Query PR
github/codeql#13366
Language
GoLang
CVE(s) ID list
CWE
CWE-287
Report
This query covers Improper LDAP Authentication, that con occur when an application uses user-supplied data to establish a connection to a LDAP server.
I used a dataflow configuration looking for UntrustedFlowSource flowing to the password used in LDAP binding.
In order to avoid false positives I used RegexpCheck and equalityAsSanitizerGuard as barriers. For equalityAsSanitizerGuard I have taken as an example the equalityAsSanitizerGuard used in SSRF query. The difference here is that the query will consider whether the string to be compared is empty or not (this should avoid several possible FP)
Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).
Blog post link
No response
Query PR
github/codeql#13366
Language
GoLang
CVE(s) ID list
CWE
CWE-287
Report
This query covers Improper LDAP Authentication, that con occur when an application uses user-supplied data to establish a connection to a LDAP server.
I used a dataflow configuration looking for UntrustedFlowSource flowing to the password used in LDAP binding.
In order to avoid false positives I used RegexpCheck and equalityAsSanitizerGuard as barriers. For
equalityAsSanitizerGuardI have taken as an example theequalityAsSanitizerGuardused in SSRF query. The difference here is that the query will consider whether the string to be compared is empty or not (this should avoid several possible FP)Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).
Blog post link
No response