Skip to content

Commit 05da1dc

Browse files
egregius313egregius313
committed
Merge concatInsecureLdapString into InsecureLdapUrl constructor
1 parent 98b445c commit 05da1dc

File tree

1 file changed

+7
-20
lines changed

1 file changed

+7
-20
lines changed

java/ql/lib/semmle/code/java/security/InsecureLdapAuth.qll

Lines changed: 7 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -22,37 +22,21 @@ class TypeHashtable extends Class {
2222
TypeHashtable() { this.getSourceDeclaration().hasQualifiedName("java.util", "Hashtable") }
2323
}
2424

25-
string getHostname(Expr expr) {
25+
/** Get the string value of an expression representing a hostname. */
26+
private string getHostname(Expr expr) {
2627
result = expr.(CompileTimeConstantExpr).getStringValue() or
2728
result =
2829
expr.(VarAccess).getVariable().getAnAssignedValue().(CompileTimeConstantExpr).getStringValue()
2930
}
3031

31-
/**
32-
* Holds if a non-private LDAP string is concatenated from both protocol and host.
33-
*/
34-
predicate concatInsecureLdapString(CompileTimeConstantExpr protocol, Expr host) {
35-
protocol.getStringValue() = "ldap://" and
36-
not exists(string hostString | hostString = getHostname(host) |
37-
hostString.length() = 0 or // Empty host is loopback address
38-
hostString instanceof PrivateHostName
39-
)
40-
}
41-
42-
// Expr getLeftmostConcatOperand(Expr expr) {
43-
// if expr instanceof AddExpr
44-
// then
45-
// result = expr.(AddExpr).getLeftOperand() and
46-
// not result instanceof AddExpr
47-
// else result = expr
48-
// }
4932
/**
5033
* String concatenated with `InsecureLdapUrlLiteral`.
5134
*/
5235
class InsecureLdapUrl extends Expr {
5336
InsecureLdapUrl() {
5437
this instanceof InsecureLdapUrlLiteral
5538
or
39+
// Concatentation of insecure protcol and non-private host:
5640
// protocol + host + ...
5741
exists(AddExpr e, CompileTimeConstantExpr protocol, Expr rest, Expr host |
5842
e = this and
@@ -61,7 +45,10 @@ class InsecureLdapUrl extends Expr {
6145
if rest instanceof AddExpr then host = rest.(AddExpr).getLeftOperand() else host = rest
6246
|
6347
protocol.getStringValue() = "ldap://" and
64-
concatInsecureLdapString(protocol, host)
48+
not exists(string hostString | hostString = getHostname(host) |
49+
hostString.length() = 0 or // Empty host is loopback address
50+
hostString instanceof PrivateHostName
51+
)
6552
)
6653
}
6754
}

0 commit comments

Comments
 (0)