Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rust: Weak encryption algorithm query. #18226

Merged
merged 18 commits into from
Dec 12, 2024
Merged

Rust: Weak encryption algorithm query. #18226

merged 18 commits into from
Dec 12, 2024

Conversation

geoffw0
Copy link
Contributor

@geoffw0 geoffw0 commented Dec 5, 2024
edited
Loading

New weak encryption algorithm query for Rust (rust/weak-cryptographic-algorithm). This uses the same framework as for javascript, python and ruby - in particular ConceptsShared.qll, CryptoAlgorithms.qll and CryptoAlgorithmNames.qll - which paves the way for similar queries such as weak hashing and ... something to do with http as well by the looks of it.

Limitations:

  • only one cryptography library is modelled, though I think it's the main one.
  • no models / tests for block modes, so we wont get any results for ECB encryption yet.
  • the path matching in frameworks/RustCrypto.qll is really clunky at the moment. We need to figure out a way to do this that is both (1) more readable and (2) more reliable - one of the tests defeats it with a simple type alias.

TODO:

  • DCA run
  • code review
  • docs review

@RasmusWL - I'm told you're the right person to talk to about the shared concepts stuff. I'm interested to hear what you think our next priority should be.

@geoffw0 geoffw0 added no-change-note-required This PR does not need a change note Rust Pull requests that update Rust code labels Dec 5, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Dec 5, 2024
edited
Loading

QHelp previews:

rust/ql/src/queries/security/CWE-327/BrokenCryptoAlgorithm.qhelp

Use of a broken or weak cryptographic algorithm

Using broken or weak cryptographic algorithms can leave data vulnerable to being decrypted or forged by an attacker.

Many cryptographic algorithms provided by cryptography libraries are known to be weak, or flawed. Using such an algorithm means that encrypted or hashed data is less secure than it appears to be.

This query alerts on any use of a weak cryptographic algorithm, that is not a hashing algorithm. Use of broken or weak cryptographic hash functions are handled by the rust/weak-sensitive-data-hashing query.

Recommendation

Ensure that you use a strong, modern cryptographic algorithm, such as AES-128 or RSA-2048.

Example

The following code uses the des crate from the RustCrypto family to encrypt some secret data. The DES algorithm is old and considered very weak.

let des_cipher = cbc::Encryptor::<des::Des>::new(key.into(), iv.into()); // BAD: weak encryption
let encryption_result = des_cipher.encrypt_padded_mut::<des::cipher::block_padding::Pkcs7>(data, data_len);

Instead, we should use a strong modern algorithm. In this case, we have selected the 256-bit version of the AES algorithm.

let aes_cipher = cbc::Encryptor::<aes::Aes256>::new(key.into(), iv.into()); // GOOD: strong encryption
let encryption_result = aes_cipher.encrypt_padded_mut::<aes::cipher::block_padding::Pkcs7>(data, data_len);

References

@geoffw0 geoffw0 added the ready-for-doc-review This PR requires and is ready for review from the GitHub docs team. label Dec 6, 2024
@mchammer01 mchammer01 self-requested a review December 6, 2024 13:22
mchammer01
mchammer01 previously approved these changes Dec 6, 2024
View reviewed changes
Copy link
Contributor

@mchammer01 mchammer01 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM ✨
A few comments for your consideration. Nothing major, apart from the link to the archive publication.

rust/ql/src/queries/security/CWE-327/BrokenCryptoAlgorithm.qhelp Outdated Show resolved Hide resolved
rust/ql/src/queries/security/CWE-327/BrokenCryptoAlgorithm.qhelp Outdated Show resolved Hide resolved
rust/ql/src/queries/security/CWE-327/BrokenCryptoAlgorithm.qhelp Outdated Show resolved Hide resolved
rust/ql/src/queries/security/CWE-327/BrokenCryptoAlgorithm.qhelp Outdated Show resolved Hide resolved
@geoffw0
Copy link
Contributor Author

geoffw0 commented Dec 6, 2024

Thanks for your review @mchammer01. All suggestions accepted.

mchammer01
mchammer01 previously approved these changes Dec 6, 2024
View reviewed changes
Copy link
Contributor

@mchammer01 mchammer01 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM :shipit:

@geoffw0
Copy link
Contributor Author

geoffw0 commented Dec 10, 2024

DCA LGTM.

