Skip to content

Commit 9275b54

Browse files
egregius313egregius313
committed
Refactoring the InsecureLdapUrl constructor
1 parent 938d953 commit 9275b54

File tree

1 file changed

+26
-21
lines changed

1 file changed

+26
-21
lines changed

java/ql/src/Security/CWE/CWE-522/InsecureLdapAuth.ql

Lines changed: 26 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -36,42 +36,47 @@ class TypeHashtable extends Class {
3636
TypeHashtable() { this.getSourceDeclaration().hasQualifiedName("java.util", "Hashtable") }
3737
}
3838

39+
string getHostname(Expr expr) {
40+
result = expr.(CompileTimeConstantExpr).getStringValue() or
41+
result =
42+
expr.(VarAccess).getVariable().getAnAssignedValue().(CompileTimeConstantExpr).getStringValue()
43+
}
44+
3945
/**
4046
* Holds if a non-private LDAP string is concatenated from both protocol and host.
4147
*/
42-
predicate concatInsecureLdapString(Expr protocol, Expr host) {
43-
protocol.(CompileTimeConstantExpr).getStringValue() = "ldap://" and
44-
not exists(string hostString |
45-
hostString = host.(CompileTimeConstantExpr).getStringValue() or
46-
hostString =
47-
host.(VarAccess).getVariable().getAnAssignedValue().(CompileTimeConstantExpr).getStringValue()
48-
|
48+
predicate concatInsecureLdapString(CompileTimeConstantExpr protocol, Expr host) {
49+
protocol.getStringValue() = "ldap://" and
50+
not exists(string hostString | hostString = getHostname(host) |
4951
hostString.length() = 0 or // Empty host is loopback address
5052
hostString instanceof PrivateHostName
5153
)
5254
}
5355

54-
/** Gets the leftmost operand in a concatenated string */
55-
Expr getLeftmostConcatOperand(Expr expr) {
56-
// if expr instanceof AddExpr
57-
// then result = getLeftmostConcatOperand(expr.(AddExpr).getLeftOperand())
58-
// else result = expr
59-
if expr instanceof AddExpr
60-
then
61-
result = expr.(AddExpr).getLeftOperand*() and
62-
not result instanceof AddExpr
63-
else result = expr
64-
}
65-
56+
// Expr getLeftmostConcatOperand(Expr expr) {
57+
// if expr instanceof AddExpr
58+
// then
59+
// result = expr.(AddExpr).getLeftOperand() and
60+
// not result instanceof AddExpr
61+
// else result = expr
62+
// }
6663
/**
6764
* String concatenated with `InsecureLdapUrlLiteral`.
6865
*/
6966
class InsecureLdapUrl extends Expr {
7067
InsecureLdapUrl() {
7168
this instanceof InsecureLdapUrlLiteral
7269
or
73-
concatInsecureLdapString(this.(AddExpr).getLeftOperand(),
74-
getLeftmostConcatOperand(this.(AddExpr).getRightOperand()))
70+
// protocol + host + ...
71+
exists(AddExpr e, CompileTimeConstantExpr protocol, Expr rest, Expr host |
72+
e = this and
73+
protocol = e.getLeftOperand() and
74+
rest = e.getRightOperand() and
75+
if rest instanceof AddExpr then host = rest.(AddExpr).getLeftOperand() else host = rest
76+
|
77+
protocol.getStringValue() = "ldap://" and
78+
concatInsecureLdapString(protocol, host)
79+
)
7580
}
7681
}
7782

0 commit comments

Comments
 (0)