@@ -9,3 +9,60 @@ private import semmle.python.dataflow.new.TaintTracking
9
9
private import semmle.python.dataflow.new.RemoteFlowSources
10
10
private import experimental.semmle.python.Concepts
11
11
private import semmle.python.ApiGraphs
12
+
13
+ private module LDAP {
14
+ private module LDAP2 {
15
+ private class LDAP2QueryMethods extends string {
16
+ LDAP2QueryMethods ( ) {
17
+ this in [ "search" , "search_s" , "search_st" , "search_ext" , "search_ext_s" ]
18
+ }
19
+ }
20
+
21
+ class LDAP2Bind extends DataFlow:: CallCfgNode , LDAPBind:: Range {
22
+ DataFlow:: Node queryNode ;
23
+
24
+ LDAP2Bind ( ) {
25
+ exists (
26
+ DataFlow:: AttrRead bindMethod , DataFlow:: CallCfgNode searchCall ,
27
+ DataFlow:: AttrRead searchMethod
28
+ |
29
+ this .getFunction ( ) = bindMethod and
30
+ API:: moduleImport ( "ldap" ) .getMember ( "initialize" ) .getACall ( ) =
31
+ bindMethod .getObject ( ) .getALocalSource ( ) and
32
+ bindMethod .getAttributeName ( ) .matches ( "%bind%" ) and
33
+ searchCall .getFunction ( ) = searchMethod and
34
+ bindMethod .getObject ( ) .getALocalSource ( ) = searchMethod .getObject ( ) .getALocalSource ( ) and
35
+ searchMethod .getAttributeName ( ) instanceof LDAP2QueryMethods and
36
+ (
37
+ queryNode = searchCall .getArg ( 2 ) or
38
+ queryNode = searchCall .getArgByName ( "filterstr" )
39
+ )
40
+ )
41
+ }
42
+
43
+ override DataFlow:: Node getPasswordNode ( ) { result = this .getArg ( 1 ) }
44
+
45
+ override DataFlow:: Node getQueryNode ( ) { result = queryNode }
46
+ }
47
+ }
48
+
49
+ private module LDAP3 {
50
+ class LDAP3Bind extends DataFlow:: CallCfgNode , LDAPBind:: Range {
51
+ DataFlow:: Node queryNode ;
52
+
53
+ LDAP3Bind ( ) {
54
+ exists ( DataFlow:: CallCfgNode searchCall , DataFlow:: AttrRead searchMethod |
55
+ this = API:: moduleImport ( "ldap3" ) .getMember ( "Connection" ) .getACall ( ) and
56
+ searchMethod .getObject ( ) .getALocalSource ( ) = this and
57
+ searchCall .getFunction ( ) = searchMethod and
58
+ searchMethod .getAttributeName ( ) = "search" and
59
+ queryNode = searchCall .getArg ( 1 )
60
+ )
61
+ }
62
+
63
+ override DataFlow:: Node getPasswordNode ( ) { result = this .getArgByName ( "password" ) }
64
+
65
+ override DataFlow:: Node getQueryNode ( ) { result = queryNode }
66
+ }
67
+ }
68
+ }
0 commit comments