Merge pull request github#6055 from RasmusWL/rsa-modeling

Approved by yoff

Author: codeql-ci

docs/codeql/support/reusables/frameworks.rst

@@ -176,3 +176,4 @@ Python built-in support
    cryptography, Cryptography library
    pycryptodome, Cryptography library
    pycryptodomex, Cryptography library
+   rsa, Cryptography library

python/change-notes/2021-06-09-rsa-add-modeling.md

@@ -0,0 +1,2 @@
+lgtm,codescanning
+* Added modeling of the PyPI package `rsa`.

python/ql/src/semmle/python/Frameworks.qll

@@ -20,6 +20,7 @@ private import semmle.python.frameworks.Mysql
 private import semmle.python.frameworks.MySQLdb
 private import semmle.python.frameworks.Psycopg2
 private import semmle.python.frameworks.PyMySQL
+private import semmle.python.frameworks.Rsa
 private import semmle.python.frameworks.Simplejson
 private import semmle.python.frameworks.Stdlib
 private import semmle.python.frameworks.Tornado

python/ql/src/semmle/python/frameworks/Rsa.qll

@@ -0,0 +1,141 @@
+/**
+ * Provides classes modeling security-relevant aspects of the `rsa` PyPI package.
+ * See https://stuvel.eu/python-rsa-doc/.
+ */
+
+private import python
+private import semmle.python.dataflow.new.DataFlow
+private import semmle.python.dataflow.new.TaintTracking
+private import semmle.python.Concepts
+private import semmle.python.ApiGraphs
+
+/**
+ * Provides models for the `rsa` PyPI package.
+ * See https://stuvel.eu/python-rsa-doc/.
+ */
+private module Rsa {
+  /**
+   * A call to `rsa.newkeys`
+   *
+   * See https://stuvel.eu/python-rsa-doc/reference.html#rsa.newkeys
+   */
+  class RsaNewkeysCall extends Cryptography::PublicKey::KeyGeneration::RsaRange,
+    DataFlow::CallCfgNode {
+    RsaNewkeysCall() { this = API::moduleImport("rsa").getMember("newkeys").getACall() }
+
+    override DataFlow::Node getKeySizeArg() {
+      result in [this.getArg(0), this.getArgByName("nbits")]
+    }
+  }
+
+  /**
+   * A call to `rsa.encrypt`
+   *
+   * See https://stuvel.eu/python-rsa-doc/reference.html#rsa.encrypt
+   */
+  class RsaEncryptCall extends Cryptography::CryptographicOperation::Range, DataFlow::CallCfgNode {
+    RsaEncryptCall() { this = API::moduleImport("rsa").getMember("encrypt").getACall() }
+
+    override Cryptography::CryptographicAlgorithm getAlgorithm() { result.getName() = "RSA" }
+
+    override DataFlow::Node getAnInput() {
+      result in [this.getArg(0), this.getArgByName("message")]
+    }
+  }
+
+  /**
+   * A call to `rsa.decrypt`
+   *
+   * See https://stuvel.eu/python-rsa-doc/reference.html#rsa.decrypt
+   */
+  class RsaDecryptCall extends Cryptography::CryptographicOperation::Range, DataFlow::CallCfgNode {
+    RsaDecryptCall() { this = API::moduleImport("rsa").getMember("decrypt").getACall() }
+
+    override Cryptography::CryptographicAlgorithm getAlgorithm() { result.getName() = "RSA" }
+
+    override DataFlow::Node getAnInput() { result in [this.getArg(0), this.getArgByName("crypto")] }
+  }
+
+  /**
+   * A call to `rsa.sign`, which both hashes and signs in the input message.
+   *
+   * See https://stuvel.eu/python-rsa-doc/reference.html#rsa.sign
+   */
