SONARPY-491 Rule S2053 Hashes should include an unpredictable salt (SonarSource#543)

guillaume-dequenne · web-flow · commit 4927ad6480a7 · 2020-02-03T17:30:31.000+01:00
diff --git a/its/ruling/src/test/resources/expected/python-S2053.json b/its/ruling/src/test/resources/expected/python-S2053.json
@@ -0,0 +1,8 @@
+{
+'project:twisted-12.1.0/twisted/conch/test/test_checkers.py':[
+64,
+78,
+92,
+519,
+],
+}
diff --git a/python-checks/src/main/java/org/sonar/python/checks/CheckList.java b/python-checks/src/main/java/org/sonar/python/checks/CheckList.java
@@ -115,6 +115,7 @@ public static Iterable<Class> getChecks() {
       OsExecCheck.class,
       OverwrittenCollectionEntryCheck.class,
       ParsingErrorCheck.class,
+      PredictableSaltCheck.class,
       PreIncrementDecrementCheck.class,
       PrintStatementUsageCheck.class,
       ProcessSignallingCheck.class,
diff --git a/python-checks/src/main/java/org/sonar/python/checks/PredictableSaltCheck.java b/python-checks/src/main/java/org/sonar/python/checks/PredictableSaltCheck.java
@@ -0,0 +1,111 @@
+/*
+ * SonarQube Python Plugin
+ * Copyright (C) 2011-2020 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.python.checks;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+import org.sonar.check.Rule;
+import org.sonar.plugins.python.api.PythonSubscriptionCheck;
+import org.sonar.plugins.python.api.SubscriptionContext;
+import org.sonar.plugins.python.api.symbols.Symbol;
+import org.sonar.plugins.python.api.tree.Argument;
+import org.sonar.plugins.python.api.tree.AssignmentStatement;
+import org.sonar.plugins.python.api.tree.CallExpression;
+import org.sonar.plugins.python.api.tree.Expression;
+import org.sonar.plugins.python.api.tree.Name;
+import org.sonar.plugins.python.api.tree.RegularArgument;
+import org.sonar.plugins.python.api.tree.Tree;
+import org.sonar.python.tree.TreeUtils;
+
+@Rule(key = "S2053")
+public class PredictableSaltCheck extends PythonSubscriptionCheck {
+
+  private static final String MISSING_SALT_MESSAGE = "Add an unpredictable salt value to this hash.";
+  private static final String PREDICTABLE_SALT_MESSAGE = "Make this salt unpredictable.";
+  private Map<String, Integer> sensitiveArgumentByFQN;
+
+  @Override
+  public void initialize(Context context) {
+    context.registerSyntaxNodeConsumer(Tree.Kind.CALL_EXPR, ctx -> handleCallExpression((CallExpression) ctx.syntaxNode(), ctx));
+  }
+
+  private void handleCallExpression(CallExpression callExpression, SubscriptionContext ctx) {
+    Symbol calleeSymbol = callExpression.calleeSymbol();
+    if (calleeSymbol == null) {
+      return;
+    }
+    if (sensitiveArgumentByFQN().containsKey(calleeSymbol.fullyQualifiedName())) {
+      int argNb = sensitiveArgumentByFQN().get(calleeSymbol.fullyQualifiedName());
+      checkArguments(callExpression, argNb, ctx);
+    }
+  }
+
+  private static void checkArguments(CallExpression callExpression, int argNb, SubscriptionContext ctx) {
+    if (callExpression.arguments().size() <= argNb) {
+      ctx.addIssue(callExpression.callee(), MISSING_SALT_MESSAGE);
+    }
+    for (int i = 0; i < callExpression.arguments().size(); i++) {
+      Argument argument = callExpression.arguments().get(i);
+      if (argument.is(Tree.Kind.REGULAR_ARGUMENT)) {
+        RegularArgument regularArgument = (RegularArgument) argument;
+        Name keywordArgument = regularArgument.keywordArgument();
