Skip to content

Commit 941df4f

Browse files
joefarebrotherjoefarebrother
committed
Add test for cleartext storage
1 parent cb2b2bc commit 941df4f

File tree

4 files changed

+48
-22
lines changed

4 files changed

+48
-22
lines changed

csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsinks/ExternalLocationSink.qll

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -65,19 +65,21 @@ class CookieStorageSink extends ExternalLocationSink, RemoteFlowSink {
6565
}
6666
}
6767

68+
69+
6870
private predicate isFileWriteCall(Expr stream, Expr data) {
6971
exists(MethodCall mc, Method m | mc.getTarget() = m.getAnOverrider*() |
70-
mc.getTarget().hasQualifiedName("System.IO", "Stream", ["Write", "WriteAsync"]) and
72+
m.hasQualifiedName("System.IO", "Stream", ["Write", "WriteAsync"]) and
7173
stream = mc.getQualifier() and
7274
data = mc.getArgument(0)
7375
or
74-
mc.getTarget()
76+
m
7577
.hasQualifiedName("System.IO", "TextWriter",
7678
["Write", "WriteAsync", "WriteLine", "WriteLineAsync"]) and
7779
stream = mc.getQualifier() and
7880
data = mc.getArgument(0)
7981
or
80-
mc.getTarget().hasQualifiedName("System.Xml.Linq", "XDocument", ["Save", "SaveAsync"]) and
82+
m.hasQualifiedName("System.Xml.Linq", "XDocument", ["Save", "SaveAsync"]) and
8183
data = mc.getQualifier() and
8284
stream = mc.getArgument(0)
8385
)
@@ -117,15 +119,15 @@ private module LocalFileOutputStreamConfig implements DataFlow::ConfigSig {
117119
}
118120
}
119121

120-
private module LocalFileOutputStreamFlow = DataFlow::Make<LocalFileOutputStreamConfig>;
122+
private module LocalFileOutputStreamFlow = DataFlow::Global<LocalFileOutputStreamConfig>;
121123

122124
/**
123125
* A write to the local filesystem.
124126
*/
125127
class LocalFileOutputSink extends ExternalLocationSink {
126128
LocalFileOutputSink() {
127129
exists(DataFlow::Node streamSink |
128-
LocalFileOutputStreamFlow::hasFlow(_, streamSink) and
130+
LocalFileOutputStreamFlow::flow(_, streamSink) and
129131
isFileWriteCall(streamSink.asExpr(), this.asExpr())
130132
)
131133
}

csharp/ql/test/query-tests/Security Features/CWE-312/CleartextStorage.cs

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,8 @@
22
using System.Web;
33
using System.Web.Security;
44
using System.Windows.Forms;
5+
using System.IO;
6+
using System.Security.Cryptography;
57

68
public class ClearTextStorageHandler : IHttpHandler
79
{
@@ -24,13 +26,33 @@ public void ProcessRequest(HttpContext ctx)
2426
logger.Warn(GetPassword());
2527
// GOOD: Logging encrypted sensitive data
2628
logger.Warn(Encode(GetPassword(), "Password"));
29+
30+
// BAD: Storing sensitive data in local file
31+
using (var writeStream = File.Open("passwords.txt", FileMode.Create))
32+
{
33+
var writer = new StreamWriter(writeStream);
34+
writer.Write(GetPassword());
35+
writer.Close();
36+
}
37+
38+
// GOOD: Storing encrypted sensitive data
39+
using (var writeStream = File.Open("passwords.txt", FileMode.Create))
40+
{
41+
var writer = new StreamWriter(new CryptoStream(writeStream, GetEncryptor(), CryptoStreamMode.Write));
42+
writer.Write(GetPassword());
43+
writer.Close();
44+
}
2745
}
2846

2947
public string Encode(string value, string type)
3048
{
3149
return Encoding.UTF8.GetString(MachineKey.Protect(Encoding.UTF8.GetBytes(value), type));
3250
}
3351

