From 00ee3d2549623735d39ec61cbf15abea3adda417 Mon Sep 17 00:00:00 2001
From: Grzegorz Golawski <grzegol@gmail.com>
Date: Sat, 18 Jan 2020 20:21:38 +0100
Subject: [PATCH] Query to detect LDAP injections in Java

Cleanup
---
 .../Security/CWE/CWE-90/LdapInjectionLib.qll  | 24 ++++++++-----------
 .../code/java/frameworks/ApacheLdap.qll       |  6 ++---
 .../src/semmle/code/java/frameworks/Jndi.qll  |  2 +-
 .../code/java/frameworks/SpringLdap.qll       |  6 +++--
 .../semmle/code/java/frameworks/UnboundId.qll |  2 +-
 5 files changed, 18 insertions(+), 22 deletions(-)

diff --git a/java/ql/src/Security/CWE/CWE-90/LdapInjectionLib.qll b/java/ql/src/Security/CWE/CWE-90/LdapInjectionLib.qll
index acda7e9aad19..42b65019d9ca 100644
--- a/java/ql/src/Security/CWE/CWE-90/LdapInjectionLib.qll
+++ b/java/ql/src/Security/CWE/CWE-90/LdapInjectionLib.qll
@@ -6,7 +6,6 @@ import semmle.code.java.frameworks.UnboundId
 import semmle.code.java.frameworks.SpringLdap
 import semmle.code.java.frameworks.ApacheLdap
 
-
 /** Holds if the parameter of `c` at index `paramIndex` is varargs. */
 bindingset[paramIndex]
 predicate isVarargs(Callable c, int paramIndex) {
@@ -20,8 +19,8 @@ abstract class LdapInjectionSource extends DataFlow::Node { }
 abstract class LdapInjectionSink extends DataFlow::ExprNode { }
 
 /**
-* A taint-tracking configuration for unvalidated user input that is used to construct LDAP queries.
-*/
+ * A taint-tracking configuration for unvalidated user input that is used to construct LDAP queries.
+ */
 class LdapInjectionFlowConfig extends TaintTracking::Configuration {
   LdapInjectionFlowConfig() { this = "LdapInjectionFlowConfig" }
 
@@ -79,7 +78,7 @@ class JndiLdapInjectionSink extends LdapInjectionSink {
     |
       m.getDeclaringType().getAnAncestor() instanceof TypeDirContext and
       m.hasName("search") and
-      index in [0..1]
+      index in [0 .. 1]
     )
   }
 }
@@ -129,16 +128,13 @@ class SpringLdapInjectionSink extends LdapInjectionSink {
       ) and
       (
         // Parameter index is 1 (DN or query) or 2 (filter) if method is not authenticate
-        (
-          index in [0..1] and
-          not m instanceof MethodSpringLdapTemplateAuthenticate
-        ) or
+        index in [0 .. 1] and
+        not m instanceof MethodSpringLdapTemplateAuthenticate
+        or
         // But it's not the last parameter in case of authenticate method (last param is password)
-        (
-          index in [0..1] and
-          index < m.getNumberOfParameters() - 1 and
-          m instanceof MethodSpringLdapTemplateAuthenticate
-        )
+        index in [0 .. 1] and
+        index < m.getNumberOfParameters() - 1 and
+        m instanceof MethodSpringLdapTemplateAuthenticate
       )
     )
   }
@@ -442,4 +438,4 @@ predicate apacheLdapDnGetStep(ExprNode n1, ExprNode n2) {
     m.getDeclaringType().getAnAncestor() instanceof TypeApacheDn and
     (m.hasName("getName") or m.hasName("getNormName") or m.hasName("toString"))
   )
-}
\ No newline at end of file
+}
diff --git a/java/ql/src/semmle/code/java/frameworks/ApacheLdap.qll b/java/ql/src/semmle/code/java/frameworks/ApacheLdap.qll
index 0ad904a7b468..a1cf6376bdfa 100644
--- a/java/ql/src/semmle/code/java/frameworks/ApacheLdap.qll
+++ b/java/ql/src/semmle/code/java/frameworks/ApacheLdap.qll
@@ -23,7 +23,5 @@ class TypeApacheSearchRequest extends Interface {
 
 /** The class `org.apache.directory.api.ldap.model.name.Dn`. */
 class TypeApacheDn extends Class {
-  TypeApacheDn() {
-    this.hasQualifiedName("org.apache.directory.api.ldap.model.name", "Dn")
-  }
-}
\ No newline at end of file
+  TypeApacheDn() { this.hasQualifiedName("org.apache.directory.api.ldap.model.name", "Dn") }
+}
diff --git a/java/ql/src/semmle/code/java/frameworks/Jndi.qll b/java/ql/src/semmle/code/java/frameworks/Jndi.qll
index 18aea029ddbc..f25f89080339 100644
--- a/java/ql/src/semmle/code/java/frameworks/Jndi.qll
+++ b/java/ql/src/semmle/code/java/frameworks/Jndi.qll
@@ -56,4 +56,4 @@ class MethodLdapNameToString extends Method {
     getDeclaringType() instanceof TypeLdapName and
     hasName("toString")
   }
-}
\ No newline at end of file
+}
diff --git a/java/ql/src/semmle/code/java/frameworks/SpringLdap.qll b/java/ql/src/semmle/code/java/frameworks/SpringLdap.qll
index babe029276fb..f9dc9e81c84a 100644
--- a/java/ql/src/semmle/code/java/frameworks/SpringLdap.qll
+++ b/java/ql/src/semmle/code/java/frameworks/SpringLdap.qll
@@ -9,7 +9,9 @@ import semmle.code.java.Member
 /*--- Types ---*/
 /** The class `org.springframework.ldap.core.LdapTemplate`. */
 class TypeSpringLdapTemplate extends Class {
-  TypeSpringLdapTemplate() { this.hasQualifiedName("org.springframework.ldap.core", "LdapTemplate") }
+  TypeSpringLdapTemplate() {
+    this.hasQualifiedName("org.springframework.ldap.core", "LdapTemplate")
+  }
 }
 
 /** The class `org.springframework.ldap.query.LdapQueryBuilder`. */
@@ -188,4 +190,4 @@ class MethodSpringLdapUtilsNewLdapName extends Method {
     getDeclaringType() instanceof TypeSpringLdapUtils and
     hasName("newLdapName")
   }
-}
\ No newline at end of file
+}
diff --git a/java/ql/src/semmle/code/java/frameworks/UnboundId.qll b/java/ql/src/semmle/code/java/frameworks/UnboundId.qll
index 7c54c946f1b5..8eee0f14ce50 100644
--- a/java/ql/src/semmle/code/java/frameworks/UnboundId.qll
+++ b/java/ql/src/semmle/code/java/frameworks/UnboundId.qll
@@ -110,4 +110,4 @@ class MethodUnboundIdLDAPConnectionSearchForEntry extends Method {
     getDeclaringType() instanceof TypeUnboundIdLDAPConnection and
     hasName("searchForEntry")
   }
-}
\ No newline at end of file
+}