initial draft of the Swift query for CWE-916

karimhamdanali · karimhamdanali · commit c4b2519e6ca6 · 2022-10-25T13:24:37.000+02:00
diff --git a/swift/ql/src/queries/Security/CWE-916/InsufficientHashIterations.qhelp b/swift/ql/src/queries/Security/CWE-916/InsufficientHashIterations.qhelp
@@ -0,0 +1,17 @@
+<!DOCTYPE qhelp PUBLIC
+  "-//Semmle//qhelp//EN"
+  "qhelp.dtd">
+<qhelp>
+  <overview>
+    <p>Using hash functions with less than 1,000 iterations is not secure. That scheme is vulnerable to password cracking attacks due to having an insufficient level of computational effort.</p>
+  </overview>
+
+  <recommendation>
+    <p>Use sufficient number of iterations (i.e., greater than or equal 1000) for generating password-based keys.</p>
+  </recommendation>
+
+  <example>
+    <p>The following example shows a few cases of instantiating a password-based key. In the 'BAD' cases, the key is initialized with insufficient iterations, making it susceptible to password cracking attacks. In the 'GOOD' cases, the key is initialized with at least 1000 iterations, which protects the encrypted data against recovery.</p>
+    <sample src="InsufficientHashIterations.swift" />
+  </example>
+</qhelp>
diff --git a/swift/ql/src/queries/Security/CWE-916/InsufficientHashIterations.ql b/swift/ql/src/queries/Security/CWE-916/InsufficientHashIterations.ql
@@ -0,0 +1,76 @@
+/**
+ * @name Insufficient hash iterations
+ * @description Using hash functions with < 1000 iterations is not secure, because that scheme leads to password cracking attacks due to having an insufficient level of computational effort.
+ * @kind path-problem
+ * @problem.severity error
+ * @security-severity 7.8
+ * @precision high
+ * @id swift/insufficient-hash-iterations
+ * @tags security
+ *       external/cwe/cwe-916
+ */
+
+import swift
+import codeql.swift.dataflow.DataFlow
+import codeql.swift.dataflow.TaintTracking
+import DataFlow::PathGraph
+
+/**
+ * An `Expr` that is used to initialize a password-based encryption key.
+ */
+abstract class IterationsSource extends Expr { }
+
+/**
+ * A literal integer that is 1000 or less is a source of taint for iterations.
+ */
+class IntLiteralSource extends IterationsSource instanceof IntegerLiteralExpr {
+  IntLiteralSource() { this.getStringValue().toInt() >= 1000 }
+}
+
+/**
+ * A class for all ways to set the iterations of hash function.
+ */
+class InsufficientHashIterationsSink extends Expr {
+  InsufficientHashIterationsSink() {
+    // `iterations` arg in `init` is a sink
+    exists(ClassOrStructDecl c, AbstractFunctionDecl f, CallExpr call |
+      c.getFullName() = "PKCS5.PBKDF1" and
+      c.getAMember() = f and
+      f.getName().matches("init(%iterations:%") and
+      call.getStaticTarget() = f and
+      call.getArgument(2).getExpr() = this
+    )
+    or
+    exists(ClassOrStructDecl c, AbstractFunctionDecl f, CallExpr call |
+      c.getFullName() = "PKCS5.PBKDF2" and
+      c.getAMember() = f and
+      f.getName().matches("init(%iterations:%") and
+      call.getStaticTarget() = f and
+      call.getArgument(3).getExpr() = this
+    )
+  }
+}
+
+/**
+ * A dataflow configuration from the hash iterations source to expressions that use
+ * it to initialize hash functions.
+ */
+class InsufficientHashIterationsConfig extends TaintTracking::Configuration {
+  InsufficientHashIterationsConfig() { this = "InsufficientHashIterationsConfig" }
+
+  override predicate isSource(DataFlow::Node node) { node.asExpr() instanceof IterationsSource }
+
+  override predicate isSink(DataFlow::Node node) {
+    node.asExpr() instanceof InsufficientHashIterationsSink
+  }
+}
+
+// The query itself
+from
+  InsufficientHashIterationsConfig config, DataFlow::PathNode sourceNode,
+  DataFlow::PathNode sinkNode
+where config.hasFlowPath(sourceNode, sinkNode)
+select sinkNode.getNode(), sourceNode, sinkNode,
+  "The hash function '" + sinkNode.getNode().toString() +
+    "' has been initialized with an insufficient number of iterations from $@.", sourceNode,
+  sourceNode.getNode().toString()
diff --git a/swift/ql/src/queries/Security/CWE-916/InsufficientHashIterations.swift b/swift/ql/src/queries/Security/CWE-916/InsufficientHashIterations.swift
@@ -0,0 +1,14 @@
+
+func encrypt() {
+	// ...