52+
public ICryptoTransform GetEncryptor(){
53+
return null;
54+
}
55+
3456
public string GetPassword()
3557
{
3658
return "password";

csharp/ql/test/query-tests/Security Features/CWE-312/CleartextStorage.expected

Lines changed: 18 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -1,20 +1,22 @@
11
edges
22
nodes
3-
| CleartextStorage.cs:13:50:13:59 | access to field accountKey | semmle.label | access to field accountKey |
4-
| CleartextStorage.cs:14:62:14:74 | call to method GetPassword | semmle.label | call to method GetPassword |
5-
| CleartextStorage.cs:15:69:15:81 | call to method GetPassword | semmle.label | call to method GetPassword |
6-
| CleartextStorage.cs:16:50:16:63 | call to method GetAccountID | semmle.label | call to method GetAccountID |
7-
| CleartextStorage.cs:24:21:24:33 | call to method GetPassword | semmle.label | call to method GetPassword |
8-
| CleartextStorage.cs:72:21:72:33 | access to property Text | semmle.label | access to property Text |
9-
| CleartextStorage.cs:73:21:73:29 | access to property Text | semmle.label | access to property Text |
10-
| CleartextStorage.cs:74:21:74:29 | access to property Text | semmle.label | access to property Text |
3+
| CleartextStorage.cs:15:50:15:59 | access to field accountKey | semmle.label | access to field accountKey |
4+
| CleartextStorage.cs:16:62:16:74 | call to method GetPassword | semmle.label | call to method GetPassword |
5+
| CleartextStorage.cs:17:69:17:81 | call to method GetPassword | semmle.label | call to method GetPassword |
6+
| CleartextStorage.cs:18:50:18:63 | call to method GetAccountID | semmle.label | call to method GetAccountID |
7+
| CleartextStorage.cs:26:21:26:33 | call to method GetPassword | semmle.label | call to method GetPassword |
8+
| CleartextStorage.cs:34:26:34:38 | call to method GetPassword | semmle.label | call to method GetPassword |
9+
| CleartextStorage.cs:94:21:94:33 | access to property Text | semmle.label | access to property Text |
10+
| CleartextStorage.cs:95:21:95:29 | access to property Text | semmle.label | access to property Text |
11+
| CleartextStorage.cs:96:21:96:29 | access to property Text | semmle.label | access to property Text |
1112
subpaths
1213
#select
13-
| CleartextStorage.cs:13:50:13:59 | access to field accountKey | CleartextStorage.cs:13:50:13:59 | access to field accountKey | CleartextStorage.cs:13:50:13:59 | access to field accountKey | This stores sensitive data returned by $@ as clear text. | CleartextStorage.cs:13:50:13:59 | access to field accountKey | access to field accountKey |
14-
| CleartextStorage.cs:14:62:14:74 | call to method GetPassword | CleartextStorage.cs:14:62:14:74 | call to method GetPassword | CleartextStorage.cs:14:62:14:74 | call to method GetPassword | This stores sensitive data returned by $@ as clear text. | CleartextStorage.cs:14:62:14:74 | call to method GetPassword | call to method GetPassword |
15-
| CleartextStorage.cs:15:69:15:81 | call to method GetPassword | CleartextStorage.cs:15:69:15:81 | call to method GetPassword | CleartextStorage.cs:15:69:15:81 | call to method GetPassword | This stores sensitive data returned by $@ as clear text. | CleartextStorage.cs:15:69:15:81 | call to method GetPassword | call to method GetPassword |
16-
| CleartextStorage.cs:16:50:16:63 | call to method GetAccountID | CleartextStorage.cs:16:50:16:63 | call to method GetAccountID | CleartextStorage.cs:16:50:16:63 | call to method GetAccountID | This stores sensitive data returned by $@ as clear text. | CleartextStorage.cs:16:50:16:63 | call to method GetAccountID | call to method GetAccountID |
17-
| CleartextStorage.cs:24:21:24:33 | call to method GetPassword | CleartextStorage.cs:24:21:24:33 | call to method GetPassword | CleartextStorage.cs:24:21:24:33 | call to method GetPassword | This stores sensitive data returned by $@ as clear text. | CleartextStorage.cs:24:21:24:33 | call to method GetPassword | call to method GetPassword |
18-
| CleartextStorage.cs:72:21:72:33 | access to property Text | CleartextStorage.cs:72:21:72:33 | access to property Text | CleartextStorage.cs:72:21:72:33 | access to property Text | This stores sensitive data returned by $@ as clear text. | CleartextStorage.cs:72:21:72:33 | access to property Text | access to property Text |