@geoffw0 geoffw0 requested a review from a team December 10, 2024 12:12
aibaars
aibaars previously approved these changes Dec 11, 2024
View reviewed changes
Copy link
Contributor

@aibaars aibaars left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good to me. Syntax highlighting is missing for the Rust samples in the rendered QHelp. The blocks start with ```none instead of ```rust . I suppose we'll need to teach the qhelp renderer that .rs files are rust.

rust/ql/src/queries/security/CWE-327/BrokenCryptoAlgorithm.qhelp
This query alerts on any use of a weak cryptographic algorithm, that is
not a hashing algorithm. Use of broken or weak cryptographic hash
functions are handled by the
<code>rust/weak-sensitive-data-hashing</code> query.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This query doesn't exist yet, but I guess you are planning to add it shortly, so it's fine to leave it like this,

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also a good point. We do indeed plan to add it soon, but I'll make a note to modify this if we do not.

hvitved
hvitved requested changes Dec 11, 2024
View reviewed changes
Copy link
Contributor

@hvitved hvitved left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some minor QL stylistic comments.

rust/ql/lib/codeql/rust/Concepts.qll Outdated Show resolved Hide resolved
rust/ql/lib/codeql/rust/frameworks/RustCrypto.qll Outdated Show resolved Hide resolved
rust/ql/lib/codeql/rust/frameworks/RustCrypto.qll Show resolved Hide resolved
@geoffw0
Copy link
Contributor Author

geoffw0 commented Dec 11, 2024

Syntax highlighting is missing for the Rust samples in the rendered QHelp.

Good point. I've created an issue for this, I think I know what to do but I don't have time to get on it right now.

@geoffw0
Copy link
Contributor Author

geoffw0 commented Dec 11, 2024

Thanks for the reviews - I've accepted the code suggestions, I think the other points warrant follow-up work.

hvitved
hvitved previously approved these changes Dec 11, 2024
View reviewed changes
@aibaars
Copy link
Contributor

aibaars commented Dec 12, 2024

@geoffw0 I re-ran the qhelp preview workflow, the syntax highlighting looks better now.

aibaars
aibaars reviewed Dec 12, 2024
View reviewed changes
rust/ql/lib/codeql/rust/internal/ConceptsShared.qll
@@ -30,7 +30,7 @@ module Cryptography {
class PasswordHashingAlgorithm = CryptoAlgorithms::PasswordHashingAlgorithm;

/**
* A data-flow node that is an application of a cryptographic algorithm. For example,
* A data flow node that is an application of a cryptographic algorithm. For example,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't forget to change the sync'd copies as well.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are you happy that we do that? I didn't want to interfere with other languages unless there's some level of agreement.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm happy with that, although if you like to leave things as-is, that's also fine with me.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've done the change.

@geoffw0 geoffw0 requested review from a team as code owners December 12, 2024 13:37
@geoffw0
Copy link
Contributor Author

geoffw0 commented Dec 12, 2024

@paldepind the interface is still showing you as "requested changes", please could you approve ... or point out what I've missed?

@geoffw0 geoffw0 merged commit 03f962e into github:main Dec 12, 2024
35 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aibaars aibaars aibaars left review comments

@paldepind paldepind paldepind approved these changes

@mchammer01 mchammer01 mchammer01 left review comments

@hvitved hvitved hvitved left review comments

Assignees
No one assigned
Labels
documentation JS no-change-note-required This PR does not need a change note Python ready-for-doc-review This PR requires and is ready for review from the GitHub docs team. Ruby Rust Pull requests that update Rust code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@geoffw0 @aibaars @paldepind @hvitved @mchammer01