+  class RsaSignCall extends Cryptography::CryptographicOperation::Range, DataFlow::CallCfgNode {
+    RsaSignCall() { this = API::moduleImport("rsa").getMember("sign").getACall() }
+
+    override Cryptography::CryptographicAlgorithm getAlgorithm() {
+      // signature part
+      result.getName() = "RSA"
+      or
+      // hashing part
+      exists(StrConst str, DataFlow::Node hashNameArg |
+        hashNameArg in [this.getArg(2), this.getArgByName("hash_method")] and
+        DataFlow::exprNode(str) = hashNameArg.getALocalSource() and
+        result.matchesName(str.getText())
+      )
+    }
+
+    override DataFlow::Node getAnInput() {
+      result in [this.getArg(0), this.getArgByName("message")]
+    }
+  }
+
+  /**
+   * A call to `rsa.verify`
+   *
+   * See https://stuvel.eu/python-rsa-doc/reference.html#rsa.verify
+   */
+  class RsaVerifyCall extends Cryptography::CryptographicOperation::Range, DataFlow::CallCfgNode {
+    RsaVerifyCall() { this = API::moduleImport("rsa").getMember("verify").getACall() }
+
+    override Cryptography::CryptographicAlgorithm getAlgorithm() {
+      // note that technically there is also a hashing operation going on but we don't
+      // know what algorithm is used up front, since it is encoded in the signature
+      result.getName() = "RSA"
+    }
+
+    override DataFlow::Node getAnInput() {
+      result in [this.getArg(0), this.getArgByName("message")]
+      or
+      result in [this.getArg(1), this.getArgByName("signature")]
+    }
+  }
+
+  /**
+   * A call to `rsa.compute_hash`
+   *
+   * See https://stuvel.eu/python-rsa-doc/reference.html#rsa.compute_hash
+   */
+  class RsaComputeHashCall extends Cryptography::CryptographicOperation::Range,
+    DataFlow::CallCfgNode {
+    RsaComputeHashCall() { this = API::moduleImport("rsa").getMember("compute_hash").getACall() }
+
+    override Cryptography::CryptographicAlgorithm getAlgorithm() {
+      exists(StrConst str, DataFlow::Node hashNameArg |
+        hashNameArg in [this.getArg(1), this.getArgByName("method_name")] and
+        DataFlow::exprNode(str) = hashNameArg.getALocalSource() and
+        result.matchesName(str.getText())
+      )
+    }
+
+    override DataFlow::Node getAnInput() {
+      result in [this.getArg(0), this.getArgByName("message")]
+    }
+  }
+
+  /**
+   * A call to `rsa.sign_hash`
+   *
+   * See https://stuvel.eu/python-rsa-doc/reference.html#rsa.sign_hash
+   */
+  class RsaSignHashCall extends Cryptography::CryptographicOperation::Range, DataFlow::CallCfgNode {
+    RsaSignHashCall() { this = API::moduleImport("rsa").getMember("sign_hash").getACall() }
+
+    override Cryptography::CryptographicAlgorithm getAlgorithm() { result.getName() = "RSA" }
+
+    override DataFlow::Node getAnInput() {
+      result in [this.getArg(0), this.getArgByName("hash_value")]
+    }
+  }
+}

python/ql/test/library-tests/frameworks/rsa/ConceptsTest.expected

@@ -0,0 +1,2 @@
+import python
+import experimental.meta.ConceptsTest

python/ql/test/library-tests/frameworks/rsa/ConceptsTest.ql

@@ -0,0 +1,3 @@
+argumentToEnsureNotTaintedNotMarkedAsSpurious
+untaintedArgumentToEnsureTaintedNotMarkedAsMissing
+failures

