From 3319e667d86f870aee4d7865d1203eaaf9651d99 Mon Sep 17 00:00:00 2001
From: lostsnow <lostsnow@gmail.com>
Date: Fri, 24 Dec 2021 20:13:54 +0800
Subject: [PATCH 1/2] add python-ldap search hook

---
 dongtai_agent_python/policy/tracking.py | 1 +
 dongtai_agent_python/policy_api.json    | 7 +++++++
 dongtai_agent_python/tests/vul-test.sh  | 2 ++
 3 files changed, 10 insertions(+)

diff --git a/dongtai_agent_python/policy/tracking.py b/dongtai_agent_python/policy/tracking.py
index 793b79e..9e28e64 100644
--- a/dongtai_agent_python/policy/tracking.py
+++ b/dongtai_agent_python/policy/tracking.py
@@ -147,6 +147,7 @@ def processing_invoke_args(signature=None, come_args=None, come_kwargs=None):
         'mysql.connector.cursor.CursorBase.executemany': {'args': [1], 'kwargs': ['operation']},
         'pymongo.collection.Collection.find': {'args': [1], 'kwargs': ['filter']},
         'ldap3.core.connection.Connection.search': {'args': [2], 'kwargs': ['search_filter']},
+        'ldap.ldapobject.SimpleLDAPObject.search_ext': {'args': [3], 'kwargs': ['filterstr']},
     }
 
     context = CONTEXT_TRACKER.current()
diff --git a/dongtai_agent_python/policy_api.json b/dongtai_agent_python/policy_api.json
index dd1909a..15ef984 100644
--- a/dongtai_agent_python/policy_api.json
+++ b/dongtai_agent_python/policy_api.json
@@ -233,6 +233,13 @@
           "target": "",
           "value": "ldap3.core.connection.Connection.search",
           "inherit": "false"
+        },
+        {
+          "source": "P4,filterstr",
+          "track": "true",
+          "target": "",
+          "value": "ldap.ldapobject.SimpleLDAPObject.search_ext",
+          "inherit": "false"
         }
       ]
     },
diff --git a/dongtai_agent_python/tests/vul-test.sh b/dongtai_agent_python/tests/vul-test.sh
index 0d0e05f..c2d7796 100755
--- a/dongtai_agent_python/tests/vul-test.sh
+++ b/dongtai_agent_python/tests/vul-test.sh
@@ -128,3 +128,5 @@ api_get_single flask "demo/mongo_find" "name=%27%20||%20%27%27%20==%20%27"
 headline "ldap-injection"
 api_get_single flask "demo/ldap_search" "username=*&password=*"
 api_get_single flask "demo/ldap_safe_search" "username=*&password=*"
+api_get_single flask "demo/ldap3_search" "username=*&password=*"
+api_get_single flask "demo/ldap3_safe_search" "username=*&password=*"

From 143ea61591be52f1109cc6d18e2fdcaaa53f6bd6 Mon Sep 17 00:00:00 2001
From: lostsnow <lostsnow@gmail.com>
Date: Mon, 27 Dec 2021 14:18:47 +0800
Subject: [PATCH 2/2] add ldap filter rules

---
 dongtai_agent_python/policy_api.json | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/dongtai_agent_python/policy_api.json b/dongtai_agent_python/policy_api.json
index 15ef984..8a18f4d 100644
--- a/dongtai_agent_python/policy_api.json
+++ b/dongtai_agent_python/policy_api.json
@@ -573,6 +573,20 @@
           "track": "false",
           "value": "jinja2.runtime.escape",
           "inherit": "false"
+        },
+        {
+          "source": "P1,assertion_value",
+          "track": "true",
+          "target": "R",
+          "value": "ldap.filter.escape_filter_chars",
+          "inherit": "false"
+        },
+        {
+          "source": "P1,text",
+          "track": "true",
+          "target": "R",
+          "value": "ldap3.utils.conv.escape_filter_chars",
+          "inherit": "false"
         }
       ]
     }