Merge pull request github#7252 from museljh/feature/cwe-338

RasmusWL · web-flow · commit eb109828c0a1 · 2022-02-07T19:30:06.000+01:00
Python: CWE-338 insecureRandomness
diff --git a/python/ql/src/experimental/Security/CWE-338/InsecureRandomness.qhelp b/python/ql/src/experimental/Security/CWE-338/InsecureRandomness.qhelp
@@ -0,0 +1,48 @@
+<!DOCTYPE qhelp PUBLIC
+"-//Semmle//qhelp//EN"
+"qhelp.dtd">
+<qhelp>
+<overview>
+<p>
+Using a cryptographically weak pseudo-random number generator to generate a security-sensitive value,
+such as a password, makes it easier for an attacker to predict the value.
+</p>
+<p>
+Pseudo-random number generators generate a sequence of numbers that only approximates the properties
+of random numbers. The sequence is not truly random because it is completely determined by a
+relatively small set of initial values, the seed. If the random number generator is
+cryptographically weak, then this sequence may be easily predictable through outside observations.
+</p>
+</overview>
+<recommendation>
+<p>
+Use a cryptographically secure pseudo-random number generator if the output is to be used in a
+security sensitive context. As a rule of thumb, a value should be considered "security sensitive"
+if predicting it would allow the attacker to perform an action that they would otherwise be unable
+to perform. For example, if an attacker could predict the random password generated for a new user,
+they would be able to log in as that new user.
+</p>
+<p>
+For Python, <code>secrets</code> provides a cryptographically secure pseudo-random
+number generator. <code>random</code> is not cryptographically secure, and should be avoided in
+security contexts.
+</p>
+</recommendation>
+
+<example>
+<p>
+The example below uses the <code>random</code> package instead of <code>secrets</code> to generate a password:
+</p>
+<sample src="examples/InsecureRandomness.py" />
+<p>
+Instead, use <code>secrets</code>:
+</p>
+<sample src="examples/InsecureRandomnessGood.py" />
+</example>
+
+<references>
+  <li>Wikipedia. <a href="http://en.wikipedia.org/wiki/Pseudorandom_number_generator">Pseudo-random number generator</a>.</li>
+  <li>OWASP: <a href="https://owasp.org/www-community/vulnerabilities/Insecure_Randomness">Insecure Randomness</a>.</li>
+  <li>OWASP: <a href="https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html#secure-random-number-generation">Secure Random Number Generation</a>.</li>
+</references>
+</qhelp>
diff --git a/python/ql/src/experimental/Security/CWE-338/InsecureRandomness.ql b/python/ql/src/experimental/Security/CWE-338/InsecureRandomness.ql
@@ -0,0 +1,23 @@
+/**
+ * @name Insecure randomness
+ * @description Using a cryptographically weak pseudo-random number generator to generate a
+ *              security-sensitive value may allow an attacker to predict what value will
+ *              be generated.
+ * @kind path-problem
+ * @problem.severity warning
+ * @security-severity 7.8
+ * @precision high
+ * @id py/insecure-randomness
+ * @tags security
+ *       external/cwe/cwe-338
+ */
+
+import python
+import experimental.semmle.python.security.InsecureRandomness::InsecureRandomness
+import semmle.python.dataflow.new.DataFlow
+import DataFlow::PathGraph
+
+from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
+where cfg.hasFlowPath(source, sink)
+select sink.getNode(), source, sink, "Cryptographically insecure $@ in a security context.",
+  source.getNode(), "random value"
diff --git a/python/ql/src/experimental/Security/CWE-338/examples/InsecureRandomness.py b/python/ql/src/experimental/Security/CWE-338/examples/InsecureRandomness.py
@@ -0,0 +1,6 @@
+import random
+
+
+def generatePassword():
+    # BAD: the random is not cryptographically secure
+    return random.random()
diff --git a/python/ql/src/experimental/Security/CWE-338/examples/InsecureRandomnessGood.py b/python/ql/src/experimental/Security/CWE-338/examples/InsecureRandomnessGood.py
@@ -0,0 +1,7 @@
+import secrets
+
+
+def generatePassword():
+    # GOOD: the random is cryptographically secure
+    secret_generator = secrets.SystemRandom()
+    return secret_generator.random()
diff --git a/python/ql/src/experimental/semmle/python/security/InsecureRandomness.qll b/python/ql/src/experimental/semmle/python/security/InsecureRandomness.qll
@@ -0,0 +1,37 @@
+/**
+ * Provides a taint tracking configuration for reasoning about random
+ * values that are not cryptographically secure.
+ *
+ * Note, for performance reasons: only import this file if
+ * `InsecureRandomness::Configuration` is needed, otherwise
+ * `InsecureRandomnessCustomizations` should be imported instead.
