Detect the scenario of passwords concatenated with a salt to reduce FPs

luchua-bc · luchua-bc · commit 86c04e6971b1 · 2021-01-11T16:59:57.000Z
diff --git a/java/ql/src/experimental/Security/CWE/CWE-759/HashWithoutSalt.ql b/java/ql/src/experimental/Security/CWE/CWE-759/HashWithoutSalt.ql
@@ -75,6 +75,20 @@ class HashWithoutSaltConfiguration extends TaintTracking::Configuration {
       )
     )
   }
+
+  /**
+   * Holds if a password is concatenated with a salt then hashed together through the call `System.arraycopy(password.getBytes(), ...)`. For example,
+   *  `System.arraycopy(password.getBytes(), 0, allBytes, 0, password.getBytes().length);`
+   *  `System.arraycopy(salt, 0, allBytes, password.getBytes().length, salt.length);`
+   *  `byte[] messageDigest = md.digest(allBytes);`
+   */
+  override predicate isSanitizer(DataFlow::Node node) {
+    exists(MethodAccess ma |
+      ma.getMethod().getDeclaringType().hasQualifiedName("java.lang", "System") and
+      ma.getMethod().hasName("arraycopy") and
+      ma.getArgument(0) = node.asExpr()
+    )
+  }
 }
 
 from DataFlow::PathNode source, DataFlow::PathNode sink, HashWithoutSaltConfiguration c
diff --git a/java/ql/test/experimental/query-tests/security/CWE-759/HashWithoutSalt.expected b/java/ql/test/experimental/query-tests/security/CWE-759/HashWithoutSalt.expected
@@ -1,11 +1,11 @@
 edges
-| HashWithoutSalt.java:9:36:9:43 | password : String | HashWithoutSalt.java:9:36:9:54 | getBytes(...) |
-| HashWithoutSalt.java:15:13:15:20 | password : String | HashWithoutSalt.java:15:13:15:31 | getBytes(...) |
+| HashWithoutSalt.java:10:36:10:43 | password : String | HashWithoutSalt.java:10:36:10:54 | getBytes(...) |
+| HashWithoutSalt.java:17:13:17:20 | password : String | HashWithoutSalt.java:17:13:17:31 | getBytes(...) |
 nodes
-| HashWithoutSalt.java:9:36:9:43 | password : String | semmle.label | password : String |
-| HashWithoutSalt.java:9:36:9:54 | getBytes(...) | semmle.label | getBytes(...) |
-| HashWithoutSalt.java:15:13:15:20 | password : String | semmle.label | password : String |
-| HashWithoutSalt.java:15:13:15:31 | getBytes(...) | semmle.label | getBytes(...) |
+| HashWithoutSalt.java:10:36:10:43 | password : String | semmle.label | password : String |
+| HashWithoutSalt.java:10:36:10:54 | getBytes(...) | semmle.label | getBytes(...) |
+| HashWithoutSalt.java:17:13:17:20 | password : String | semmle.label | password : String |
+| HashWithoutSalt.java:17:13:17:31 | getBytes(...) | semmle.label | getBytes(...) |
 #select
-| HashWithoutSalt.java:9:36:9:54 | getBytes(...) | HashWithoutSalt.java:9:36:9:43 | password : String | HashWithoutSalt.java:9:36:9:54 | getBytes(...) | $@ is hashed without a salt. | HashWithoutSalt.java:9:36:9:43 | password | The password |
-| HashWithoutSalt.java:15:13:15:31 | getBytes(...) | HashWithoutSalt.java:15:13:15:20 | password : String | HashWithoutSalt.java:15:13:15:31 | getBytes(...) | $@ is hashed without a salt. | HashWithoutSalt.java:15:13:15:20 | password | The password |
+| HashWithoutSalt.java:10:36:10:54 | getBytes(...) | HashWithoutSalt.java:10:36:10:43 | password : String | HashWithoutSalt.java:10:36:10:54 | getBytes(...) | $@ is hashed without a salt. | HashWithoutSalt.java:10:36:10:43 | password | The password |
+| HashWithoutSalt.java:17:13:17:31 | getBytes(...) | HashWithoutSalt.java:17:13:17:20 | password : String | HashWithoutSalt.java:17:13:17:31 | getBytes(...) | $@ is hashed without a salt. | HashWithoutSalt.java:17:13:17:20 | password | The password |
diff --git a/java/ql/test/experimental/query-tests/security/CWE-759/HashWithoutSalt.java b/java/ql/test/experimental/query-tests/security/CWE-759/HashWithoutSalt.java
@@ -1,40 +1,61 @@
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
+import java.util.Base64;
 
 public class HashWithoutSalt {
 	// BAD - Hash without a salt.
-	public void getSHA256Hash(String password) throws NoSuchAlgorithmException {
+	public String getSHA256Hash(String password) throws NoSuchAlgorithmException {
 		MessageDigest md = MessageDigest.getInstance("SHA-256");
 		byte[] messageDigest = md.digest(password.getBytes());
+		return Base64.getEncoder().encodeToString(messageDigest);
 	}
 
