Java: update ldap sink kind to ldap-injection

Author: Jami Cogswell

java/ql/lib/ext/com.unboundid.ldap.sdk.model.yml

@@ -3,20 +3,20 @@ extensions:
       pack: codeql/java-all
       extensible: sinkModel
     data:
-      - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "asyncSearch", "", "", "Argument[0]", "ldap", "manual"]
-      - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "search", "(ReadOnlySearchRequest)", "", "Argument[0]", "ldap", "manual"]
-      - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "search", "(SearchRequest)", "", "Argument[0]", "ldap", "manual"]
-      - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "search", "(SearchResultListener,String,SearchScope,DereferencePolicy,int,int,boolean,Filter,String[])", "", "Argument[0..7]", "ldap", "manual"]
-      - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "search", "(SearchResultListener,String,SearchScope,DereferencePolicy,int,int,boolean,String,String[])", "", "Argument[0..7]", "ldap", "manual"]
-      - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "search", "(SearchResultListener,String,SearchScope,Filter,String[])", "", "Argument[0..3]", "ldap", "manual"]
-      - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "search", "(SearchResultListener,String,SearchScope,String,String[])", "", "Argument[0..3]", "ldap", "manual"]
-      - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "search", "(String,SearchScope,DereferencePolicy,int,int,boolean,Filter,String[])", "", "Argument[0..6]", "ldap", "manual"]
-      - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "search", "(String,SearchScope,DereferencePolicy,int,int,boolean,String,String[])", "", "Argument[0..6]", "ldap", "manual"]
-      - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "search", "(String,SearchScope,Filter,String[])", "", "Argument[0..2]", "ldap", "manual"]
-      - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "search", "(String,SearchScope,String,String[])", "", "Argument[0..2]", "ldap", "manual"]
-      - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "searchForEntry", "(ReadOnlySearchRequest)", "", "Argument[0]", "ldap", "manual"]
-      - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "searchForEntry", "(SearchRequest)", "", "Argument[0]", "ldap", "manual"]
-      - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "searchForEntry", "(String,SearchScope,DereferencePolicy,int,boolean,Filter,String[])", "", "Argument[0..5]", "ldap", "manual"]
-      - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "searchForEntry", "(String,SearchScope,DereferencePolicy,int,boolean,String,String[])", "", "Argument[0..5]", "ldap", "manual"]
-      - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "searchForEntry", "(String,SearchScope,Filter,String[])", "", "Argument[0..2]", "ldap", "manual"]
-      - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "searchForEntry", "(String,SearchScope,String,String[])", "", "Argument[0..2]", "ldap", "manual"]
+      - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "asyncSearch", "", "", "Argument[0]", "ldap-injection", "manual"]
+      - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "search", "(ReadOnlySearchRequest)", "", "Argument[0]", "ldap-injection", "manual"]
+      - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "search", "(SearchRequest)", "", "Argument[0]", "ldap-injection", "manual"]
+      - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "search", "(SearchResultListener,String,SearchScope,DereferencePolicy,int,int,boolean,Filter,String[])", "", "Argument[0..7]", "ldap-injection", "manual"]
+      - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "search", "(SearchResultListener,String,SearchScope,DereferencePolicy,int,int,boolean,String,String[])", "", "Argument[0..7]", "ldap-injection", "manual"]
+      - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "search", "(SearchResultListener,String,SearchScope,Filter,String[])", "", "Argument[0..3]", "ldap-injection", "manual"]
+      - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "search", "(SearchResultListener,String,SearchScope,String,String[])", "", "Argument[0..3]", "ldap-injection", "manual"]
+      - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "search", "(String,SearchScope,DereferencePolicy,int,int,boolean,Filter,String[])", "", "Argument[0..6]", "ldap-injection", "manual"]
+      - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "search", "(String,SearchScope,DereferencePolicy,int,int,boolean,String,String[])", "", "Argument[0..6]", "ldap-injection", "manual"]
+      - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "search", "(String,SearchScope,Filter,String[])", "", "Argument[0..2]", "ldap-injection", "manual"]
+      - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "search", "(String,SearchScope,String,String[])", "", "Argument[0..2]", "ldap-injection", "manual"]
+      - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "searchForEntry", "(ReadOnlySearchRequest)", "", "Argument[0]", "ldap-injection", "manual"]
+      - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "searchForEntry", "(SearchRequest)", "", "Argument[0]", "ldap-injection", "manual"]
+      - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "searchForEntry", "(String,SearchScope,DereferencePolicy,int,boolean,Filter,String[])", "", "Argument[0..5]", "ldap-injection", "manual"]
+      - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "searchForEntry", "(String,SearchScope,DereferencePolicy,int,boolean,String,String[])", "", "Argument[0..5]", "ldap-injection", "manual"]
+      - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "searchForEntry", "(String,SearchScope,Filter,String[])", "", "Argument[0..2]", "ldap-injection", "manual"]
+      - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "searchForEntry", "(String,SearchScope,String,String[])", "", "Argument[0..2]", "ldap-injection", "manual"]