+ */
+
+private import python
+import semmle.python.dataflow.new.DataFlow
+import semmle.python.dataflow.new.TaintTracking
+
+/**
+ * A taint tracking configuration for random values that are not cryptographically secure.
+ */
+module InsecureRandomness {
+  import InsecureRandomnessCustomizations::InsecureRandomness
+
+  /**
+   * A taint-tracking configuration for reasoning about random values that are
+   * not cryptographically secure.
+   */
+  class Configuration extends TaintTracking::Configuration {
+    Configuration() { this = "InsecureRandomness" }
+
+    override predicate isSource(DataFlow::Node source) { source instanceof Source }
+
+    override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
+
+    override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
+
+    override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) {
+      guard instanceof SanitizerGuard
+    }
+  }
+}
diff --git a/python/ql/src/experimental/semmle/python/security/InsecureRandomnessCustomizations.qll b/python/ql/src/experimental/semmle/python/security/InsecureRandomnessCustomizations.qll
@@ -0,0 +1,79 @@
+/**
+ * Provides default sources, sinks and sanitizers for reasoning about random values that are
+ * not cryptographically secure, as well as extension points for adding your own.
+ */
+
+private import python
+private import semmle.python.ApiGraphs
+private import semmle.python.Concepts
+private import semmle.python.dataflow.new.BarrierGuards
+private import semmle.python.dataflow.new.internal.DataFlowPrivate
+
+/**
+ * Provides default sources, sinks and sanitizers for reasoning about random values that are
+ * not cryptographically secure, as well as extension points for adding your own.
+ */
+module InsecureRandomness {
+  /**
+   * A data flow source for random values that are not cryptographically secure.
+   */
+  abstract class Source extends DataFlow::Node { }
+
+  /**
+   * A data flow sink for random values that are not cryptographically secure.
+   */
+  abstract class Sink extends DataFlow::Node { }
+
+  /**
+   * A sanitizer for random values that are not cryptographically secure.
+   */
+  abstract class Sanitizer extends DataFlow::Node { }
+
+  /**
+   * A sanitizer guard for random values that are not cryptographically secure.
+   */
+  abstract class SanitizerGuard extends DataFlow::BarrierGuard { }
+
+  /**
+   * A random source that is not sufficient for security use. So far this is only made up
+   * of the math package's rand function, more insufficient random sources can be added here.
+   */
+  class InsecureRandomSource extends Source {
+    InsecureRandomSource() {
+      this =
+        API::moduleImport("random")
+            .getMember([
+                "betavariate", "choice", "choices", "expovariate", "gammavariate", "gauss",
+                "getrandbits", "getstate", "lognormvariate", "normalvariate", "paretovariate",
+                "randbytes", "randint", "random", "randrange", "sample", "seed", "setstate",
+                "shuffle", "triangular", "uniform", "vonmisesvariate", "weibullvariate"
+              ])
+            .getACall()
+    }
+  }
+
+  /**
+   * A use in a function that heuristically deals with unsafe random numbers or random strings.
+   */
+  class RandomFnSink extends Sink {
+    RandomFnSink() {
+      exists(DataFlowCallable randomFn |
+        randomFn
+            .getName()
+            .regexpMatch("(?i).*(gen(erate)?|make|mk|create).*(nonce|salt|pepper|Password).*")
+      |
+        this.getEnclosingCallable() = randomFn
+      )
+    }
+  }
+
+  /**
+   * A cryptographic key, considered as a sink for random values that are not cryptographically
+   * secure.
+   */
+  class CryptoKeySink extends Sink {
+    CryptoKeySink() {
+      exists(Cryptography::CryptographicOperation operation | this = operation.getAnInput())
+    }
+  }
+}
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-338/InsecureRandomness.expected b/python/ql/test/experimental/query-tests/Security/CWE-338/InsecureRandomness.expected
@@ -0,0 +1,6 @@
+edges
+nodes
+| InsecureRandomness.py:5:12:5:26 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
+subpaths
+#select
+| InsecureRandomness.py:5:12:5:26 | ControlFlowNode for Attribute() | InsecureRandomness.py:5:12:5:26 | ControlFlowNode for Attribute() | InsecureRandomness.py:5:12:5:26 | ControlFlowNode for Attribute() | Cryptographically insecure $@ in a security context. | InsecureRandomness.py:5:12:5:26 | ControlFlowNode for Attribute() | random value |
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-338/InsecureRandomness.py b/python/ql/test/experimental/query-tests/Security/CWE-338/InsecureRandomness.py
@@ -0,0 +1,5 @@
+import random
+
+def generatePassword():
+    # BAD: the random is not cryptographically secure
+    return random.random()
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-338/InsecureRandomness.qlref b/python/ql/test/experimental/query-tests/Security/CWE-338/InsecureRandomness.qlref
@@ -0,0 +1 @@
+experimental/Security/CWE-338/InsecureRandomness.ql

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+experimental/Security/CWE-338/InsecureRandomness.ql`