 	// BAD - Hash without a salt.
-	public void getSHA256Hash2(String password) throws NoSuchAlgorithmException {
+	public String getSHA256Hash2(String password) throws NoSuchAlgorithmException {
 		MessageDigest md = MessageDigest.getInstance("SHA-256");
 		md.update(password.getBytes());
 		byte[] messageDigest = md.digest();
+		return Base64.getEncoder().encodeToString(messageDigest);
 	}
 
 	// GOOD - Hash with a salt.
-	public void getSHA256Hash(String password, byte[] salt) throws NoSuchAlgorithmException {
+	public String getSHA256Hash(String password, byte[] salt) throws NoSuchAlgorithmException {
 		MessageDigest md = MessageDigest.getInstance("SHA-256");
 		md.update(salt);
 		byte[] messageDigest = md.digest(password.getBytes());
+		return Base64.getEncoder().encodeToString(messageDigest);
 	}
 
 	// GOOD - Hash with a salt.
-	public void getSHA256Hash2(String password, byte[] salt) throws NoSuchAlgorithmException {
+	public String getSHA256Hash2(String password, byte[] salt) throws NoSuchAlgorithmException {
 		MessageDigest md = MessageDigest.getInstance("SHA-256");
 		md.update(salt);
 		md.update(password.getBytes());
 		byte[] messageDigest = md.digest();
+		return Base64.getEncoder().encodeToString(messageDigest);
+	}
+
+	// GOOD - Hash with a salt concatenated with the password.
+	public String getSHA256Hash3(String password, byte[] salt) throws NoSuchAlgorithmException {
+		MessageDigest md = MessageDigest.getInstance("SHA-256");
+	
+		byte[] passBytes = password.getBytes();
+		byte[] allBytes = new byte[passBytes.length + salt.length];
+		System.arraycopy(passBytes, 0, allBytes, 0, passBytes.length);
+		System.arraycopy(salt, 0, allBytes, passBytes.length, salt.length);
+		byte[] messageDigest = md.digest(allBytes);	
+	
+		byte[] cipherBytes = new byte[32 + salt.length]; // SHA-256 is 32 bytes long			
+		System.arraycopy(messageDigest, 0, cipherBytes, 0, 32);
+		System.arraycopy(salt, 0, cipherBytes, 32, salt.length);
+		return Base64.getEncoder().encodeToString(cipherBytes);
 	}
 
 	public static byte[] getSalt() throws NoSuchAlgorithmException {
-        SecureRandom sr = SecureRandom.getInstance("SHA1PRNG");
-        byte[] salt = new byte[16];
-        sr.nextBytes(salt);
-        return salt;
-    }	
+		SecureRandom sr = SecureRandom.getInstance("SHA1PRNG");
+		byte[] salt = new byte[16];
+		sr.nextBytes(salt);
+		return salt;
+	}
 }

Original file line number	Diff line number	Diff line change
`@@ -75,6 +75,20 @@ class HashWithoutSaltConfiguration extends TaintTracking::Configuration {`
`75`	`75`	`)`
`76`	`76`	`)`
`77`	`77`	`}`
	`78`	`+`
	`79`	`+ /**`
	`80`	+ * Holds if a password is concatenated with a salt then hashed together through the call `System.arraycopy(password.getBytes(), ...)`. For example,
	`81`	+ * `System.arraycopy(password.getBytes(), 0, allBytes, 0, password.getBytes().length);`
	`82`	+ * `System.arraycopy(salt, 0, allBytes, password.getBytes().length, salt.length);`
	`83`	+ * `byte[] messageDigest = md.digest(allBytes);`
	`84`	`+ */`
	`85`	`+ override predicate isSanitizer(DataFlow::Node node) {`
	`86`	`+ exists(MethodAccess ma \|`
	`87`	`+ ma.getMethod().getDeclaringType().hasQualifiedName("java.lang", "System") and`
	`88`	`+ ma.getMethod().hasName("arraycopy") and`
	`89`	`+ ma.getArgument(0) = node.asExpr()`
	`90`	`+ )`
	`91`	`+ }`
`78`	`92`	`}`
`79`	`93`
`80`	`94`	`from DataFlow::PathNode source, DataFlow::PathNode sink, HashWithoutSaltConfiguration c`