java/ql/lib/ext/javax.naming.directory.model.yml

@@ -3,4 +3,4 @@ extensions:
       pack: codeql/java-all
       extensible: sinkModel
     data:
-      - ["javax.naming.directory", "DirContext", True, "search", "", "", "Argument[0..1]", "ldap", "manual"]
+      - ["javax.naming.directory", "DirContext", True, "search", "", "", "Argument[0..1]", "ldap-injection", "manual"]

java/ql/lib/ext/org.apache.directory.ldap.client.api.model.yml

@@ -3,4 +3,4 @@ extensions:
       pack: codeql/java-all
       extensible: sinkModel
     data:
-      - ["org.apache.directory.ldap.client.api", "LdapConnection", True, "search", "", "", "Argument[0..2]", "ldap", "manual"]
+      - ["org.apache.directory.ldap.client.api", "LdapConnection", True, "search", "", "", "Argument[0..2]", "ldap-injection", "manual"]

java/ql/lib/ext/org.springframework.ldap.core.model.yml

@@ -22,17 +22,17 @@ extensions:
       - ["org.springframework.ldap.core", "LdapOperations", True, "search", "(String,String,int,String[],ContextMapper)", "", "Argument[0]", "jndi-injection", "manual"]
       - ["org.springframework.ldap.core", "LdapOperations", True, "searchForObject", "(Name,String,ContextMapper)", "", "Argument[0]", "jndi-injection", "manual"]
       - ["org.springframework.ldap.core", "LdapOperations", True, "searchForObject", "(String,String,ContextMapper)", "", "Argument[0]", "jndi-injection", "manual"]
-      - ["org.springframework.ldap.core", "LdapTemplate", False, "authenticate", "(LdapQuery,String)", "", "Argument[0]", "ldap", "manual"]
-      - ["org.springframework.ldap.core", "LdapTemplate", False, "authenticate", "(Name,String,String)", "", "Argument[0..1]", "ldap", "manual"]
-      - ["org.springframework.ldap.core", "LdapTemplate", False, "authenticate", "(Name,String,String,AuthenticatedLdapEntryContextCallback)", "", "Argument[0..1]", "ldap", "manual"]
-      - ["org.springframework.ldap.core", "LdapTemplate", False, "authenticate", "(Name,String,String,AuthenticatedLdapEntryContextCallback,AuthenticationErrorCallback)", "", "Argument[0..1]", "ldap", "manual"]
-      - ["org.springframework.ldap.core", "LdapTemplate", False, "authenticate", "(Name,String,String,AuthenticationErrorCallback)", "", "Argument[0..1]", "ldap", "manual"]
-      - ["org.springframework.ldap.core", "LdapTemplate", False, "authenticate", "(String,String,String)", "", "Argument[0..1]", "ldap", "manual"]
-      - ["org.springframework.ldap.core", "LdapTemplate", False, "authenticate", "(String,String,String,AuthenticatedLdapEntryContextCallback)", "", "Argument[0..1]", "ldap", "manual"]
-      - ["org.springframework.ldap.core", "LdapTemplate", False, "authenticate", "(String,String,String,AuthenticatedLdapEntryContextCallback,AuthenticationErrorCallback)", "", "Argument[0..1]", "ldap", "manual"]
-      - ["org.springframework.ldap.core", "LdapTemplate", False, "authenticate", "(String,String,String,AuthenticationErrorCallback)", "", "Argument[0..1]", "ldap", "manual"]
-      - ["org.springframework.ldap.core", "LdapTemplate", False, "find", "", "", "Argument[0..1]", "ldap", "manual"]
-      - ["org.springframework.ldap.core", "LdapTemplate", False, "findOne", "", "", "Argument[0..1]", "ldap", "manual"]
-      - ["org.springframework.ldap.core", "LdapTemplate", False, "search", "", "", "Argument[0..1]", "ldap", "manual"]
-      - ["org.springframework.ldap.core", "LdapTemplate", False, "searchForContext", "", "", "Argument[0..1]", "ldap", "manual"]
-      - ["org.springframework.ldap.core", "LdapTemplate", False, "searchForObject", "", "", "Argument[0..1]", "ldap", "manual"]
+      - ["org.springframework.ldap.core", "LdapTemplate", False, "authenticate", "(LdapQuery,String)", "", "Argument[0]", "ldap-injection", "manual"]
+      - ["org.springframework.ldap.core", "LdapTemplate", False, "authenticate", "(Name,String,String)", "", "Argument[0..1]", "ldap-injection", "manual"]
+      - ["org.springframework.ldap.core", "LdapTemplate", False, "authenticate", "(Name,String,String,AuthenticatedLdapEntryContextCallback)", "", "Argument[0..1]", "ldap-injection", "manual"]
+      - ["org.springframework.ldap.core", "LdapTemplate", False, "authenticate", "(Name,String,String,AuthenticatedLdapEntryContextCallback,AuthenticationErrorCallback)", "", "Argument[0..1]", "ldap-injection", "manual"]
+      - ["org.springframework.ldap.core", "LdapTemplate", False, "authenticate", "(Name,String,String,AuthenticationErrorCallback)", "", "Argument[0..1]", "ldap-injection", "manual"]
+      - ["org.springframework.ldap.core", "LdapTemplate", False, "authenticate", "(String,String,String)", "", "Argument[0..1]", "ldap-injection", "manual"]
+      - ["org.springframework.ldap.core", "LdapTemplate", False, "authenticate", "(String,String,String,AuthenticatedLdapEntryContextCallback)", "", "Argument[0..1]", "ldap-injection", "manual"]
+      - ["org.springframework.ldap.core", "LdapTemplate", False, "authenticate", "(String,String,String,AuthenticatedLdapEntryContextCallback,AuthenticationErrorCallback)", "", "Argument[0..1]", "ldap-injection", "manual"]
+      - ["org.springframework.ldap.core", "LdapTemplate", False, "authenticate", "(String,String,String,AuthenticationErrorCallback)", "", "Argument[0..1]", "ldap-injection", "manual"]
+      - ["org.springframework.ldap.core", "LdapTemplate", False, "find", "", "", "Argument[0..1]", "ldap-injection", "manual"]
+      - ["org.springframework.ldap.core", "LdapTemplate", False, "findOne", "", "", "Argument[0..1]", "ldap-injection", "manual"]
+      - ["org.springframework.ldap.core", "LdapTemplate", False, "search", "", "", "Argument[0..1]", "ldap-injection", "manual"]
+      - ["org.springframework.ldap.core", "LdapTemplate", False, "searchForContext", "", "", "Argument[0..1]", "ldap-injection", "manual"]
+      - ["org.springframework.ldap.core", "LdapTemplate", False, "searchForObject", "", "", "Argument[0..1]", "ldap-injection", "manual"]