19-
| CleartextStorage.cs:73:21:73:29 | access to property Text | CleartextStorage.cs:73:21:73:29 | access to property Text | CleartextStorage.cs:73:21:73:29 | access to property Text | This stores sensitive data returned by $@ as clear text. | CleartextStorage.cs:73:21:73:29 | access to property Text | access to property Text |
20-
| CleartextStorage.cs:74:21:74:29 | access to property Text | CleartextStorage.cs:74:21:74:29 | access to property Text | CleartextStorage.cs:74:21:74:29 | access to property Text | This stores sensitive data returned by $@ as clear text. | CleartextStorage.cs:74:21:74:29 | access to property Text | access to property Text |
14+
| CleartextStorage.cs:15:50:15:59 | access to field accountKey | CleartextStorage.cs:15:50:15:59 | access to field accountKey | CleartextStorage.cs:15:50:15:59 | access to field accountKey | This stores sensitive data returned by $@ as clear text. | CleartextStorage.cs:15:50:15:59 | access to field accountKey | access to field accountKey |
15+
| CleartextStorage.cs:16:62:16:74 | call to method GetPassword | CleartextStorage.cs:16:62:16:74 | call to method GetPassword | CleartextStorage.cs:16:62:16:74 | call to method GetPassword | This stores sensitive data returned by $@ as clear text. | CleartextStorage.cs:16:62:16:74 | call to method GetPassword | call to method GetPassword |
16+
| CleartextStorage.cs:17:69:17:81 | call to method GetPassword | CleartextStorage.cs:17:69:17:81 | call to method GetPassword | CleartextStorage.cs:17:69:17:81 | call to method GetPassword | This stores sensitive data returned by $@ as clear text. | CleartextStorage.cs:17:69:17:81 | call to method GetPassword | call to method GetPassword |
17+
| CleartextStorage.cs:18:50:18:63 | call to method GetAccountID | CleartextStorage.cs:18:50:18:63 | call to method GetAccountID | CleartextStorage.cs:18:50:18:63 | call to method GetAccountID | This stores sensitive data returned by $@ as clear text. | CleartextStorage.cs:18:50:18:63 | call to method GetAccountID | call to method GetAccountID |
18+
| CleartextStorage.cs:26:21:26:33 | call to method GetPassword | CleartextStorage.cs:26:21:26:33 | call to method GetPassword | CleartextStorage.cs:26:21:26:33 | call to method GetPassword | This stores sensitive data returned by $@ as clear text. | CleartextStorage.cs:26:21:26:33 | call to method GetPassword | call to method GetPassword |
19+
| CleartextStorage.cs:34:26:34:38 | call to method GetPassword | CleartextStorage.cs:34:26:34:38 | call to method GetPassword | CleartextStorage.cs:34:26:34:38 | call to method GetPassword | This stores sensitive data returned by $@ as clear text. | CleartextStorage.cs:34:26:34:38 | call to method GetPassword | call to method GetPassword |
20+
| CleartextStorage.cs:94:21:94:33 | access to property Text | CleartextStorage.cs:94:21:94:33 | access to property Text | CleartextStorage.cs:94:21:94:33 | access to property Text | This stores sensitive data returned by $@ as clear text. | CleartextStorage.cs:94:21:94:33 | access to property Text | access to property Text |
21+
| CleartextStorage.cs:95:21:95:29 | access to property Text | CleartextStorage.cs:95:21:95:29 | access to property Text | CleartextStorage.cs:95:21:95:29 | access to property Text | This stores sensitive data returned by $@ as clear text. | CleartextStorage.cs:95:21:95:29 | access to property Text | access to property Text |
22+
| CleartextStorage.cs:96:21:96:29 | access to property Text | CleartextStorage.cs:96:21:96:29 | access to property Text | CleartextStorage.cs:96:21:96:29 | access to property Text | This stores sensitive data returned by $@ as clear text. | CleartextStorage.cs:96:21:96:29 | access to property Text | access to property Text |

csharp/ql/test/query-tests/Security Features/CWE-312/options

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
semmle-extractor-options: ${testdir}/../../../resources/stubs/System.Web.cs /r:System.Collections.Specialized.dll {testdir}/../../../../resources/stubs/System.Windows.cs
1+
semmle-extractor-options: ${testdir}/../../../resources/stubs/System.Web.cs /r:System.Collections.Specialized.dll /r:System.Security.Cryptography.dll {testdir}/../../../../resources/stubs/System.Windows.cs

0 commit comments

Comments
 (0)