jorgectf
diff --git a/‎python/ql/src/experimental/Security/CWE-287/examples/ImproperLdapAuth.qlref
Lines changed: 0 additions & 1 deletion b/‎python/ql/src/experimental/Security/CWE-287/examples/ImproperLdapAuth.qlref
Lines changed: 0 additions & 1 deletion
diff --git a/‎python/ql/test/experimental/query-tests/Security/CWE-287/ImproperLdapAuth.expected
Lines changed: 7 additions & 87 deletions b/‎python/ql/test/experimental/query-tests/Security/CWE-287/ImproperLdapAuth.expected
Lines changed: 7 additions & 87 deletions
@@ -1,87 +1,7 @@
-edges
-| auth_bad_2.py:14:10:14:16 | ControlFlowNode for request | auth_bad_2.py:15:21:15:27 | ControlFlowNode for request |
-| auth_bad_2.py:14:10:14:16 | ControlFlowNode for request | auth_bad_2.py:15:21:15:32 | ControlFlowNode for Attribute |
-| auth_bad_2.py:15:21:15:27 | ControlFlowNode for request | auth_bad_2.py:15:21:15:32 | ControlFlowNode for Attribute |
-| auth_bad_2.py:15:21:15:32 | ControlFlowNode for Attribute | auth_bad_2.py:15:21:15:42 | ControlFlowNode for Subscript |
-| auth_bad_2.py:15:21:15:42 | ControlFlowNode for Subscript | auth_bad_2.py:19:61:19:73 | ControlFlowNode for search_filter |
-| auth_bad_2.py:29:10:29:16 | ControlFlowNode for request | auth_bad_2.py:30:21:30:27 | ControlFlowNode for request |
-| auth_bad_2.py:29:10:29:16 | ControlFlowNode for request | auth_bad_2.py:30:21:30:32 | ControlFlowNode for Attribute |
-| auth_bad_2.py:30:21:30:27 | ControlFlowNode for request | auth_bad_2.py:30:21:30:32 | ControlFlowNode for Attribute |
-| auth_bad_2.py:30:21:30:32 | ControlFlowNode for Attribute | auth_bad_2.py:30:21:30:42 | ControlFlowNode for Subscript |
-| auth_bad_2.py:30:21:30:42 | ControlFlowNode for Subscript | auth_bad_2.py:34:61:34:73 | ControlFlowNode for search_filter |
-| auth_bad_2.py:44:10:44:16 | ControlFlowNode for request | auth_bad_2.py:45:21:45:27 | ControlFlowNode for request |
-| auth_bad_2.py:44:10:44:16 | ControlFlowNode for request | auth_bad_2.py:45:21:45:32 | ControlFlowNode for Attribute |
-| auth_bad_2.py:45:21:45:27 | ControlFlowNode for request | auth_bad_2.py:45:21:45:32 | ControlFlowNode for Attribute |
-| auth_bad_2.py:45:21:45:32 | ControlFlowNode for Attribute | auth_bad_2.py:45:21:45:42 | ControlFlowNode for Subscript |
-| auth_bad_2.py:45:21:45:42 | ControlFlowNode for Subscript | auth_bad_2.py:49:61:49:73 | ControlFlowNode for search_filter |
-| auth_bad_2.py:59:10:59:16 | ControlFlowNode for request | auth_bad_2.py:60:21:60:27 | ControlFlowNode for request |
-| auth_bad_2.py:59:10:59:16 | ControlFlowNode for request | auth_bad_2.py:60:21:60:32 | ControlFlowNode for Attribute |
-| auth_bad_2.py:60:21:60:27 | ControlFlowNode for request | auth_bad_2.py:60:21:60:32 | ControlFlowNode for Attribute |
-| auth_bad_2.py:60:21:60:32 | ControlFlowNode for Attribute | auth_bad_2.py:60:21:60:42 | ControlFlowNode for Subscript |
-| auth_bad_2.py:60:21:60:42 | ControlFlowNode for Subscript | auth_bad_2.py:64:61:64:73 | ControlFlowNode for search_filter |
-| auth_bad_3.py:14:10:14:16 | ControlFlowNode for request | auth_bad_3.py:15:21:15:27 | ControlFlowNode for request |
-| auth_bad_3.py:14:10:14:16 | ControlFlowNode for request | auth_bad_3.py:15:21:15:32 | ControlFlowNode for Attribute |
-| auth_bad_3.py:15:21:15:27 | ControlFlowNode for request | auth_bad_3.py:15:21:15:32 | ControlFlowNode for Attribute |
-| auth_bad_3.py:15:21:15:32 | ControlFlowNode for Attribute | auth_bad_3.py:15:21:15:42 | ControlFlowNode for Subscript |
-| auth_bad_3.py:15:21:15:42 | ControlFlowNode for Subscript | auth_bad_3.py:19:51:19:63 | ControlFlowNode for search_filter |
-| auth_bad_3.py:29:10:29:16 | ControlFlowNode for request | auth_bad_3.py:30:21:30:27 | ControlFlowNode for request |
