Merge pull request #88 from lostsnow/feature/python-ldap-hook

add python-ldap search hook
HXSecurity · Dec 27, 2021 · 410809c · 410809c
2 parents c928ff6 + 143ea61
commit 410809c
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 0 deletions.
diff --git a/dongtai_agent_python/policy/tracking.py b/dongtai_agent_python/policy/tracking.py
@@ -147,6 +147,7 @@ def processing_invoke_args(signature=None, come_args=None, come_kwargs=None):
         'mysql.connector.cursor.CursorBase.executemany': {'args': [1], 'kwargs': ['operation']},
         'pymongo.collection.Collection.find': {'args': [1], 'kwargs': ['filter']},
         'ldap3.core.connection.Connection.search': {'args': [2], 'kwargs': ['search_filter']},
+        'ldap.ldapobject.SimpleLDAPObject.search_ext': {'args': [3], 'kwargs': ['filterstr']},
     }
 
     context = CONTEXT_TRACKER.current()

diff --git a/dongtai_agent_python/policy_api.json b/dongtai_agent_python/policy_api.json
@@ -233,6 +233,13 @@
           "target": "",
           "value": "ldap3.core.connection.Connection.search",
           "inherit": "false"
+        },
+        {
+          "source": "P4,filterstr",
+          "track": "true",
+          "target": "",
+          "value": "ldap.ldapobject.SimpleLDAPObject.search_ext",
+          "inherit": "false"
         }
       ]
     },
@@ -566,6 +573,20 @@
           "track": "false",
           "value": "jinja2.runtime.escape",
           "inherit": "false"
+        },
+        {
+          "source": "P1,assertion_value",
+          "track": "true",
+          "target": "R",
+          "value": "ldap.filter.escape_filter_chars",
+          "inherit": "false"
+        },
+        {
+          "source": "P1,text",
+          "track": "true",
+          "target": "R",
+          "value": "ldap3.utils.conv.escape_filter_chars",
+          "inherit": "false"
         }
       ]
     }

diff --git a/dongtai_agent_python/tests/vul-test.sh b/dongtai_agent_python/tests/vul-test.sh
@@ -128,3 +128,5 @@ api_get_single flask "demo/mongo_find" "name=%27%20||%20%27%27%20==%20%27"
 headline "ldap-injection"
 api_get_single flask "demo/ldap_search" "username=*&password=*"
 api_get_single flask "demo/ldap_safe_search" "username=*&password=*"
+api_get_single flask "demo/ldap3_search" "username=*&password=*"
+api_get_single flask "demo/ldap3_safe_search" "username=*&password=*"