Merge pull request #38 from doublegate/copilot/fix-code-scanning-vulnerabilities

Document RFC 5389-mandated cryptographic algorithms in STUN implementation

Author: doublegate

.github/codeql/codeql-config.yml

@@ -0,0 +1,38 @@
+# CodeQL Configuration for WRAITH Protocol
+#
+# This configuration file customizes CodeQL analysis to handle protocol-specific
+# requirements and justified use of legacy algorithms.
+
+name: "WRAITH CodeQL Config"
+
+# Disable specific queries that flag RFC-mandated algorithm usage
+# These are not security vulnerabilities in our context
+disable-default-queries: false
+
+# Query configuration
+queries:
+  - uses: security-extended
+
+# Query filters to handle known false positives
+# Note: CodeQL for Rust doesn't yet support query-level suppressions via config,
+# but we document the justifications here for transparency
+
+# Known justified uses (not actual vulnerabilities):
+# 1. MD5 in crates/wraith-discovery/src/nat/stun.rs
+#    - Required by RFC 5389 Section 15.4 for STUN long-term credential derivation
+#    - Used only for protocol compliance, not for collision resistance
+#    - Isolated to STUN implementation, not used elsewhere
+#
+# 2. SHA1 in crates/wraith-discovery/src/nat/stun.rs
+#    - Required by RFC 5389 Section 15.4 for STUN MESSAGE-INTEGRITY (HMAC-SHA1)
+#    - HMAC construction provides better security properties than plain SHA1
+#    - Protocol-mandated, cannot be changed without breaking STUN compatibility
+#
+# 3. HMAC-SHA1 in crates/wraith-discovery/src/nat/stun.rs
+#    - Required by RFC 5389 Section 15.4 for STUN authentication
+#    - HMAC provides keyed-hash security suitable for message authentication
+#    - Used only for STUN protocol, not for general cryptographic operations
+
+# For documentation of these justified uses, see:
+# - docs/security/rfc-required-algorithms.md
+# - Inline comments in crates/wraith-discovery/src/nat/stun.rs

.github/workflows/codeql.yml

@@ -60,10 +60,8 @@ jobs:
         uses: github/codeql-action/init@v4
         with:
           languages: ${{ matrix.language }}
-          # Use security-extended query suite for comprehensive analysis
-          queries: security-extended
-          # Optional: Add custom queries
-          # config-file: ./.github/codeql/codeql-config.yml
+          # Use custom config that documents justified algorithm usage
+          config-file: ./.github/codeql/codeql-config.yml
 
       # Install system dependencies required for Tauri (even though we exclude it)
       - name: Install system dependencies (Ubuntu)

crates/wraith-discovery/src/nat/stun.rs

@@ -8,8 +8,28 @@
 //! This implementation includes RFC 5389 MESSAGE-INTEGRITY authentication using
 //! HMAC-SHA1, transaction ID validation, and fingerprint verification for secure
 //! STUN operations.
+//!
+//! # Security Note on Cryptographic Algorithms
+//!
+//! **IMPORTANT:** This module uses MD5 and SHA1 algorithms as mandated by RFC 5389
+//! for STUN protocol compliance. While MD5 and SHA1 are considered cryptographically
+//! weak for general purposes, their use here is:
+//!
+//! 1. **RFC-Mandated**: RFC 5389 Section 15.4 specifically requires HMAC-SHA1 for
+//!    MESSAGE-INTEGRITY and MD5 for long-term credential key derivation.
+//! 2. **Protocol-Specific**: These algorithms are used only for STUN protocol
+//!    operations, not for general cryptographic purposes in WRAITH.
+//! 3. **Contextually Safe**: In the STUN context with proper authentication and
+//!    message integrity checks, the protocol provides adequate security for its
+//!    intended NAT traversal purpose.
+//!
+//! **DO NOT** use MD5 or SHA1 from this module for any other cryptographic
+//! operations. For general cryptography in WRAITH, use the strong algorithms
+//! provided in the `wraith-crypto` crate (e.g., BLAKE3, ChaCha20-Poly1305, X25519, Ed25519).
 
