8000 Python: Promote `py/pam-auth-bypass` by RasmusWL · Pull Request #9108 · github/codeql · GitHub
[go: up one dir, main page]
Skip to content

Python: Promote py/pam-auth-bypass #9108

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
May 23, 2022
Merged

Python: Promote py/pam-auth-bypass #9108

merged 9 commits into from
May 23, 2022

Conversation

RasmusWL
Copy link
Member

This promotes the experimental query from #8595

RasmusWL added 4 commits May 10, 2022 17:59
@RasmusWL
Python: Format .qhelp file
0c53444 
99% of our .qhelp files have manually wrapped lines, so just wanted to
keep things consistent
@RasmusWL
Python: Adjust PamAuthorization examples
c84f693 
They did not have proper formatting (only 2 spaces), and I restructured
them a bit more so they look like code in the wild
@RasmusWL
Python: Adjust name/description/select of PamAuthorization.ql
7e87e18 
Thought that calling out the actual vulnerability would make things
easier for our end users :)
@RasmusWL
Python: Add change-note
f68b281
@RasmusWL RasmusWL requested a review from a team as a code owner May 10, 2022 16:07
github-advanced-security[bot]
github-advanced-security bot found potential problems May 11, 2022 8000
View reviewed changes
@RasmusWL
Python: Add @security-severity to py/pam-auth-bypass
044829c 
The value 8.1 was calculated by our internal tool. This corresponds to a
'High' severity, which from my gut feeling seems reasonable for
authorization bypass.
tausbn
tausbn requested changes May 17, 2022
View reviewed changes
Copy link
Contributor
@tausbn tausbn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few minor bits and bobs that need fixing (most of them presented as suggestions for easy inclusion), but otherwise this looks good to me. 👍

python/ql/src/Security/CWE-285/PamAuthorizationBad.py
@@ -0,0 +1,19 @@
libpam = CDLL(find_library("pam"))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's... Quite the formatting. 😮

python/ql/src/Security/CWE-285/PamAuthorization.ql
@@ -33,4 +34,5 @@ where
acctMgmtCall = libPam().getMember("pam_acct_mgmt").getACall() and
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not allowed to add a comment in the appropriate place, but there's a use of API::moduleImport("ctypes.util") on line 20 above that will need fixing.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

indeed, that probably what the merge conflict is also about 👍

@RasmusWL RasmusWL requested a review from tausbn May 23, 2022 13:09
@tausbn tausbn merged commit 3745526 into github:main May 23, 2022
@RasmusWL RasmusWL deleted the promote-pam branch May 23, 2022 13:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tausbn tausbn tausbn approved these changes

Assignees

@tausbn tausbn

Labels
documentation Python
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@RasmusWL @tausbn
0