pattern-source - fix parameter order = Update ldap-injection.yaml (#…

…3019) * Update ldap-injection.yaml - pattern-sources - parameter order Expanding the detection to support vulnerable parameter at any order. The previous pattern will only match if the vulnerable parameter is the first parameter in the function declaration. As the vulnerable parameter can be at any place, I added "..." padding before and after * Update csharp/dotnet/security/audit/ldap-injection.yaml --------- Co-authored-by: Kurt Boberg <[email protected]> Co-authored-by: Claudio <[email protected]>
semgrep · Jan 8, 2025 · fc289a2 · fc289a2
1 parent 1c92567
commit fc289a2
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/csharp/dotnet/security/audit/ldap-injection.yaml b/csharp/dotnet/security/audit/ldap-injection.yaml
@@ -29,7 +29,7 @@ rules:
   pattern-sources:
   - patterns:
     - focus-metavariable: $INPUT
-    - pattern-inside: $T $M($INPUT,...) {...}
+    - pattern-inside: $T $M(...,$INPUT,...) {...}
   pattern-sinks:
   - patterns:
     - pattern-either: