File tree Expand file tree Collapse file tree 2 files changed +53
-0
lines changed Expand file tree Collapse file tree 2 files changed +53
-0
lines changed Original file line number Diff line number Diff line change 1+ id : python-ldap3-empty-password
2+ language : python
3+ severity : warning
4+ message : >-
5+ The application creates a database connection with an empty password.
6+ This can lead to unauthorized access by either an internal or external
7+ malicious actor. To prevent this vulnerability, enforce authentication
8+ when connecting to a database by using environment variables to securely
9+ provide credentials or retrieving them from a secure vault or HSM
10+ (Hardware Security Module).
11+ note : >-
12+ [CWE-287]: Improper Authentication
13+ [OWASP A07:2021]: Identification and Authentication Failures
14+ [REFERENCES]
15+ https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
16+ utils :
17+ match_empty_password :
18+ kind : call
19+ all :
20+ - has :
21+ stopBy : end
22+ kind : attribute
23+ - has :
24+ stopBy : end
25+ kind : argument_list
26+ all :
27+ - has :
28+ stopBy : end
29+ kind : keyword_argument
30+ all :
31+ - has :
32+ stopBy : end
33+ kind : identifier
34+ regex : ' ^password$'
35+ - has :
36+ stopBy : neighbor
37+ kind : string
38+ not :
39+ has :
40+ stopBy : neighbor
41+ kind : string_content
42+ rule :
43+ any :
44+ - matches : match_empty_password
Original file line number Diff line number Diff line change 1+ id : python-ldap3-empty-password
2+ valid :
3+ - |
4+ ldap3.Connection(password=a)
5+ ldap3.Connection(password=os.env['SECRET'])
6+ ldap3.Connection(password=os.getenv('SECRET'))
7+ invalid :
8+ - |
9+ ldap3.Connection(password="")
You can’t perform that action at this time.
0 commit comments