+
+	// BAD: Using insufficient (i.e., < 1000) hash iterations keys for encryption
+	_ = try PKCS5.PBKDF1(password: getRandomArray(), salt: getRandomArray(), iterations: 900, keyLength: 0)
+	_ = try PKCS5.PBKDF2(password: getRandomArray(), salt: getRandomArray(), iterations: 900, keyLength: 0)
+
+	// GOOD: Using sufficient (i.e., >= 1000) hash iterations keys for encryption
+	_ = try PKCS5.PBKDF1(password: getRandomArray(), salt: getRandomArray(), iterations: 1100, keyLength: 0)
+	_ = try PKCS5.PBKDF2(password: getRandomArray(), salt: getRandomArray(), iterations: 1100, keyLength: 0)
+
+	// ...
+}
diff --git a/swift/ql/test/query-tests/Security/CWE-916/InsufficientHashIterations.expected b/swift/ql/test/query-tests/Security/CWE-916/InsufficientHashIterations.expected
diff --git a/swift/ql/test/query-tests/Security/CWE-916/InsufficientHashIterations.qlref b/swift/ql/test/query-tests/Security/CWE-916/InsufficientHashIterations.qlref
@@ -0,0 +1 @@
+queries/Security/CWE-916/InsufficientHashIterations.ql
diff --git a/swift/ql/test/query-tests/Security/CWE-916/test.swift b/swift/ql/test/query-tests/Security/CWE-916/test.swift
@@ -0,0 +1,48 @@
+
+// --- stubs ---
+
+// These stubs roughly follows the same structure as classes from CryptoSwift
+enum PKCS5 { }
+
+enum Variant { case md5, sha1, sha2, sha3 }
+
+extension PKCS5 {
+  struct PBKDF1 {
+	init(password: Array<UInt8>, salt: Array<UInt8>, variant: Variant = .sha1, iterations: Int = 4096, keyLength: Int? = nil) { }
+  }
+
+  struct PBKDF2 {
+	init(password: Array<UInt8>, salt: Array<UInt8>, iterations: Int = 4096, keyLength: Int? = nil, variant: Variant = .sha2) { }
+  }
+}
+
+// Helper functions
+func getLowIterationCount() -> Int { return 999 }
+
+func getEnoughIterationCount() -> Int { return 1000 }
+
+func getRandomArray() -> Array<UInt8> {
+	(0..<10).map({ _ in UInt8.random(in: 0...UInt8.max) })
+}
+
+// --- tests ---
+
+func test() {
+	let randomArray = getRandomArray()
+	let variant = Variant.sha2
+	let lowIterations = getLowIterationCount()
+	let enoughIterations = getEnoughIterationCount() 
+	
+	// PBKDF1 test cases
+	let pbkdf1b1 = PKCS5.PBKDF1(password: randomArray, salt: randomArray, iterations: lowIterations, keyLength: 0) // BAD
+	let pbkdf1b2 = PKCS5.PBKDF1(password: randomArray, salt: randomArray, iterations: 800, keyLength: 0) // BAD
+	let pbkdf1g1 = PKCS5.PBKDF1(password: randomArray, salt: randomArray, iterations: enoughIterations, keyLength: 0) // GOOD
+	let pbkdf1g2 = PKCS5.PBKDF1(password: randomArray, salt: randomArray, iterations: 1200, keyLength: 0) // GOOD
+
+
+	// PBKDF2 test cases
+	let pbkdf2b1 = try PKCS5.PBKDF2(password: randomArray, salt: randomArray, iterations: lowIterations, keyLength: 0) // BAD
+	let pbkdf2b2 = try PKCS5.PBKDF2(password: randomArray, salt: randomArray, iterations: 800, keyLength: 0) // BAD
+	let pbkdf2g1 = PKCS5.PBKDF1(password: randomArray, salt: randomArray, iterations: enoughIterations, keyLength: 0) // GOOD
+	let pbkdf2g2 = PKCS5.PBKDF1(password: randomArray, salt: randomArray, iterations: 1200, keyLength: 0) // GOOD
+}

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+queries/Security/CWE-916/InsufficientHashIterations.ql`