java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll

@@ -274,12 +274,12 @@ module ModelValidation {
     exists(string kind | sinkModel(_, _, _, _, _, _, _, kind, _) |
       not kind =
         [
-          "open-url", "jndi-injection", "ldap", "sql-injection", "jdbc-url", "log-injection",
-          "mvel-injection", "xpath-injection", "groovy-injection", "xss", "ognl-injection",
-          "intent-start", "pending-intent-sent", "url-redirection", "create-file", "read-file",
-          "write-file", "set-hostname-verifier", "header-splitting", "information-leak",
-          "xslt-injection", "jexl-injection", "bean-validation", "template-injection",
-          "fragment-injection", "command-injection"
+          "open-url", "jndi-injection", "ldap-injection", "sql-injection", "jdbc-url",
+          "log-injection", "mvel-injection", "xpath-injection", "groovy-injection", "xss",
+          "ognl-injection", "intent-start", "pending-intent-sent", "url-redirection", "create-file",
+          "read-file", "write-file", "set-hostname-verifier", "header-splitting",
+          "information-leak", "xslt-injection", "jexl-injection", "bean-validation",
+          "template-injection", "fragment-injection", "command-injection"
         ] and
       not kind.matches("regex-use%") and
       not kind.matches("qltest%") and

java/ql/lib/semmle/code/java/security/LdapInjection.qll

@@ -29,7 +29,7 @@ class LdapInjectionAdditionalTaintStep extends Unit {
 
 /** Default sink for LDAP injection vulnerabilities. */
 private class DefaultLdapInjectionSink extends LdapInjectionSink {
-  DefaultLdapInjectionSink() { sinkNode(this, "ldap") }
+  DefaultLdapInjectionSink() { sinkNode(this, "ldap-injection") }
 }
 
 /** A sanitizer that clears the taint on (boxed) primitive types. */