Add RSA without OEAP query and qhelp

2025-12-24 04:36:35 +01:00 · 2022-08-05 12:55:28 +01:00
parent 44e1ecdf94
commit 41bdd6d4cc
4 changed files with 66 additions and 0 deletions
--- a/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.java
+++ b/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.java
@@ -0,0 +1,7 @@
+// BAD: No padding scheme is used
+Cipher rsa = Cipher.getInstance("RSA/ECB/NoPadding")
+...
+
+//GOOD: OAEP padding is used
+Cipher rsa = Cipher.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding")
+...
--- a/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.qhelp
+++ b/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.qhelp
@@ -0,0 +1,27 @@
+<!DOCTYPE qhelp PUBLIC "-//Semmle//qhelp//EN" "qhelp.dtd">
+<qhelp>
+
+  <overview>
+    <p>Cryptographic algorithms often use padding schemes to make the plaintext less predictable. The OAEP scheme (Optimal Asymmetric Encryption Padding) should used with RSA encryption.
+    Using no padding or an outdated padding scheme such as PKCS1 can weaken the encryption by making it vulnerable to a padding oracle attack.
+    </p>
+  </overview>
+
+  <recommendation>
+    <p>Use the OAEP scheme when using RSA encryption.</p>
+  </recommendation>
+
+  <example>
+    <p>In the following example, the BAD case shows no padding being used, whereas the GOOD case shows an OAEP scheme being used.</p>
+    <sample src="RsaWithoutOaep.java" />
+  </example>
+
+  <references>
+    <li>
+      <a href="https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#padding-oracle-attacks-due-to-weaker-padding-or-block-operation-implementations">Mobile Security Testing Guide</a>.
+    </li>
+    <li>
+      <a href="https://robertheaton.com/2013/07/29/padding-oracle-attack/">The Padding Oracle Attack</a>.
+    </li>
+  </references>
+</qhelp>
--- a/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql
+++ b/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql
@@ -0,0 +1,17 @@
+/**
+ * @name Use of RSA algorithm without OAEP
+ * @description Using RSA encryption without OAEP padding can lead to a padding oracle attack, weakening the encryption.
+ * @kind problem
+ * @problem.severity warning
+ * @precision high
+ * @id java/rsa-without-oaep
+ * @tags security
+ *       external/cwe/cwe-780
+ */
+
+import java
+import semmle.code.java.security.RsaWithoutOaepQuery
+
+from MethodAccess ma
+where rsaWithoutOaepCall(ma)
+select ma, "This instance of RSA does not use OAEP padding."