-| auth_bad_3.py:29:10:29:16 | ControlFlowNode for request | auth_bad_3.py:30:21:30:32 | ControlFlowNode for Attribute |
-| auth_bad_3.py:30:21:30:27 | ControlFlowNode for request | auth_bad_3.py:30:21:30:32 | ControlFlowNode for Attribute |
-| auth_bad_3.py:30:21:30:32 | ControlFlowNode for Attribute | auth_bad_3.py:30:21:30:42 | ControlFlowNode for Subscript |
-| auth_bad_3.py:30:21:30:42 | ControlFlowNode for Subscript | auth_bad_3.py:34:51:34:63 | ControlFlowNode for search_filter |
-| auth_bad_3.py:44:10:44:16 | ControlFlowNode for request | auth_bad_3.py:45:21:45:27 | ControlFlowNode for request |
-| auth_bad_3.py:44:10:44:16 | ControlFlowNode for request | auth_bad_3.py:45:21:45:32 | ControlFlowNode for Attribute |
-| auth_bad_3.py:45:21:45:27 | ControlFlowNode for request | auth_bad_3.py:45:21:45:32 | ControlFlowNode for Attribute |
-| auth_bad_3.py:45:21:45:32 | ControlFlowNode for Attribute | auth_bad_3.py:45:21:45:42 | ControlFlowNode for Subscript |
-| auth_bad_3.py:45:21:45:42 | ControlFlowNode for Subscript | auth_bad_3.py:49:51:49:63 | ControlFlowNode for search_filter |
-nodes
-| auth_bad_2.py:14:10:14:16 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| auth_bad_2.py:15:21:15:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| auth_bad_2.py:15:21:15:32 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| auth_bad_2.py:15:21:15:42 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| auth_bad_2.py:19:61:19:73 | ControlFlowNode for search_filter | semmle.label | ControlFlowNode for search_filter |
-| auth_bad_2.py:29:10:29:16 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| auth_bad_2.py:30:21:30:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| auth_bad_2.py:30:21:30:32 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| auth_bad_2.py:30:21:30:42 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| auth_bad_2.py:34:61:34:73 | ControlFlowNode for search_filter | semmle.label | ControlFlowNode for search_filter |
-| auth_bad_2.py:44:10:44:16 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| auth_bad_2.py:45:21:45:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| auth_bad_2.py:45:21:45:32 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| auth_bad_2.py:45:21:45:42 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| auth_bad_2.py:49:61:49:73 | ControlFlowNode for search_filter | semmle.label | ControlFlowNode for search_filter |
-| auth_bad_2.py:59:10:59:16 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| auth_bad_2.py:60:21:60:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| auth_bad_2.py:60:21:60:32 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| auth_bad_2.py:60:21:60:42 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| auth_bad_2.py:64:61:64:73 | ControlFlowNode for search_filter | semmle.label | ControlFlowNode for search_filter |
-| auth_bad_3.py:14:10:14:16 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| auth_bad_3.py:15:21:15:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| auth_bad_3.py:15:21:15:32 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| auth_bad_3.py:15:21:15:42 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| auth_bad_3.py:19:51:19:63 | ControlFlowNode for search_filter | semmle.label | ControlFlowNode for search_filter |
-| auth_bad_3.py:29:10:29:16 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| auth_bad_3.py:30:21:30:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| auth_bad_3.py:30:21:30:32 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| auth_bad_3.py:30:21:30:42 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| auth_bad_3.py:34:51:34:63 | ControlFlowNode for search_filter | semmle.label | ControlFlowNode for search_filter |
