From 5fbf17690226d3ba3c632c05df240ed15ce8f961 Mon Sep 17 00:00:00 2001 From: "Pieter De Cremer (Semgrep)" Date: Fri, 26 Jul 2024 08:37:22 +0200 Subject: [PATCH] Update OSS pycryptodome rules (#3437) * update OSS pycryptodome rules * update tests --- .../insecure-cipher-algorithm-blowfish.yaml | 12 ++++++-- .../insecure-cipher-algorithm-des.yaml | 16 ++++++++-- .../insecure-cipher-algorithm-rc2.yaml | 12 ++++++-- .../insecure-cipher-algorithm-rc4.yaml | 10 +++++-- .../security/insecure-hash-algorithm-md2.yaml | 11 +++++-- .../security/insecure-hash-algorithm-md4.yaml | 11 +++++-- .../security/insecure-hash-algorithm-md5.yaml | 11 +++++-- .../security/insufficient-dsa-key-size.yaml | 28 ++++++++++------- .../security/insufficient-rsa-key-size.py | 9 ++++-- .../security/insufficient-rsa-key-size.yaml | 30 +++++++++++-------- 10 files changed, 110 insertions(+), 40 deletions(-) diff --git a/python/pycryptodome/security/insecure-cipher-algorithm-blowfish.yaml b/python/pycryptodome/security/insecure-cipher-algorithm-blowfish.yaml index 15814e5f12..ca469bb89c 100644 --- a/python/pycryptodome/security/insecure-cipher-algorithm-blowfish.yaml +++ b/python/pycryptodome/security/insecure-cipher-algorithm-blowfish.yaml @@ -2,7 +2,9 @@ rules: - id: insecure-cipher-algorithm-blowfish message: >- Detected Blowfish cipher algorithm which is considered insecure. This algorithm - is not cryptographically secure and can be reversed easily. Use AES instead. + is not cryptographically secure and can be reversed easily. + Use secure stream ciphers such as ChaCha20, XChaCha20 and Salsa20, or a block cipher such as AES with a block size of 128 bits. + When using a block cipher, use a modern mode of operation that also provides authentication, such as GCM. metadata: source-rule-url: https://github.com/PyCQA/bandit/blob/d5f8fa0d89d7b11442fc6ec80ca42953974354c8/bandit/blacklists/calls.py#L84 cwe: @@ -13,6 +15,7 @@ rules: bandit-code: B304 references: - https://stackoverflow.com/questions/1135186/whats-wrong-with-xor-encryption + - https://www.pycryptodome.org/src/cipher/cipher category: security technology: - pycryptodome @@ -20,7 +23,12 @@ rules: - vuln likelihood: LOW impact: MEDIUM - confidence: MEDIUM + confidence: HIGH + functional-categories: + - crypto::search::symmetric-algorithm::pycryptodome + - crypto::search::symmetric-algorithm::pycryptodomex + options: + symbolic_propagation: true severity: WARNING languages: - python diff --git a/python/pycryptodome/security/insecure-cipher-algorithm-des.yaml b/python/pycryptodome/security/insecure-cipher-algorithm-des.yaml index 9982592e61..47e5c8c1d3 100644 --- a/python/pycryptodome/security/insecure-cipher-algorithm-des.yaml +++ b/python/pycryptodome/security/insecure-cipher-algorithm-des.yaml @@ -1,8 +1,10 @@ rules: - id: insecure-cipher-algorithm-des message: >- - Detected DES cipher algorithm which is considered insecure. This algorithm - is not cryptographically secure and can be reversed easily. Use AES instead. + Detected DES cipher or Triple DES algorithm which is considered insecure. This algorithm + is not cryptographically secure and can be reversed easily. Use a secure symmetric cipher from the cryptodome package instead. + Use secure stream ciphers such as ChaCha20, XChaCha20 and Salsa20, or a block cipher such as AES with a block size of 128 bits. + When using a block cipher, use a modern mode of operation that also provides authentication, such as GCM. metadata: source-rule-url: https://github.com/PyCQA/bandit/blob/d5f8fa0d89d7b11442fc6ec80ca42953974354c8/bandit/blacklists/calls.py#L84 cwe: @@ -13,6 +15,7 @@ rules: bandit-code: B304 references: - https://cwe.mitre.org/data/definitions/326.html + - https://www.pycryptodome.org/src/cipher/cipher category: security technology: - pycryptodome @@ -20,10 +23,17 @@ rules: - vuln likelihood: LOW impact: MEDIUM - confidence: MEDIUM + confidence: HIGH + functional-categories: + - crypto::search::symmetric-algorithm::pycryptodome + - crypto::search::symmetric-algorithm::pycryptodomex + options: + symbolic_propagation: true severity: WARNING languages: - python pattern-either: - pattern: Cryptodome.Cipher.DES.new(...) - pattern: Crypto.Cipher.DES.new(...) + - pattern: Cryptodome.Cipher.DES3.new(...) + - pattern: Crypto.Cipher.DES3.new(...) diff --git a/python/pycryptodome/security/insecure-cipher-algorithm-rc2.yaml b/python/pycryptodome/security/insecure-cipher-algorithm-rc2.yaml index a8ea8b2e38..1d44b94805 100644 --- a/python/pycryptodome/security/insecure-cipher-algorithm-rc2.yaml +++ b/python/pycryptodome/security/insecure-cipher-algorithm-rc2.yaml @@ -2,7 +2,9 @@ rules: - id: insecure-cipher-algorithm-rc2 message: >- Detected RC2 cipher algorithm which is considered insecure. This algorithm - is not cryptographically secure and can be reversed easily. Use AES instead. + is not cryptographically secure and can be reversed easily. + Use secure stream ciphers such as ChaCha20, XChaCha20 and Salsa20, or a block cipher such as AES with a block size of 128 bits. + When using a block cipher, use a modern mode of operation that also provides authentication, such as GCM. metadata: source-rule-url: https://github.com/PyCQA/bandit/blob/d5f8fa0d89d7b11442fc6ec80ca42953974354c8/bandit/blacklists/calls.py#L84 cwe: @@ -13,6 +15,7 @@ rules: bandit-code: B304 references: - https://cwe.mitre.org/data/definitions/326.html + - https://www.pycryptodome.org/src/cipher/cipher category: security technology: - pycryptodome @@ -20,7 +23,12 @@ rules: - vuln likelihood: LOW impact: MEDIUM - confidence: MEDIUM + confidence: HIGH + functional-categories: + - crypto::search::symmetric-algorithm::pycryptodome + - crypto::search::symmetric-algorithm::pycryptodomex + options: + symbolic_propagation: true severity: WARNING languages: - python diff --git a/python/pycryptodome/security/insecure-cipher-algorithm-rc4.yaml b/python/pycryptodome/security/insecure-cipher-algorithm-rc4.yaml index 9a56f41317..15696a01cf 100644 --- a/python/pycryptodome/security/insecure-cipher-algorithm-rc4.yaml +++ b/python/pycryptodome/security/insecure-cipher-algorithm-rc4.yaml @@ -2,7 +2,9 @@ rules: - id: insecure-cipher-algorithm-rc4 message: >- Detected ARC4 cipher algorithm which is considered insecure. This algorithm - is not cryptographically secure and can be reversed easily. Use AES instead. + is not cryptographically secure and can be reversed easily. + Use secure stream ciphers such as ChaCha20, XChaCha20 and Salsa20, or a block cipher such as AES with a block size of 128 bits. + When using a block cipher, use a modern mode of operation that also provides authentication, such as GCM. metadata: source-rule-url: https://github.com/PyCQA/bandit/blob/d5f8fa0d89d7b11442fc6ec80ca42953974354c8/bandit/blacklists/calls.py#L84 cwe: @@ -13,6 +15,7 @@ rules: bandit-code: B304 references: - https://cwe.mitre.org/data/definitions/326.html + - https://www.pycryptodome.org/src/cipher/cipher category: security technology: - pycryptodome @@ -20,7 +23,10 @@ rules: - vuln likelihood: LOW impact: MEDIUM - confidence: MEDIUM + confidence: HIGH + functional-categories: + - crypto::search::symmetric-algorithm::pycryptodome + - crypto::search::symmetric-algorithm::pycryptodomex severity: WARNING languages: - python diff --git a/python/pycryptodome/security/insecure-hash-algorithm-md2.yaml b/python/pycryptodome/security/insecure-hash-algorithm-md2.yaml index ac75ff069a..1b7ce5e433 100644 --- a/python/pycryptodome/security/insecure-hash-algorithm-md2.yaml +++ b/python/pycryptodome/security/insecure-hash-algorithm-md2.yaml @@ -3,7 +3,8 @@ rules: message: >- Detected MD2 hash algorithm which is considered insecure. MD2 is not collision resistant and is therefore not suitable as a cryptographic - signature. Use SHA256 or SHA3 instead. + signature. + Use a modern hash algorithm from the SHA-2, SHA-3, or BLAKE2 family instead. metadata: source-rule-url: https://github.com/PyCQA/bandit/blob/d5f8fa0d89d7b11442fc6ec80ca42953974354c8/bandit/blacklists/calls.py#L59 cwe: @@ -12,6 +13,7 @@ rules: - A03:2017 - Sensitive Data Exposure - A02:2021 - Cryptographic Failures references: + - https://www.pycryptodome.org/src/hash/hash#modern-hash-algorithms - https://www.schneier.com/blog/archives/2012/10/when_will_we_se.html - https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/sha-1-collision-signals-the-end-of-the-algorithm-s-viability - http://2012.sharcs.org/slides/stevens.pdf @@ -23,7 +25,12 @@ rules: - vuln likelihood: LOW impact: MEDIUM - confidence: MEDIUM + confidence: HIGH + functional-categories: + - crypto::search::hash-algorithm::pycryptodome + - crypto::search::hash-algorithm::pycryptodomex + options: + symbolic_propagation: true severity: WARNING languages: - python diff --git a/python/pycryptodome/security/insecure-hash-algorithm-md4.yaml b/python/pycryptodome/security/insecure-hash-algorithm-md4.yaml index 469e9cb8ee..ac6066ff9f 100644 --- a/python/pycryptodome/security/insecure-hash-algorithm-md4.yaml +++ b/python/pycryptodome/security/insecure-hash-algorithm-md4.yaml @@ -3,7 +3,8 @@ rules: message: >- Detected MD4 hash algorithm which is considered insecure. MD4 is not collision resistant and is therefore not suitable as a cryptographic - signature. Use SHA256 or SHA3 instead. + signature. + Use a modern hash algorithm from the SHA-2, SHA-3, or BLAKE2 family instead. metadata: source-rule-url: https://github.com/PyCQA/bandit/blob/d5f8fa0d89d7b11442fc6ec80ca42953974354c8/bandit/blacklists/calls.py#L59 cwe: @@ -12,6 +13,7 @@ rules: - A03:2017 - Sensitive Data Exposure - A02:2021 - Cryptographic Failures references: + - https://www.pycryptodome.org/src/hash/hash#modern-hash-algorithms - https://www.schneier.com/blog/archives/2012/10/when_will_we_se.html - https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/sha-1-collision-signals-the-end-of-the-algorithm-s-viability - http://2012.sharcs.org/slides/stevens.pdf @@ -23,7 +25,12 @@ rules: - vuln likelihood: LOW impact: MEDIUM - confidence: MEDIUM + confidence: HIGH + functional-categories: + - crypto::search::hash-algorithm::pycryptodome + - crypto::search::hash-algorithm::pycryptodomex + options: + symbolic_propagation: true severity: WARNING languages: - python diff --git a/python/pycryptodome/security/insecure-hash-algorithm-md5.yaml b/python/pycryptodome/security/insecure-hash-algorithm-md5.yaml index 02745cc9f3..b40715f924 100644 --- a/python/pycryptodome/security/insecure-hash-algorithm-md5.yaml +++ b/python/pycryptodome/security/insecure-hash-algorithm-md5.yaml @@ -3,7 +3,8 @@ rules: message: >- Detected MD5 hash algorithm which is considered insecure. MD5 is not collision resistant and is therefore not suitable as a cryptographic - signature. Use SHA256 or SHA3 instead. + signature. + Use a modern hash algorithm from the SHA-2, SHA-3, or BLAKE2 family instead. metadata: source-rule-url: https://github.com/PyCQA/bandit/blob/d5f8fa0d89d7b11442fc6ec80ca42953974354c8/bandit/blacklists/calls.py#L59 cwe: @@ -12,6 +13,7 @@ rules: - A03:2017 - Sensitive Data Exposure - A02:2021 - Cryptographic Failures references: + - https://www.pycryptodome.org/src/hash/hash#modern-hash-algorithms - https://www.schneier.com/blog/archives/2012/10/when_will_we_se.html - https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/sha-1-collision-signals-the-end-of-the-algorithm-s-viability - http://2012.sharcs.org/slides/stevens.pdf @@ -23,7 +25,12 @@ rules: - vuln likelihood: LOW impact: MEDIUM - confidence: MEDIUM + confidence: HIGH + functional-categories: + - crypto::search::hash-algorithm::pycryptodome + - crypto::search::hash-algorithm::pycryptodomex + options: + symbolic_propagation: true severity: WARNING languages: - python diff --git a/python/pycryptodome/security/insufficient-dsa-key-size.yaml b/python/pycryptodome/security/insufficient-dsa-key-size.yaml index e740d1ccaa..5624f80d82 100644 --- a/python/pycryptodome/security/insufficient-dsa-key-size.yaml +++ b/python/pycryptodome/security/insufficient-dsa-key-size.yaml @@ -1,14 +1,5 @@ rules: - id: insufficient-dsa-key-size - patterns: - - pattern-either: - - pattern: Crypto.PublicKey.DSA.generate(..., bits=$SIZE, ...) - - pattern: Crypto.PublicKey.DSA.generate($SIZE, ...) - - pattern: Cryptodome.PublicKey.DSA.generate(..., bits=$SIZE, ...) - - pattern: Cryptodome.PublicKey.DSA.generate($SIZE, ...) - - metavariable-comparison: - metavariable: $SIZE - comparison: $SIZE < 2048 message: >- Detected an insufficient key size for DSA. NIST recommends a key size of 2048 or higher. @@ -20,7 +11,8 @@ rules: - A02:2021 - Cryptographic Failures source-rule-url: https://github.com/PyCQA/bandit/blob/b1411bfb43795d3ffd268bef17a839dee954c2b1/bandit/plugins/weak_cryptographic_key.py references: - - https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57Pt3r1.pdf + - https://www.pycryptodome.org/src/public_key/dsa + - https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf category: security technology: - pycryptodome @@ -28,6 +20,20 @@ rules: - vuln likelihood: LOW impact: MEDIUM - confidence: MEDIUM + confidence: HIGH + functional-categories: + - crypto::search::key-length::pycryptodome + - crypto::search::key-length::pycryptodomex + options: + symbolic_propagation: true languages: [python] severity: WARNING + patterns: + - pattern-either: + - pattern: Crypto.PublicKey.DSA.generate(..., bits=$SIZE, ...) + - pattern: Crypto.PublicKey.DSA.generate($SIZE, ...) + - pattern: Cryptodome.PublicKey.DSA.generate(..., bits=$SIZE, ...) + - pattern: Cryptodome.PublicKey.DSA.generate($SIZE, ...) + - metavariable-comparison: + metavariable: $SIZE + comparison: $SIZE < 2048 diff --git a/python/pycryptodome/security/insufficient-rsa-key-size.py b/python/pycryptodome/security/insufficient-rsa-key-size.py index 63ba35f974..01d2b389c7 100644 --- a/python/pycryptodome/security/insufficient-rsa-key-size.py +++ b/python/pycryptodome/security/insufficient-rsa-key-size.py @@ -4,11 +4,16 @@ from Crypto.PublicKey import RSA as pycrypto_rsa from Cryptodome.PublicKey import RSA as pycryptodomex_rsa -# ok:insufficient-rsa-key-size +# ruleid:insufficient-rsa-key-size pycrypto_rsa.generate(bits=2048) -# ok:insufficient-rsa-key-size +# ruleid:insufficient-rsa-key-size pycryptodomex_rsa.generate(bits=2048) +# ok:insufficient-rsa-key-size +pycrypto_rsa.generate(bits=3072) +# ok:insufficient-rsa-key-size +pycryptodomex_rsa.generate(bits=3072) + # ok:insufficient-rsa-key-size pycrypto_rsa.generate(4096) # ok:insufficient-rsa-key-size diff --git a/python/pycryptodome/security/insufficient-rsa-key-size.yaml b/python/pycryptodome/security/insufficient-rsa-key-size.yaml index a260569a9c..6649825afc 100644 --- a/python/pycryptodome/security/insufficient-rsa-key-size.yaml +++ b/python/pycryptodome/security/insufficient-rsa-key-size.yaml @@ -1,17 +1,8 @@ rules: - id: insufficient-rsa-key-size - patterns: - - pattern-either: - - pattern: Crypto.PublicKey.RSA.generate(..., bits=$SIZE, ...) - - pattern: Crypto.PublicKey.RSA.generate($SIZE, ...) - - pattern: Cryptodome.PublicKey.RSA.generate(..., bits=$SIZE, ...) - - pattern: Cryptodome.PublicKey.RSA.generate($SIZE, ...) - - metavariable-comparison: - metavariable: $SIZE - comparison: $SIZE < 2048 message: >- Detected an insufficient key size for RSA. NIST recommends - a key size of 2048 or higher. + a key size of 3072 or higher. metadata: cwe: - 'CWE-326: Inadequate Encryption Strength' @@ -20,7 +11,8 @@ rules: - A02:2021 - Cryptographic Failures source-rule-url: https://github.com/PyCQA/bandit/blob/b1411bfb43795d3ffd268bef17a839dee954c2b1/bandit/plugins/weak_cryptographic_key.py references: - - https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57Pt3r1.pdf + - https://www.pycryptodome.org/src/public_key/rsa#rsa + - https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf category: security technology: - pycryptodome @@ -28,6 +20,20 @@ rules: - vuln likelihood: LOW impact: MEDIUM - confidence: MEDIUM + confidence: HIGH + functional-categories: + - crypto::search::key-length::pycryptodome + - crypto::search::key-length::pycryptodomex + options: + symbolic_propagation: true languages: [python] severity: WARNING + patterns: + - pattern-either: + - pattern: Crypto.PublicKey.RSA.generate(..., bits=$SIZE, ...) + - pattern: Crypto.PublicKey.RSA.generate($SIZE, ...) + - pattern: Cryptodome.PublicKey.RSA.generate(..., bits=$SIZE, ...) + - pattern: Cryptodome.PublicKey.RSA.generate($SIZE, ...) + - metavariable-comparison: + metavariable: $SIZE + comparison: $SIZE < 3072