted URLs.
  *

go/ql/test/experimental/CWE-287/ImproperLdapAuth.go

@@ -6,7 +6,7 @@ import (
 	"net/http"
 	"regexp"
 
-	ldap "github.com/go-ldap/ldap/v3"
+	ldap "gopkg.in/ldap.v2"
 )
 
 func bad(w http.ResponseWriter, req *http.Request) (interface{}, error) {