+        if (keywordArgument != null) {
+          if (keywordArgument.name().equals("salt")) {
+            checkSensitiveArgument(regularArgument, ctx);
+          }
+        } else if (i == argNb) {
+          checkSensitiveArgument(regularArgument, ctx);
+        }
+      }
+    }
+  }
+
+  private static void checkSensitiveArgument(RegularArgument regularArgument, SubscriptionContext ctx) {
+    if (regularArgument.expression().is(Tree.Kind.NAME)) {
+      Expression expression = Expressions.singleAssignedValue((Name) regularArgument.expression());
+      if (expression == null) {
+        return;
+      }
+      if (expression.is(Tree.Kind.STRING_LITERAL)) {
+        AssignmentStatement assignmentStatement = (AssignmentStatement) TreeUtils.firstAncestorOfKind(expression, Tree.Kind.ASSIGNMENT_STMT);
+        ctx.addIssue(regularArgument, PREDICTABLE_SALT_MESSAGE).secondary(assignmentStatement, null);
+      }
+    }
+    if (regularArgument.expression().is(Tree.Kind.STRING_LITERAL)) {
+      ctx.addIssue(regularArgument, PREDICTABLE_SALT_MESSAGE);
+    }
+  }
+
+  private Map<String, Integer> sensitiveArgumentByFQN() {
+    if (sensitiveArgumentByFQN == null) {
+      sensitiveArgumentByFQN = new HashMap<>();
+      sensitiveArgumentByFQN.put("hashlib.pbkdf2_hmac", 2);
+      sensitiveArgumentByFQN.put("hashlib.scrypt", 4);
+      sensitiveArgumentByFQN.put("crypt.crypt", 1);
+      sensitiveArgumentByFQN.put("cryptography.hazmat.primitives.kdf.pbkdf2.PBKDF2HMAC", 2);
+      sensitiveArgumentByFQN.put("Cryptodome.Protocol.KDF.PBKDF2", 1);
+      sensitiveArgumentByFQN.put("Cryptodome.Protocol.KDF.scrypt", 1);
+      sensitiveArgumentByFQN.put("Cryptodome.Protocol.KDF.bcrypt", 2);
+      sensitiveArgumentByFQN = Collections.unmodifiableMap(sensitiveArgumentByFQN);
+    }
+    return sensitiveArgumentByFQN;
+  }
+}
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S2053.html b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S2053.html
@@ -0,0 +1,50 @@
+<p>In cryptography, "salt" is extra piece of data which is included in a hashing algorithm. It makes dictionary attacks more difficult. Using a
+cryptographic hash function without an unpredictable salt increases the likelihood that an attacker will be able to successfully guess a hashed value
+such as a password with a dictionary attack.</p>
+<p>This rule raises an issue when a hashing function which has been specifically designed for hashing sensitive data, such as pbkdf2, is used with a
+non-random, reused or too short salt value. It does not raise an issue on base hashing algorithms such as sha1 or md5 as these are often used for
+other purposes.</p>
+<h2>Recommended Secure Coding Practices</h2>
+<ul>
+  <li> use hashing functions generating their own salt or generate a long random salt of at least 32 bytes. </li>
+  <li> the salt is at least as long as the resulting hash value. </li>
+  <li> provide the salt to a safe hashing function such as PBKDF2. </li>
+  <li> save both the salt and the hashed value in the relevant database record; during future validation operations, the salt and hash can then be
+  retrieved from the database. The hash is recalculated with the stored salt and the value being validated, and the result compared to the stored
+  hash. </li>
+</ul>
+<h2>Noncompliant Code Example</h2>
+<p>hashlib</p>
+<pre>
+import crypt
+from hashlib import pbkdf2_hmac
+
