Skip to content

Commit 2392be0

Browse files
jorgectfjorgectf
committed
Improve sink
1 parent 20fc5db commit 2392be0

File tree

1 file changed

+9
-2
lines changed

1 file changed

+9
-2
lines changed

python/ql/src/experimental/semmle/python/security/LDAPImproperAuth.qll

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,8 +8,15 @@ class LDAPImproperAuthSink extends DataFlow::Node {
88
LDAPImproperAuthSink() {
99
exists(LDAPBind ldapBind |
1010
(
11-
DataFlow::localFlow(DataFlow::exprNode(any(None noneName)), ldapBind.getPasswordNode()) or
12-
not exists(ldapBind.getPasswordNode())
11+
(
12+
DataFlow::localFlow(DataFlow::exprNode(any(None noneName)), ldapBind.getPasswordNode()) or
13+
not exists(ldapBind.getPasswordNode())
14+
)
15+
or
16+
exists(StrConst emptyString |
17+
emptyString.getText() = "" and
18+
DataFlow::localFlow(DataFlow::exprNode(emptyString), ldapBind.getPasswordNode())
19+
)
1320
) and
1421
this = ldapBind.getQueryNode()
1522
)

0 commit comments

Comments
 (0)