-| auth_bad_3.py:44:10:44:16 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| auth_bad_3.py:45:21:45:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| auth_bad_3.py:45:21:45:32 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| auth_bad_3.py:45:21:45:42 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| auth_bad_3.py:49:51:49:63 | ControlFlowNode for search_filter | semmle.label | ControlFlowNode for search_filter |
-#select
-| auth_bad_2.py:19:61:19:73 | ControlFlowNode for search_filter | auth_bad_2.py:14:10:14:16 | ControlFlowNode for request | auth_bad_2.py:19:61:19:73 | ControlFlowNode for search_filter | $@ LDAP query parameter contains $@ and is executed without authentication. | auth_bad_2.py:19:61:19:73 | ControlFlowNode for search_filter | This | auth_bad_2.py:14:10:14:16 | ControlFlowNode for request | a user-provided value |
-| auth_bad_2.py:19:61:19:73 | ControlFlowNode for search_filter | auth_bad_2.py:15:21:15:27 | ControlFlowNode for request | auth_bad_2.py:19:61:19:73 | ControlFlowNode for search_filter | $@ LDAP query parameter contains $@ and is executed without authentication. | auth_bad_2.py:19:61:19:73 | ControlFlowNode for search_filter | This | auth_bad_2.py:15:21:15:27 | ControlFlowNode for request | a user-provided value |
-| auth_bad_2.py:34:61:34:73 | ControlFlowNode for search_filter | auth_bad_2.py:29:10:29:16 | ControlFlowNode for request | auth_bad_2.py:34:61:34:73 | ControlFlowNode for search_filter | $@ LDAP query parameter contains $@ and is executed without authentication. | auth_bad_2.py:34:61:34:73 | ControlFlowNode for search_filter | This | auth_bad_2.py:29:10:29:16 | ControlFlowNode for request | a user-provided value |
-| auth_bad_2.py:34:61:34:73 | ControlFlowNode for search_filter | auth_bad_2.py:30:21:30:27 | ControlFlowNode for request | auth_bad_2.py:34:61:34:73 | ControlFlowNode for search_filter | $@ LDAP query parameter contains $@ and is executed without authentication. | auth_bad_2.py:34:61:34:73 | ControlFlowNode for search_filter | This | auth_bad_2.py:30:21:30:27 | ControlFlowNode for request | a user-provided value |
-| auth_bad_2.py:49:61:49:73 | ControlFlowNode for search_filter | auth_bad_2.py:44:10:44:16 | ControlFlowNode for request | auth_bad_2.py:49:61:49:73 | ControlFlowNode for search_filter | $@ LDAP query parameter contains $@ and is executed without authentication. | auth_bad_2.py:49:61:49:73 | ControlFlowNode for search_filter | This | auth_bad_2.py:44:10:44:16 | ControlFlowNode for request | a user-provided value |
-| auth_bad_2.py:49:61:49:73 | ControlFlowNode for search_filter | auth_bad_2.py:45:21:45:27 | ControlFlowNode for request | auth_bad_2.py:49:61:49:73 | ControlFlowNode for search_filter | $@ LDAP query parameter contains $@ and is executed without authentication. | auth_bad_2.py:49:61:49:73 | ControlFlowNode for search_filter | This | auth_bad_2.py:45:21:45:27 | ControlFlowNode for request | a user-provided value |
-| auth_bad_2.py:64:61:64:73 | ControlFlowNode for search_filter | auth_bad_2.py:59:10:59:16 | ControlFlowNode for request | auth_bad_2.py:64:61:64:73 | ControlFlowNode for search_filter | $@ LDAP query parameter contains $@ and is executed without authentication. | auth_bad_2.py:64:61:64:73 | ControlFlowNode for search_filter | This | auth_bad_2.py:59:10:59:16 | ControlFlowNode for request | a user-provided value |