+hash = pbkdf2_hmac('sha256', password, b'D8VxSmTZt2E2YV454mkqAY5e', 100000)    # Noncompliant: salt is hardcoded
+</pre>
+<p>crypt</p>
+<pre>
+hash = crypt.crypt(password)         # Noncompliant: salt is not provided
+</pre>
+<h2>Compliant Solution</h2>
+<p>hashlib</p>
+<pre>
+import crypt
+from hashlib import pbkdf2_hmac
+
+salt = os.urandom(32)
+hash = pbkdf2_hmac('sha256', password, salt, 100000)    # Compliant
+</pre>
+<p>crypt</p>
+<pre>
+salt = crypt.mksalt(crypt.METHOD_SHA256)
+hash = crypt.crypt(password, salt)         # Compliant
+</pre>
+<h2>See</h2>
+<ul>
+  <li> <a href="https://www.owasp.org/index.php/Top_10-2017_A3-Sensitive_Data_Exposure">OWASP Top 10 2017 Category A3</a> - Sensitive Data Exposure
+  </li>
+  <li> <a href="http://cwe.mitre.org/data/definitions/759.html">MITRE, CWE-759</a> - Use of a One-Way Hash without a Salt </li>
+  <li> <a href="http://cwe.mitre.org/data/definitions/760.html">MITRE, CWE-760</a> - Use of a One-Way Hash with a Predictable Salt </li>
+  <li> <a href="https://www.sans.org/top25-software-errors/#cat3">SANS Top 25</a> - Porous Defenses </li>
+</ul>
+
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S2053.json b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S2053.json
@@ -0,0 +1,27 @@
+{
+  "title": "Hashes should include an unpredictable salt",
+  "type": "VULNERABILITY",
+  "status": "ready",
+  "remediation": {
+    "func": "Constant\/Issue",
+    "constantCost": "30min"
+  },
+  "tags": [
+    "cwe",
+    "sans-top25-porous",
+    "owasp-a3"
+  ],
+  "defaultSeverity": "Critical",
+  "ruleSpecification": "RSPEC-2053",
+  "sqKey": "S2053",
+  "scope": "All",
+  "securityStandards": {
+    "CWE": [
+      759,
+      760
+    ],
+    "OWASP": [
+      "A3"
+    ]
+  }
+}
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/Sonar_way_profile.json b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/Sonar_way_profile.json
@@ -35,6 +35,7 @@
     "S1862",
     "S1871",
     "S2068",
+    "S2053",
     "S2077",
     "S2190",
     "S2245",
diff --git a/python-checks/src/test/java/org/sonar/python/checks/PredictableSaltCheckTest.java b/python-checks/src/test/java/org/sonar/python/checks/PredictableSaltCheckTest.java
@@ -0,0 +1,32 @@
+/*
+ * SonarQube Python Plugin
+ * Copyright (C) 2011-2020 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.python.checks;
+
+import org.junit.Test;
+import org.sonar.python.checks.utils.PythonCheckVerifier;
+
+public class PredictableSaltCheckTest {
+
+  @Test
+  public void test() {
+    PythonCheckVerifier.verify("src/test/resources/checks/predictableSalt.py", new PredictableSaltCheck());
+  }
+
+}
diff --git a/python-checks/src/test/resources/checks/predictableSalt.py b/python-checks/src/test/resources/checks/predictableSalt.py
@@ -0,0 +1,119 @@
+import crypt
+import base64
+import os
+import hashlib
+import os
+
+# crypt-salt
+password = 'password123'
+salt = crypt.mksalt(crypt.METHOD_SHA256)
+
+hash = crypt.crypt(password)         # Noncompliant {{Add an unpredictable salt value to this hash.}}
+#      ^^^^^^^^^^^
+hash = crypt.crypt(password, "")     # Noncompliant {{Make this salt unpredictable.}}
+#                            ^^
+hash = crypt.crypt(password, salt)     # Compliant
+
+
+
+# hashlib-salt
+email = 'info@sonarsource'
+password = 'password123'
+salt = os.urandom(32)
+
+hash = hashlib.pbkdf2_hmac('sha256', password, b'', 100000)        # Noncompliant {{Make this salt unpredictable.}}
