Remove attrs feature

github · RasmusWL · May 26, 2021 · Mar 18, 2021 · Mar 18, 2021 · Mar 18, 2021
commit 4328ff398121d12f800a67a3edc0cd72ea2bf77e
@@ -19,7 +19,6 @@ from
   LDAPInjectionSink castedSink
 where
   config.hasFlowPath(source, sink) and
-  castedSink.getLDAPNode() = sink.getNode() //and
-// if exists(castedSink.getAttrs()) then
+  castedSink.getLDAPNode() = sink.getNode()
 select sink.getNode(), source, sink, "$@ LDAP query executes $@ as a $@.", castedSink, "This",
-  source.getNode(), "a user-provided value", castedSink.getLDAPNode(), castedSink.getLDAPPart() //, castedSink.getAttrs(), "probably leaking this attribute(s)"
+  source.getNode(), "a user-provided value", castedSink.getLDAPNode(), castedSink.getLDAPPart()
@@ -20,8 +20,6 @@ module LDAPQuery {
     abstract DataFlow::Node getLDAPNode();
 
     abstract string getLDAPPart();
-
-    abstract DataFlow::Node getAttrs();
   }
 }
 
@@ -33,8 +31,6 @@ class LDAPQuery extends DataFlow::Node {
   DataFlow::Node getLDAPNode() { result = range.getLDAPNode() }
 
   string getLDAPPart() { result = range.getLDAPPart() }
-
-  DataFlow::Node getAttrs() { result = range.getAttrs() }
 }
 
 module LDAPEscape {

diff --git a/python/ql/src/experimental/semmle/python/frameworks/Stdlib.qll b/python/ql/src/experimental/semmle/python/frameworks/Stdlib.qll
@@ -21,7 +21,6 @@ private module LDAP {
     private class LDAP2Query extends DataFlow::CallCfgNode, LDAPQuery::Range {
       DataFlow::Node ldapNode;
       string ldapPart;
-      DataFlow::Node attrs;
 
       LDAP2Query() {
         exists(DataFlow::AttrRead searchMethod, DataFlow::CallCfgNode initCall |
@@ -45,10 +44,6 @@ private module LDAP {
       override DataFlow::Node getLDAPNode() { result = ldapNode }
 
       override string getLDAPPart() { result = ldapPart }
-
-      override DataFlow::Node getAttrs() {
-        result = this.getArg(3) or result = this.getArgByName("attrlist")
-      }
     }
 
     private class LDAP2EscapeDN extends DataFlow::CallCfgNode, LDAPEscape::Range {
@@ -77,14 +72,12 @@ private module LDAP {
 
   private module LDAP3 {
     private class LDAP3QueryMethods extends string {
-      // pending to dig into this although https://github.com/cannatag/ldap3/blob/21001d9087c0d24c399eec433a261c455b7bc97f/ldap3/core/connection.py#L760
       LDAP3QueryMethods() { this in ["search"] }
     }
 
     private class LDAP3Query extends DataFlow::CallCfgNode, LDAPQuery::Range {
       DataFlow::Node ldapNode;
       string ldapPart;
-      DataFlow::Node attrs;
 
       LDAP3Query() {
         exists(DataFlow::AttrRead searchMethod, DataFlow::CallCfgNode connCall |
@@ -105,10 +98,6 @@ private module LDAP {
       override DataFlow::Node getLDAPNode() { result = ldapNode }
 
       override string getLDAPPart() { result = ldapPart }
-
-      override DataFlow::Node getAttrs() {
-        result = this.getArg(3) or result = this.getArgByName("attributes")
-      }
     }
 
     private class LDAP3EscapeDN extends DataFlow::CallCfgNode, LDAPEscape::Range {

diff --git a/python/ql/src/experimental/semmle/python/security/injection/LDAPInjection.qll b/python/ql/src/experimental/semmle/python/security/injection/LDAPInjection.qll
@@ -9,23 +9,20 @@ import semmle.python.dataflow.new.TaintTracking
 import semmle.python.dataflow.new.RemoteFlowSources
 
 class LDAPInjectionSink extends DataFlow::Node {
-  // DataFlow::Node attrs;
   DataFlow::Node ldapNode;
   string ldapPart;
 
   LDAPInjectionSink() {
     exists(LDAPQuery ldapQuery |
       this = ldapQuery and
       ldapNode = ldapQuery.getLDAPNode() and
-      ldapPart = ldapQuery.getLDAPPart() // and
-      // if exists(ldapQuery.getAttrs()) then attrs = ldapQuery.getAttrs()
+      ldapPart = ldapQuery.getLDAPPart()
     )
   }
 
   DataFlow::Node getLDAPNode() { result = ldapNode }
 
   string getLDAPPart() { result = ldapPart }
-  // DataFlow::Node getAttrs() { result = attrs }
 }
 
 /**