python: revert last two commits which intended for another branch.

yoff · yoff · commit 80da48ee5422 · 2022-01-26T19:08:30.000+01:00
diff --git a/python/ql/lib/semmle/python/Concepts.qll b/python/ql/lib/semmle/python/Concepts.qll
@@ -443,41 +443,6 @@ module RegexExecution {
   }
 }
 
-/**
- * A data-flow node that executes an LDAP query.
- *
- * Extend this class to refine existing API models. If you want to model new APIs,
- * extend `LDAPQuery::Range` instead.
- */
-class LdapExecution extends DataFlow::Node {
-  LdapExecution::Range range;
-
-  LdapExecution() { this = range }
-
-  /** Gets the argument containing the filter string. */
-  DataFlow::Node getFilter() { result = range.getFilter() }
-
-  /** Gets the argument containing the base DN. */
-  DataFlow::Node getBaseDn() { result = range.getBaseDn() }
-}
-
-/** Provides classes for modeling new LDAP query execution-related APIs. */
-module LdapExecution {
-  /**
-   * A data-flow node that executes an LDAP query.
-   *
-   * Extend this class to model new APIs. If you want to refine existing API models,
-   * extend `LDAPQuery` instead.
-   */
-  abstract class Range extends DataFlow::Node {
-    /** Gets the argument containing the filter string. */
-    abstract DataFlow::Node getFilter();
-
-    /** Gets the argument containing the base DN. */
-    abstract DataFlow::Node getBaseDn();
-  }
-}
-
 /**
  * A data-flow node that escapes meta-characters, which could be used to prevent
  * injection attacks.
@@ -535,20 +500,8 @@ module Escaping {
   /** Gets the escape-kind for escaping a string so it can safely be included in HTML. */
   string getHtmlKind() { result = "html" }
 
-  /** Gets the escape-kind for escaping a string so it can safely be included in a regular expression. */
+  /** Gets the escape-kind for escaping a string so it can safely be included in HTML. */
   string getRegexKind() { result = "regex" }
-
-  /**
-   * Gets the escape-kind for escaping a string so it can safely be used as a
-   * distinguished name (DN) in an LDAP search.
-   */
-  string getLdapDnKind() { result = "ldap_dn" }
-
-  /**
-   * Gets the escape-kind for escaping a string so it can safely be used as a
-   * filter in an LDAP search.
-   */
-  string getLdapFilterKind() { result = "ldap_filter" }
   // TODO: If adding an XML kind, update the modeling of the `MarkupSafe` PyPI package.
   //
   // Technically it claims to escape for both HTML and XML, but for now we don't have
@@ -573,21 +526,6 @@ class RegexEscaping extends Escaping {
   RegexEscaping() { range.getKind() = Escaping::getRegexKind() }
 }
 
-/**
- * An escape of a string so it can be safely used as a distinguished name (DN)
- * in an LDAP search.
- */
-class LdapDnEscaping extends Escaping {
-  LdapDnEscaping() { range.getKind() = Escaping::getLdapDnKind() }
-}
-
-/**
- * An escape of a string so it can be safely used as a filter in an LDAP search.
- */
-class LdapFilterEscaping extends Escaping {
-  LdapFilterEscaping() { range.getKind() = Escaping::getLdapFilterKind() }
-}
-
 /** Provides classes for modeling HTTP-related APIs. */
 module HTTP {
   import semmle.python.web.HttpConstants
diff --git a/python/ql/lib/semmle/python/frameworks/Ldap.qll b/python/ql/lib/semmle/python/frameworks/Ldap.qll
diff --git a/python/ql/src/experimental/Security/CWE-090/LDAPInjection.qhelp b/python/ql/src/experimental/Security/CWE-090/LDAPInjection.qhelp
@@ -4,22 +4,22 @@
 <qhelp>
 <overview>
 <p>If an LDAP query or DN is built using string concatenation or string formatting, and the
-components of the concatenation include user input without any proper sanitization, a user
+components of the concatenation include user input without any proper sanitization, a user 
 is likely to be able to run malicious LDAP queries.</p>
 </overview>
 
 <recommendation>
 <p>If user input must be included in an LDAP query or DN, it should be escaped to
 avoid a malicious user providing special characters that change the meaning
-of the query. In Python2, user input should be escaped with <code>ldap.dn.escape_dn_chars</code>
-or <code>ldap.filter.escape_filter_chars</code>, while in Python3, user input should be escaped with
+of the query. In Python2, user input should be escaped with <code>ldap.dn.escape_dn_chars</code> 
+or <code>ldap.filter.escape_filter_chars</code>, while in Python3, user input should be escaped with 
 <code>ldap3.utils.dn.escape_rdn</code> or <code>ldap3.utils.conv.escape_filter_chars</code>
-depending on the component tainted by the user. A good practice is to escape filter characters
+depending on the component tainted by the user. A good practice is to escape filter characters 
 that could change the meaning of the query (https://tools.ietf.org/search/rfc4515#section-3).</p>
 </recommendation>
 
 <example>
-<p>In the following examples, the code accepts both <code>username</code> and <code>dc</code> from the user,
+<p>In the following examples, the code accepts both <code>username</code> and <code>dc</code> from the user, 
 which it then uses to build a LDAP query and DN.</p>
 
 <p>The first and the second example uses the unsanitized user input directly
@@ -30,7 +30,7 @@ components, and search for a completely different set of values.</p>
 <sample src="examples/example_bad1.py" />
 <sample src="examples/example_bad2.py" />
 
-<p>In the third and fourth example, the input provided by the user is sanitized before it is included in the search filter or DN.
+<p>In the third and four example, the input provided by the user is sanitized before it is included in the search filter or DN. 
 This ensures the meaning of the query cannot be changed by a malicious user.</p>
 
 <sample src="examples/example_good1.py" />