+hash = hashlib.pbkdf2_hmac('sha256', password, b'D8VxSmTZt2E2YV454mkqAY5e', 100000)    # Noncompliant {{Make this salt unpredictable.}}
+hash = hashlib.pbkdf2_hmac('sha256', password, email, 100000)     # Noncompliant {{Make this salt unpredictable.}}
+hash = hashlib.scrypt(password, n=1024, r=1, p=1, salt=b'') # Noncompliant {{Make this salt unpredictable.}}
+#                                                 ^^^^^^^^
+
+hash_ = hashlib.pbkdf2_hmac('sha256', password.encode('utf-8'), salt, 100000)     # Compliant
+hash_ = hashlib.pbkdf2_hmac('sha256', password.encode('utf-8'), unknown, 100000)     # Compliant
+hash_ = hashlib.pbkdf2_hmac('sha256', password.encode('utf-8'), *unpack, 100000)     # Compliant
+def func():
+  salt = "string_literal"
+# ^^^^^^^^^^^^^^^^^^^^^^^>
+  hash = hashlib.pbkdf2_hmac('sha256', password, salt, 100000)     # Noncompliant {{Make this salt unpredictable.}}
+#                                                ^^^^
+
+# cryptography-salt
+from cryptography.hazmat.primitives import hashes
+from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
+from cryptography.hazmat.backends import default_backend
+
+def derive_password(password, salt, backend):
+    kdf = PBKDF2HMAC(
+        algorithm=hashes.SHA256(),
+        length=32,
+        salt=b'D8VxSmTZt2E2YV454mkqAY5e', # Noncompliant {{Make this salt unpredictable.}}
+#       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+        iterations=100000,
+        backend=backend
+    )
+    key = kdf.derive(password)
+
+    kdf = PBKDF2HMAC(
+        algorithm=hashes.SHA256(),
+        length=32,
+        salt=salt, # Compliant
+        iterations=100000,
+        backend=backend
+    )
+    key = kdf.derive(password)
+
+    salt_ = os.urandom(16)
+    kdf = PBKDF2HMAC(
+        algorithm=hashes.SHA256(),
+        length=32,
+        salt=salt_,  # Compliant
+        iterations=100000,
+        backend=backend
+    )
+    key = kdf.derive(password)
+
+salt = os.urandom(16)
+backend = default_backend()
+derive_password(b"my great password", salt, backend)
+
+
+#cryptodome-salt
+
+from Cryptodome.Protocol.KDF import PBKDF2, scrypt, bcrypt
+from Crypto.Hash import SHA512
+from Crypto.Random import get_random_bytes
+
+
+def derive_password(password, salt):
+
+    PBKDF2(password,
+        b'D8VxSmTZt2E2YV454mkqAY5e', # Noncompliant {{Make this salt unpredictable.}}
+#       ^^^^^^^^^^^^^^^^^^^^^^^^^^^
+        32, count=100000
+    )
+
+    key = scrypt(password, b'D8VxSmTZt2E2YV454mkqAY5e', 32, N=2**14, r=8, p=1) # Noncompliant {{Make this salt unpredictable.}}
+#                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^
+    key = bcrypt(password, 12, b'D8VxSmTZt2E2YV45') # Noncompliant {{Make this salt unpredictable.}}
+#                              ^^^^^^^^^^^^^^^^^^^
+
+
+    PBKDF2(password, salt, # Compliant
+        32, count=100000
+    )
+
+    salt_ = get_random_bytes(32)
+    PBKDF2(password, salt_, # Compliant
+        32, count=100000,
+    )
+
+    key = scrypt(password, salt_, 32, N=2**14, r=8, p=1) # Compliant
+
+    salt_16 = get_random_bytes(16)
+    key = bcrypt(password, 12, salt_16) # Compliant
+
+
+salt = get_random_bytes(32)
+password = b'my super secret'
+derive_password(password, salt)
+
+unknown.openUnknown(open(__file__).read())

-Original file line number
+Diff line change
@@ @@ -0,0 +1,8 @@ @@
 +{
 +'project:twisted-12.1.0/twisted/conch/test/test_checkers.py':[
 +64,
 +78,
 +92,
 +519,
 +],
 +}