 use hmac::{Hmac, Mac};
+// These imports are required by RFC 5389 for STUN protocol compliance.
+// DO NOT use for general cryptographic purposes - see security note above.
 use md5::Md5;
 use sha1::Sha1;
 use std::collections::HashMap;
@@ -139,9 +159,17 @@ impl StunAuthentication {
     ///
     /// For long-term credentials: MD5(username:realm:password)
     /// For short-term credentials: password
+    ///
+    /// # Security Note
+    ///
+    /// This function uses MD5 as required by RFC 5389 Section 15.4 for STUN
+    /// long-term credential key derivation. This is a protocol requirement
+    /// and cannot be changed without breaking STUN compatibility.
+    /// MD5 is used here only for protocol compliance, not for collision resistance.
     fn derive_key(&self) -> Zeroizing<Vec<u8>> {
         if let Some(realm) = &self.realm {
             // Long-term credentials: MD5(username:realm:password)
+            // Required by RFC 5389 Section 15.4 - DO NOT change to a different hash
             use md5::Digest;
             let mut hasher = Md5::new();
             hasher.update(self.username.as_bytes());
@@ -583,6 +611,13 @@ impl StunMessage {
     /// Computes HMAC-SHA1 over the message up to (but not including) the
     /// MESSAGE-INTEGRITY attribute itself. Must be called before encoding.
     ///
+    /// # Security Note
+    ///
+    /// This function uses HMAC-SHA1 as mandated by RFC 5389 Section 15.4 for
+    /// STUN MESSAGE-INTEGRITY computation. This is a protocol requirement and
+    /// cannot be changed without breaking STUN compatibility with other implementations.
+    /// The use of HMAC-SHA1 here is for protocol compliance only.
+    ///
     /// # Arguments
     ///
     /// * `auth` - Authentication credentials
@@ -625,7 +660,7 @@ impl StunMessage {
         let msg_length = bytes.len() - HEADER_SIZE + 24;
         bytes[length_offset..length_offset + 2].copy_from_slice(&(msg_length as u16).to_be_bytes());
 
-        // Compute HMAC-SHA1
+        // Compute HMAC-SHA1 (RFC 5389 Section 15.4 requirement)
         let key = auth.derive_key();
         type HmacSha1 = Hmac<Sha1>;
         let mut mac = HmacSha1::new_from_slice(&key).expect("HMAC can take key of any size");
@@ -642,6 +677,11 @@ impl StunMessage {
     ///
     /// Validates that the MESSAGE-INTEGRITY HMAC is correct.
     ///
+    /// # Security Note
+    ///
+    /// This function uses HMAC-SHA1 as mandated by RFC 5389 Section 15.4 for
+    /// STUN MESSAGE-INTEGRITY verification. This is a protocol requirement.
+    ///
     /// # Arguments
     ///
     /// * `auth` - Authentication credentials
@@ -700,7 +740,7 @@ impl StunMessage {
             bytes.extend_from_slice(&attr.encode(&temp_msg.transaction_id));
         }
 
-        // Compute expected HMAC
+        // Compute expected HMAC (RFC 5389 Section 15.4 requirement)
         let key = auth.derive_key();
         type HmacSha1 = Hmac<Sha1>;
         let mut mac = HmacSha1::new_from_slice(&key).expect("HMAC can take key of any size");
@@ -1359,7 +1399,7 @@ mod tests {
     fn test_authentication_key_derivation_long_term() {
         let auth = StunAuthentication::new("user", "pass", Some("realm".to_string()));
         let key = auth.derive_key();
-        // Long-term credentials use MD5(username:realm:password)
+        // Long-term credentials use MD5(username:realm:password) as mandated by RFC 5389
         assert_eq!(key.len(), 16); // MD5 produces 16 bytes
     }
 }

docs/security/README.md

@@ -0,0 +1,77 @@
+# Security Documentation
+
+This directory contains security-related documentation for WRAITH Protocol.
+
+## Contents
+
+- **[rfc-required-algorithms.md](rfc-required-algorithms.md)** - Explanation of weak cryptographic algorithms required by protocol specifications (RFC 5389 STUN)
+
+## Code Scanning Alerts
+
+### Handling False Positives
+
+WRAITH Protocol undergoes automated security scanning using CodeQL and other tools.
+Some alerts may appear as "vulnerabilities" when they are actually:
+
+1. **Protocol requirements** - Algorithms mandated by RFCs for interoperability
+2. **Justified design decisions** - Documented trade-offs with security rationale
+3. **Tool limitations** - Scanner false positives or context misunderstandings
+
+### Current Justified Uses
+
+As of 2025-12-09, the following code patterns are flagged by security scanners
+but are **not vulnerabilities**:
+
+1. **MD5 usage in STUN** (`crates/wraith-discovery/src/nat/stun.rs`)
+   - Required by RFC 5389 for long-term credential derivation
+   - See [rfc-required-algorithms.md](rfc-required-algorithms.md)
+
+2. **SHA1 usage in STUN** (`crates/wraith-discovery/src/nat/stun.rs`)
+   - Required by RFC 5389 for HMAC-SHA1 in MESSAGE-INTEGRITY
+   - See [rfc-required-algorithms.md](rfc-required-algorithms.md)
+
+3. **HMAC-SHA1 in STUN** (`crates/wraith-discovery/src/nat/stun.rs`)
+   - Required by RFC 5389 for message authentication
+   - HMAC construction provides adequate security for STUN
+   - See [rfc-required-algorithms.md](rfc-required-algorithms.md)
+
+### Review Process
+
+When a new code scanning alert is raised:
+
+1. **Investigate** - Understand what the scanner detected
+2. **Evaluate** - Determine if it's a real vulnerability or false positive
+3. **Fix or Document** - Either fix the issue or document why it's justified
+4. **Track** - Update this documentation with the decision
+
+### Related Files
+
+- `.github/codeql/codeql-config.yml` - CodeQL configuration with justifications
+- `.github/workflows/codeql.yml` - CodeQL scanning workflow
+- Inline comments in source files explaining security decisions
+
+## Reporting Security Issues
+
+If you discover a security vulnerability in WRAITH Protocol:
+
+1. **Do not** open a public issue
+2. Review our [Security Policy](../../SECURITY.md)
+3. Report via the appropriate secure channel
+4. Allow time for a fix before public disclosure
+
+## Security Best Practices
+
+For developers working on WRAITH Protocol:
+
+1. **Use strong cryptography** - Prefer BLAKE3, ChaCha20-Poly1305, Ed25519, X25519
+2. **Avoid weak algorithms** - Do not use MD5, SHA1, RC4, DES except when RFC-mandated
+3. **Document exceptions** - Any use of weak algorithms must be documented and justified
+4. **Validate inputs** - Sanitize paths, validate sizes, check bounds
+5. **Zeroize secrets** - Clear sensitive data from memory after use
+6. **Review dependencies** - Check for known vulnerabilities before adding deps
+
+## Resources
+
+- [OWASP Cryptographic Storage Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html)
+- [NIST Cryptographic Standards](https://csrc.nist.gov/projects/cryptographic-standards-and-guidelines)
+- [Rust Security Guidelines](https://anssi-fr.github.io/rust-guide/)

