Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Ruby]: Add Improper LDAP Authentication query #761

Closed
1 of 2 tasks
maikypedia opened this issue May 29, 2023 · 8 comments
Closed
1 of 2 tasks

[Ruby]: Add Improper LDAP Authentication query #761

maikypedia opened this issue May 29, 2023 · 8 comments
Labels
All For One Submissions to the All for One, One for All bounty

Comments

@maikypedia
Copy link

Query PR

github/codeql#13313

Language

Ruby

CVE(s) ID list

CWE

CWE-287

Report

This query covers Improper LDAP Authentication, that con occur when an application uses user-supplied data to establish a connection to a LDAP server.

I used a dataflow configuration looking for RemoteFlowSource flowing to the password used in LDAP binding.

In order to avoid false positives I used StringConstCompareBarrier and StringConstArrayInclusionCallBarrier as barriers.

Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).

  • Yes
  • No

Blog post link

No response
@maikypedia maikypedia added the All For One Submissions to the All for One, One for All bounty label May 29, 2023
@sylwia-budzynska
Copy link

Hello @maikypedia 👋 From a quick look, I see you created one PR with a query for LDAP injection and a query for improper LDAP auth, and another PR which includes the LDAP injection query from the first PR. From curiosity: why did you create two PRs instead of one?

@maikypedia
Copy link
Author

Hi @sylwia-budzynska 😊👋, at first, I only had LDAP Injection in mind to model, and I did the PR. Then I realized that I could also model Improper LDAP Auth, so I created a separate branch from the LDAP injection branch. Since they are different vulnerabilities, I thought they should be independent PRs. However, since the Improper Auth branch is a sub-branch of another, maybe it's not a good idea. Do you think it would be more convenient to close the LDAP Injection PR and leave the Improper Auth one?

@sylwia-budzynska
Copy link

I checked in with the Ruby team and they said they prefer to review the two queries in two PRs, so no action needs to be taken 👍

@ghsecuritylab
Copy link
Collaborator

Your submission is now in status Query review.

For information, the evaluation workflow is the following:
Initial triage > Test run > Results analysis > Query review > Final decision > Pay > Closed

@ghsecuritylab
Copy link
Collaborator

Your submission is now in status Final decision.

For information, the evaluation workflow is the following:
Initial triage > Test run > Results analysis > Query review > Final decision > Pay > Closed

@ghsecuritylab
Copy link
Collaborator

Your submission is now in status Pay.

For information, the evaluation workflow is the following:
Initial triage > Test run > Results analysis > Query review > Final decision > Pay > Closed

@xcorail
Copy link
Contributor

xcorail commented Sep 22, 2023

Created Hackerone report 2177971 for bounty 515239 : [761] [Ruby]: Add Improper LDAP Authentication query

@xcorail xcorail closed this as completed Sep 22, 2023
@ghsecuritylab
Copy link
Collaborator

Your submission is now in status Closed.

For information, the evaluation workflow is the following:
Initial triage > Test run > Results analysis > Query review > Final decision > Pay > Closed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
All For One Submissions to the All for One, One for All bounty
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@xcorail @ghsecuritylab @maikypedia @sylwia-budzynska