+ Note that special purpose algorithms exist for message authentication (ensuring that a message comes from a particular sender). These algorithms should be used when appropriate, as they address common vulnerabilities of simple hashing schemes in this context. +
+- The following examples show a function for checking whether the hash - of a certificate matches a known value -- to prevent tampering. + The following examples show a function for fetching data from a + URL along with a hash of the data, perhaps to check the data has + not been tampered with. In the first case the MD5 hashing algorithm is used that is known to be vulnerable to collision attacks.
diff --git a/swift/ql/src/queries/Security/CWE-328/WeakSensitiveDataHashingBad.swift b/swift/ql/src/queries/Security/CWE-328/WeakSensitiveDataHashingBad.swift index a39dd47edce..5153c852342 100755 --- a/swift/ql/src/queries/Security/CWE-328/WeakSensitiveDataHashingBad.swift +++ b/swift/ql/src/queries/Security/CWE-328/WeakSensitiveDataHashingBad.swift @@ -1,5 +1,10 @@ -typealias Hasher = Crypto.Insecure.MD5 +func getContentsAndHash(url: URL) -> (Data, String)? { + guard let data = try? Data(contentsOf: url) else { + return nil + } -func checkCertificate(cert: Array[UInt8], hash: Array[UInt8]) -> Bool - return Hasher.hash(data: cert) == hash // BAD -} + let digest = Insecure.MD5.hash(data: data) + let hash = digest.map { String(format: "%02hhx", $0) }.joined() + + return (data, hash) +} \ No newline at end of file diff --git a/swift/ql/src/queries/Security/CWE-328/WeakSensitiveDataHashingGood.swift b/swift/ql/src/queries/Security/CWE-328/WeakSensitiveDataHashingGood.swift index 7345b2ea49c..4b9e0ec6af3 100755 --- a/swift/ql/src/queries/Security/CWE-328/WeakSensitiveDataHashingGood.swift +++ b/swift/ql/src/queries/Security/CWE-328/WeakSensitiveDataHashingGood.swift @@ -1,4 +1,10 @@ -typealias Hasher = Crypto.SHA512 +func getContentsAndHash(url: URL) -> (Data, String)? { + guard let data = try? Data(contentsOf: url) else { + return nil + } -func checkCertificate(cert: Array[UInt8], hash: Array[UInt8]) -> Bool - return Hasher.hash(data: cert) == hash // GOOD + let digest = SHA512.hash(data: data) + let hash = digest.map { String(format: "%02hhx", $0) }.joined() + + return (data, hash) +} \ No newline at end of file From 7006cfd8f865fd232eddbb544cbfe341f2fd5f06 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 29 Aug 2023 23:00:17 +0100 Subject: [PATCH 2/4] Swif: Fix paragraph breaks. --- .../queries/Security/CWE-328/WeakSensitiveDataHashing.qhelp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/swift/ql/src/queries/Security/CWE-328/WeakSensitiveDataHashing.qhelp b/swift/ql/src/queries/Security/CWE-328/WeakSensitiveDataHashing.qhelp index 7e9fe996eeb..0bc3f7493a6 100755 --- a/swift/ql/src/queries/Security/CWE-328/WeakSensitiveDataHashing.qhelp +++ b/swift/ql/src/queries/Security/CWE-328/WeakSensitiveDataHashing.qhelp @@ -62,12 +62,14 @@ The following examples show a function for fetching data from a URL along with a hash of the data, perhaps to check the data has not been tampered with. + +In the first case the MD5 hashing algorithm is used that is known to be vulnerable to collision attacks.
+
Here is the same function using SHA-512, which is a strong cryptographic hashing function.
- Note that special purpose algorithms exist for message authentication (ensuring that a message comes from a particular sender). These algorithms should be used when appropriate, as they address common vulnerabilities of simple hashing schemes in this context. + Note that special purpose algorithms, which are usually used to ensure that a message comes from a particular sender, exist for message authentication. These algorithms should be used when appropriate, as they address common vulnerabilities of simple hashing schemes in this context.
From 125629a7e2f2ed75c1b70c1813cc421a6d0f4c3c Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 29 Aug 2023 23:25:22 +0100 Subject: [PATCH 4/4] Swift: Delete 'usually'. --- .../src/queries/Security/CWE-328/WeakSensitiveDataHashing.qhelp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/swift/ql/src/queries/Security/CWE-328/WeakSensitiveDataHashing.qhelp b/swift/ql/src/queries/Security/CWE-328/WeakSensitiveDataHashing.qhelp index 4badb5b8a4a..cda0a74671c 100755 --- a/swift/ql/src/queries/Security/CWE-328/WeakSensitiveDataHashing.qhelp +++ b/swift/ql/src/queries/Security/CWE-328/WeakSensitiveDataHashing.qhelp @@ -52,7 +52,7 @@- Note that special purpose algorithms, which are usually used to ensure that a message comes from a particular sender, exist for message authentication. These algorithms should be used when appropriate, as they address common vulnerabilities of simple hashing schemes in this context. + Note that special purpose algorithms, which are used to ensure that a message comes from a particular sender, exist for message authentication. These algorithms should be used when appropriate, as they address common vulnerabilities of simple hashing schemes in this context.