python/ql/test/library-tests/frameworks/rsa/InlineTaintTest.expected

@@ -0,0 +1 @@
+import experimental.meta.InlineTaintTest

python/ql/test/library-tests/frameworks/rsa/InlineTaintTest.ql

@@ -0,0 +1,68 @@
+# Following examples from https://stuvel.eu/python-rsa-doc/usage.html
+import rsa
+
+# using a rather low keysize, since otherwise it takes quite long to run.
+(public_key, private_key) = rsa.newkeys(512) # $ PublicKeyGeneration keySize=512
+(public_key, private_key) = rsa.newkeys(nbits=512) # $ PublicKeyGeneration keySize=512
+
+
+# ------------------------------------------------------------------------------
+# encrypt/decrypt
+# ------------------------------------------------------------------------------
+
+# Note: These are using PKCS#1 v1.5
+
+print("encrypt/decrypt")
+
+secret_message = b"secret message"
+
+encrypted = rsa.encrypt(secret_message, public_key) # $ CryptographicOperation CryptographicOperationAlgorithm=RSA CryptographicOperationInput=secret_message
+encrypted = rsa.encrypt(message=secret_message, pub_key=public_key) # $ CryptographicOperation CryptographicOperationAlgorithm=RSA CryptographicOperationInput=secret_message
+
+print("encrypted={}".format(encrypted))
+
+print()
+
+decrypted = rsa.decrypt(encrypted, private_key) # $ CryptographicOperation CryptographicOperationAlgorithm=RSA CryptographicOperationInput=encrypted
+decrypted = rsa.decrypt(crypto=encrypted, priv_key=private_key) # $ CryptographicOperation CryptographicOperationAlgorithm=RSA CryptographicOperationInput=encrypted
+
+print("decrypted={}".format(decrypted))
+assert decrypted == secret_message
+
+print("\n---\n")
+
+# ------------------------------------------------------------------------------
+# sign/verify
+# ------------------------------------------------------------------------------
+
+# Note: These are using PKCS#1 v1.5
+
+print("sign/verify")
+
+message = b"message"
+other_message = b"other message"
+
+hash = rsa.compute_hash(message, "SHA-256") # $ CryptographicOperation CryptographicOperationAlgorithm=SHA256 CryptographicOperationInput=message
+hash = rsa.compute_hash(message=message, method_name="SHA-256") # $ CryptographicOperation CryptographicOperationAlgorithm=SHA256 CryptographicOperationInput=message
+signature_from_hash = rsa.sign_hash(hash, private_key, "SHA-256") # $ CryptographicOperation CryptographicOperationAlgorithm=RSA CryptographicOperationInput=hash
+signature_from_hash = rsa.sign_hash(hash_value=hash, priv_key=private_key, hash_method="SHA-256") # $ CryptographicOperation CryptographicOperationAlgorithm=RSA CryptographicOperationInput=hash
+
+signature = rsa.sign(message, private_key, "SHA-256") # $ CryptographicOperation CryptographicOperationAlgorithm=RSA CryptographicOperationAlgorithm=SHA256 CryptographicOperationInput=message
+signature = rsa.sign(message=message, priv_key=private_key, hash_method="SHA-256") # $ CryptographicOperation CryptographicOperationAlgorithm=RSA CryptographicOperationAlgorithm=SHA256 CryptographicOperationInput=message
+
+assert signature == signature_from_hash
+
+print("signature={}".format(signature))
+
+print()
+
+rsa.verify(message, signature, public_key) # $ CryptographicOperation CryptographicOperationAlgorithm=RSA CryptographicOperationInput=message CryptographicOperationInput=signature
+rsa.verify(message=message, signature=signature, pub_key=public_key) # $ CryptographicOperation CryptographicOperationAlgorithm=RSA CryptographicOperationInput=message CryptographicOperationInput=signature
+
+print("Signature verified (as expected)")
+
+try:
+    rsa.verify(other_message, signature, public_key) # $ CryptographicOperation CryptographicOperationAlgorithm=RSA CryptographicOperationInput=other_message CryptographicOperationInput=signature
+    raise Exception("Signature verified (unexpected)")
+except rsa.VerificationError:
+    print("Signature mismatch (as expected)")