[Ruby]: Add Improper LDAP Authentication query

[maikypedia]

Query PR

github/codeql#13313

Language

Ruby

CVE(s) ID list

• CVE-2012-5604

CWE

CWE-287

Report

This query covers Improper LDAP Authentication, that con occur when an application uses user-supplied data to establish a connection to a LDAP server.

I used a dataflow configuration looking for RemoteFlowSource flowing to the password used in LDAP binding.

In order to avoid false positives I used StringConstCompareBarrier and StringConstArrayInclusionCallBarrier as barriers.

Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).

• Yes
• No

Blog post link

No response

[sylwia-budzynska]

Hello @maikypedia 👋 From a quick look, I see you created one PR with a query for LDAP injection and a query for improper LDAP auth, and another PR which includes the LDAP injection query from the first PR. From curiosity: why did you create two PRs instead of one?

[maikypedia]

Hi @sylwia-budzynska 😊👋, at first, I only had LDAP Injection in mind to model, and I did the PR. Then I realized that I could also model Improper LDAP Auth, so I created a separate branch from the LDAP injection branch. Since they are different vulnerabilities, I thought they should be independent PRs. However, since the Improper Auth branch is a sub-branch of another, maybe it's not a good idea. Do you think it would be more convenient to close the LDAP Injection PR and leave the Improper Auth one?

[sylwia-budzynska]

I checked in with the Ruby team and they said they prefer to review the two queries in two PRs, so no action needs to be taken 👍

[ghsecuritylab]

Your submission is now in status Query review.

For information, the evaluation workflow is the following:
Initial triage > Test run > Results analysis > Query review > Final decision > Pay > Closed

[ghsecuritylab]

Your submission is now in status Final decision.

For information, the evaluation workflow is the following:
Initial triage > Test run > Results analysis > Query review > Final decision > Pay > Closed

[ghsecuritylab]

Your submission is now in status Pay.

For information, the evaluation workflow is the following:
Initial triage > Test run > Results analysis > Query review > Final decision > Pay > Closed

[xcorail]

Created Hackerone report 2177971 for bounty 515239 : [761] [Ruby]: Add Improper LDAP Authentication query

[ghsecuritylab]

Your submission is now in status Closed.

For information, the evaluation workflow is the following:
Initial triage > Test run > Results analysis > Query review > Final decision > Pay > Closed