-| auth_bad_2.py:64:61:64:73 | ControlFlowNode for search_filter | auth_bad_2.py:60:21:60:27 | ControlFlowNode for request | auth_bad_2.py:64:61:64:73 | ControlFlowNode for search_filter | $@ LDAP query parameter contains $@ and is executed without authentication. | auth_bad_2.py:64:61:64:73 | ControlFlowNode for search_filter | This | auth_bad_2.py:60:21:60:27 | ControlFlowNode for request | a user-provided value |
-| auth_bad_3.py:19:51:19:63 | ControlFlowNode for search_filter | auth_bad_3.py:14:10:14:16 | ControlFlowNode for request | auth_bad_3.py:19:51:19:63 | ControlFlowNode for search_filter | $@ LDAP query parameter contains $@ and is executed without authentication. | auth_bad_3.py:19:51:19:63 | ControlFlowNode for search_filter | This | auth_bad_3.py:14:10:14:16 | ControlFlowNode for request | a user-provided value |
-| auth_bad_3.py:19:51:19:63 | ControlFlowNode for search_filter | auth_bad_3.py:15:21:15:27 | ControlFlowNode for request | auth_bad_3.py:19:51:19:63 | ControlFlowNode for search_filter | $@ LDAP query parameter contains $@ and is executed without authentication. | auth_bad_3.py:19:51:19:63 | ControlFlowNode for search_filter | This | auth_bad_3.py:15:21:15:27 | ControlFlowNode for request | a user-provided value |
-| auth_bad_3.py:34:51:34:63 | ControlFlowNode for search_filter | auth_bad_3.py:29:10:29:16 | ControlFlowNode for request | auth_bad_3.py:34:51:34:63 | ControlFlowNode for search_filter | $@ LDAP query parameter contains $@ and is executed without authentication. | auth_bad_3.py:34:51:34:63 | ControlFlowNode for search_filter | This | auth_bad_3.py:29:10:29:16 | ControlFlowNode for request | a user-provided value |
-| auth_bad_3.py:34:51:34:63 | ControlFlowNode for search_filter | auth_bad_3.py:30:21:30:27 | ControlFlowNode for request | auth_bad_3.py:34:51:34:63 | ControlFlowNode for search_filter | $@ LDAP query parameter contains $@ and is executed without authentication. | auth_bad_3.py:34:51:34:63 | ControlFlowNode for search_filter | This | auth_bad_3.py:30:21:30:27 | ControlFlowNode for request | a user-provided value |
-| auth_bad_3.py:49:51:49:63 | ControlFlowNode for search_filter | auth_bad_3.py:44:10:44:16 | ControlFlowNode for request | auth_bad_3.py:49:51:49:63 | ControlFlowNode for search_filter | $@ LDAP query parameter contains $@ and is executed without authentication. | auth_bad_3.py:49:51:49:63 | ControlFlowNode for search_filter | This | auth_bad_3.py:44:10:44:16 | ControlFlowNode for request | a user-provided value |
-| auth_bad_3.py:49:51:49:63 | ControlFlowNode for search_filter | auth_bad_3.py:45:21:45:27 | ControlFlowNode for request | auth_bad_3.py:49:51:49:63 | ControlFlowNode for search_filter | $@ LDAP query parameter contains $@ and is executed without authentication. | auth_bad_3.py:49:51:49:63 | ControlFlowNode for search_filter | This | auth_bad_3.py:45:21:45:27 | ControlFlowNode for request | a user-provided value |
+| The following LDAP bind operation is executed without authentication | auth_bad_2.py:18:5:18:42 | ControlFlowNode for Attribute() |
+| The following LDAP bind operation is executed without authentication | auth_bad_2.py:33:5:33:44 | ControlFlowNode for Attribute() |
+| The following LDAP bind operation is executed without authentication | auth_bad_2.py:48:5:48:43 | ControlFlowNode for Attribute() |
+| The following LDAP bind operation is executed without authentication | auth_bad_2.py:63:5:63:39 | ControlFlowNode for Attribute() |
+| The following LDAP bind operation is executed without authentication | auth_bad_3.py:18:12:18:57 | ControlFlowNode for Connection() |
+| The following LDAP bind operation is executed without authentication | auth_bad_3.py:33:12:33:55 | ControlFlowNode for Connection() |
+| The following LDAP bind operation is executed without authentication | auth_bad_3.py:48:12:48:42 | ControlFlowNode for Connection() |