C++: Improve the cpp/cleartext-* query examples by using libsodium rather than pseudocode.

geoffw0 · geoffw0 · commit f931dab14a7e · 2024-07-22T11:17:33.000+01:00
diff --git a/cpp/ql/src/Security/CWE/CWE-311/CleartextStorage.c b/cpp/ql/src/Security/CWE/CWE-311/CleartextStorage.c
@@ -1,12 +1,31 @@
-void writeCredentials() {
-  char *password = "cleartext password";
-  FILE* file = fopen("credentials.txt", "w");
-  
+#include <sodium.h>
+#include <stdio.h>
+#include <string.h>
+
+void writeCredentialsBad(FILE *file, const char *cleartextCredentials) {
   // BAD: write password to disk in cleartext
-  fputs(password, file);
-  
-  // GOOD: encrypt password first
-  char *encrypted = encrypt(password);
-  fputs(encrypted, file);
+  fputs(cleartextCredentials, file);
 }
 
+int writeCredentialsGood(FILE *file, const char *cleartextCredentials, const unsigned char *key, const unsigned char *nonce) {
+  size_t credentialsLen = strlen(cleartextCredentials);
+  size_t ciphertext_len = crypto_secretbox_MACBYTES + credentialsLen;
+  unsigned char *ciphertext = malloc(ciphertext_len);
+  if (!ciphertext) {
+    logError();
+    return -1;
+  }
+
+  // encrypt the password first
+  if (crypto_secretbox_easy(ciphertext, (const unsigned char *)cleartextCredentials, credentialsLen, nonce, key) != 0) {
+    free(ciphertext);
+    logError();
+    return -1;
+  }
+
+  // GOOD: write encrypted password to disk
+  fwrite(ciphertext, 1, ciphertext_len, file);
+
+  free(ciphertext);
+  return 0;
+}
diff --git a/cpp/ql/src/Security/CWE/CWE-311/CleartextStorage.inc.qhelp b/cpp/ql/src/Security/CWE/CWE-311/CleartextStorage.inc.qhelp
@@ -19,15 +19,20 @@ cleartext.</p>
 <example>
 
 <p>The following example shows two ways of storing user credentials in a file. In the 'BAD' case,
-the credentials are simply stored in cleartext. In the 'GOOD' case, the credentials are encrypted before 
+the credentials are simply stored in cleartext. In the 'GOOD' case, the credentials are encrypted before
 storing them.</p>
 
 <sample src="CleartextStorage.c" />
 
+<p>Note that for the good example to work we need to link against the encryption library (in this case libsodium),
+initialize it with a call to <code>sodium_init</code>, and create the key and nonce with
+<code>crypto_secretbox_keygen</code> and <code>randombytes_buf</code> respectively. We also need to store those
+details securely so they can be used for decryption.</p>
+
 </example>
 <references>
 
-<li>M. Dowd, J. McDonald and J. Schuhm, <i>The Art of Software Security Assessment</i>, 1st Edition, Chapter 2 - 'Common Vulnerabilities of Encryption', p. 43. Addison Wesley, 2006.</li> 
+<li>M. Dowd, J. McDonald and J. Schuhm, <i>The Art of Software Security Assessment</i>, 1st Edition, Chapter 2 - 'Common Vulnerabilities of Encryption', p. 43. Addison Wesley, 2006.</li>
 <li>M. Howard and D. LeBlanc, <i>Writing Secure Code</i>, 2nd Edition, Chapter 9 - 'Protecting Secret Data', p. 299. Microsoft, 2002.</li>
 
 
