From fc289a285f696514f4b987809acb320355df984e Mon Sep 17 00:00:00 2001
From: Ilya Samarov <ilyasamarov@gmail.com>
Date: Wed, 8 Jan 2025 11:33:54 +0200
Subject: [PATCH]  pattern-source - fix parameter order = Update
 ldap-injection.yaml (#3019)

* Update ldap-injection.yaml - pattern-sources - parameter order

Expanding the detection to support vulnerable parameter at any order.
The previous pattern will only match if the vulnerable parameter is the first parameter in the function declaration.
As the vulnerable parameter can be at any place, I added "..." padding before and after

* Update csharp/dotnet/security/audit/ldap-injection.yaml

---------

Co-authored-by: Kurt Boberg <98792107+kurt-r2c@users.noreply.github.com>
Co-authored-by: Claudio <claudio@r2c.dev>
---
 csharp/dotnet/security/audit/ldap-injection.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/csharp/dotnet/security/audit/ldap-injection.yaml b/csharp/dotnet/security/audit/ldap-injection.yaml
index 5d3af251a0..45f293cf59 100644
--- a/csharp/dotnet/security/audit/ldap-injection.yaml
+++ b/csharp/dotnet/security/audit/ldap-injection.yaml
@@ -29,7 +29,7 @@ rules:
   pattern-sources:
   - patterns:
     - focus-metavariable: $INPUT
-    - pattern-inside: $T $M($INPUT,...) {...}
+    - pattern-inside: $T $M(...,$INPUT,...) {...}
   pattern-sinks:
   - patterns:
     - pattern-either: