Set up taint config and custom sink

jorgectf · jorgectf · commit 7e456494ef9f · 2021-04-08T00:20:04.000+02:00
diff --git a/python/ql/src/experimental/semmle/python/security/LDAPImproperAuth.qll b/python/ql/src/experimental/semmle/python/security/LDAPImproperAuth.qll
@@ -1,2 +1,25 @@
+import python
+import experimental.semmle.python.Concepts
+import semmle.python.dataflow.new.DataFlow
+import semmle.python.dataflow.new.TaintTracking
+import semmle.python.dataflow.new.RemoteFlowSources
 
-//
+class LDAPImproperAuthSink extends DataFlow::Node {
+  LDAPImproperAuthSink() {
+    exists(LDAPBind ldapBind |
+      (
+        DataFlow::localFlow(DataFlow::exprNode(any(None noneName)), ldapBind.getPasswordNode()) or
+        not exists(ldapBind.getPasswordNode())
+      ) and
+      this = ldapBind.getQueryNode()
+    )
+  }
+}
+
+class LDAPImproperAuthenticationConfig extends TaintTracking::Configuration {
+  LDAPImproperAuthenticationConfig() { this = "LDAPImproperAuthenticationConfig" }
+
+  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
+
+  override predicate isSink(DataFlow::Node sink) { sink instanceof LDAPImproperAuthSink }
+}
