Skip to content

Commit 6bfe2f2

Browse files
luchua-bcluchua-bc
committed
Add more sinks
1 parent f1788ed commit 6bfe2f2

File tree

3 files changed

+19
-4
lines changed

3 files changed

+19
-4
lines changed

csharp/ql/src/experimental/Security Features/CWE-759/HashWithoutSalt.ql

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -33,15 +33,15 @@ class KeyedHashAlgorithm extends RefType {
3333
}
3434

3535
/**
36-
* The method `ComputeHash()` declared in `System.Security.Cryptography.HashAlgorithm` and
36+
* The method `ComputeHash()`, `ComputeHashAsync`, `TryComputeHash`, `HashData`, or `TryHashData` declared in `System.Security.Cryptography.HashAlgorithm` and
3737
* the method `HashData()` declared in `Windows.Security.Cryptography.Core.HashAlgorithmProvider`.
3838
*/
3939
class HashMethod extends Method {
4040
HashMethod() {
41-
this.getDeclaringType() instanceof HashAlgorithm and
42-
this.hasName("ComputeHash")
41+
this.getDeclaringType().getABaseType*() instanceof HashAlgorithm and
42+
this.getName().matches(["%ComputeHash%", "%HashData"])
4343
or
44-
this.getDeclaringType() instanceof HashAlgorithmProvider and
44+
this.getDeclaringType().getABaseType*() instanceof HashAlgorithmProvider and
4545
this.hasName("HashData")
4646
}
4747
}

csharp/ql/test/experimental/Security Features/CWE-759/HashWithoutSalt.cs

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -62,6 +62,15 @@ public static string HashPassword2(string password)
6262
return Convert.ToBase64String(dbPassword);
6363
}
6464

65+
// BAD - Hash without a salt.
66+
public static string HashPassword3(string password)
67+
{
68+
HashAlgorithm hashAlg = new SHA256CryptoServiceProvider();
69+
byte[] passBytes = System.Text.Encoding.ASCII.GetBytes(password);
70+
byte[] hashBytes = hashAlg.ComputeHash(passBytes);
71+
return Convert.ToBase64String(hashBytes);
72+
}
73+
6574
// GOOD - Hash with a salt.
6675
public bool VerifyPasswordHash(string password, byte[] passwordHash, byte[] passwordSalt)
6776
{

csharp/ql/test/experimental/Security Features/CWE-759/HashWithoutSalt.expected

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,12 +2,18 @@ edges
22
| HashWithoutSalt.cs:17:70:17:77 | access to parameter password : String | HashWithoutSalt.cs:19:49:19:56 | access to local variable passBuff |
33
| HashWithoutSalt.cs:37:28:37:72 | call to method GetBytes : Byte[] | HashWithoutSalt.cs:38:51:38:59 | access to local variable passBytes |
44
| HashWithoutSalt.cs:37:64:37:71 | access to parameter password : String | HashWithoutSalt.cs:37:28:37:72 | call to method GetBytes : Byte[] |
5+
| HashWithoutSalt.cs:69:28:69:72 | call to method GetBytes : Byte[] | HashWithoutSalt.cs:70:48:70:56 | access to local variable passBytes |
6+
| HashWithoutSalt.cs:69:64:69:71 | access to parameter password : String | HashWithoutSalt.cs:69:28:69:72 | call to method GetBytes : Byte[] |
57
nodes
68
| HashWithoutSalt.cs:17:70:17:77 | access to parameter password : String | semmle.label | access to parameter password : String |
79
| HashWithoutSalt.cs:19:49:19:56 | access to local variable passBuff | semmle.label | access to local variable passBuff |
810
| HashWithoutSalt.cs:37:28:37:72 | call to method GetBytes : Byte[] | semmle.label | call to method GetBytes : Byte[] |
911
| HashWithoutSalt.cs:37:64:37:71 | access to parameter password : String | semmle.label | access to parameter password : String |
1012
| HashWithoutSalt.cs:38:51:38:59 | access to local variable passBytes | semmle.label | access to local variable passBytes |
13+
| HashWithoutSalt.cs:69:28:69:72 | call to method GetBytes : Byte[] | semmle.label | call to method GetBytes : Byte[] |
14+
| HashWithoutSalt.cs:69:64:69:71 | access to parameter password : String | semmle.label | access to parameter password : String |
15+
| HashWithoutSalt.cs:70:48:70:56 | access to local variable passBytes | semmle.label | access to local variable passBytes |
1116
#select
1217
| HashWithoutSalt.cs:19:49:19:56 | access to local variable passBuff | HashWithoutSalt.cs:17:70:17:77 | access to parameter password : String | HashWithoutSalt.cs:19:49:19:56 | access to local variable passBuff | $@ is hashed without a salt. | HashWithoutSalt.cs:17:70:17:77 | access to parameter password | The password |
1318
| HashWithoutSalt.cs:38:51:38:59 | access to local variable passBytes | HashWithoutSalt.cs:37:64:37:71 | access to parameter password : String | HashWithoutSalt.cs:38:51:38:59 | access to local variable passBytes | $@ is hashed without a salt. | HashWithoutSalt.cs:37:64:37:71 | access to parameter password | The password |
19+
| HashWithoutSalt.cs:70:48:70:56 | access to local variable passBytes | HashWithoutSalt.cs:69:64:69:71 | access to parameter password : String | HashWithoutSalt.cs:70:48:70:56 | access to local variable passBytes | $@ is hashed without a salt. | HashWithoutSalt.cs:69:64:69:71 | access to parameter password | The password |

0 commit comments

Comments
 (0)