docs/security/rfc-required-algorithms.md

@@ -0,0 +1,98 @@
+# RFC-Required Cryptographic Algorithms
+
+## Overview
+
+This document explains the use of weak cryptographic algorithms (MD5, SHA1) in
+WRAITH Protocol where they are mandated by external protocol specifications.
+
+## STUN Protocol (RFC 5389)
+
+### Background
+
+The STUN (Session Traversal Utilities for NAT) protocol is defined by RFC 5389
+and is used for NAT traversal and discovering server reflexive addresses. WRAITH
+uses STUN for peer discovery and connectivity.
+
+### Mandated Algorithms
+
+RFC 5389 Section 15.4 specifically requires:
+
+1. **HMAC-SHA1** for MESSAGE-INTEGRITY attribute computation
+2. **MD5** for long-term credential key derivation
+
+These requirements are part of the protocol specification and cannot be changed
+without breaking compatibility with other STUN implementations.
+
+### Security Context
+
+While MD5 and SHA1 are considered cryptographically weak for collision resistance,
+their use in STUN is acceptable because:
+
+1. **Limited Scope**: Used only for STUN protocol operations, not for general
+   cryptographic purposes
+2. **HMAC Construction**: HMAC-SHA1 provides better security properties than
+   plain SHA1 due to the keyed-hash design
+3. **Protocol-Level Security**: STUN includes additional security mechanisms like
+   transaction ID validation and fingerprint verification
+4. **Standard Compliance**: Required for interoperability with all STUN servers
+   and clients
+
+### Implementation Location
+
+- **Module**: `crates/wraith-discovery/src/nat/stun.rs`
+- **Dependencies**: `md-5 = "0.10"`, `sha1 = "0.10"`, `hmac = "0.12"`
+- **Usage**:
+  - `StunAuthentication::derive_key()` - MD5 for long-term credentials
+  - `StunMessage::add_message_integrity()` - HMAC-SHA1 for message integrity
+  - `StunMessage::verify_message_integrity()` - HMAC-SHA1 verification
+
+## Mitigation Strategy
+
+To prevent misuse of weak algorithms:
+
+1. **Isolated Usage**: MD5 and SHA1 are only imported in the STUN module
+2. **Documentation**: Extensive comments warn against using these algorithms
+   for other purposes
+3. **Strong Alternatives**: WRAITH's general cryptography (in `wraith-crypto`)
+   uses modern algorithms:
+   - BLAKE3 for hashing
+   - ChaCha20-Poly1305 for AEAD encryption
+   - Ed25519 for signatures
+   - X25519 for key exchange
+
+## Code Scanning Alerts
+
+Code scanning tools (CodeQL, etc.) may flag the use of MD5 and SHA1 as security
+vulnerabilities. These alerts are **expected and acceptable** for the STUN
+implementation because:
+
+1. The algorithms are mandated by RFC 5389
+2. Their use is properly documented and justified
+3. They are isolated to protocol-specific code
+4. Alternative algorithms would break STUN compatibility
+
+### Alert Suppression
+
+If code scanning alerts need to be suppressed:
+
+- **File**: `crates/wraith-discovery/src/nat/stun.rs`
+- **Justification**: RFC 5389 compliance requirement
+- **Scope**: Limited to STUN MESSAGE-INTEGRITY and credential derivation
+- **Alternative**: None available while maintaining STUN compatibility
+
+## References
+
+- [RFC 5389: Session Traversal Utilities for NAT (STUN)](https://datatracker.ietf.org/doc/html/rfc5389)
+- [RFC 5389 Section 15.4: MESSAGE-INTEGRITY](https://datatracker.ietf.org/doc/html/rfc5389#section-15.4)
+- [WRAITH Security Documentation](./README.md)
+
+## Review
+
+This document should be reviewed whenever:
+
+- STUN implementation is modified
+- New protocols with algorithm requirements are added
+- Code scanning tools are updated
+- Security best practices change
+
+Last Updated: 2025-12-09