diff --git a/go/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.qhelp b/go/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.qhelp
index 0283e142fba..a65af78c0ae 100644
--- a/go/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.qhelp
+++ b/go/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.qhelp
@@ -28,10 +28,10 @@
- The following code uses the different packages to encrypt/hash
- some secret data. The first few examples uses DES, MD5, RC4, and SHA1,
- which are older algorithms that are now considered weak. The following
- examples use AES and SHA256, which are stronger, more modern algorithms.
+ The following code uses the different packages to encrypt
+ some secret data. The first example uses DES,
+ which is an older algorithm that is now considered weak. The following
+ example uses AES, which is a stronger, more modern algorithm.
diff --git a/go/ql/src/Security/CWE-327/WeakSensitiveDataHashing.qhelp b/go/ql/src/Security/CWE-327/WeakSensitiveDataHashing.qhelp
index 422cbb83514..1fa64e4adaf 100644
--- a/go/ql/src/Security/CWE-327/WeakSensitiveDataHashing.qhelp
+++ b/go/ql/src/Security/CWE-327/WeakSensitiveDataHashing.qhelp
@@ -65,35 +65,28 @@
The following example shows two functions for checking whether the hash
- of a certificate matches a known value -- to prevent tampering.
+ of a secret matches a known value.
- The first function uses MD5 that is known to be vulnerable to collision attacks.
+ The first function uses SHA-1 that is known to be vulnerable to collision attacks.
The second function uses SHA-256 that is a strong cryptographic hashing function.
-
+
The following example shows two functions for hashing passwords.
- The first function uses SHA-256 to hash passwords. Although SHA-256 is a
- strong cryptographic hash function, it is not suitable for password
+ The first example uses SHA-256 to hash passwords. Although
+ SHA-256 is a strong cryptographic hash function, it is not suitable for password
hashing since it is not computationally expensive.
+
+ The second function uses PBKDF2, which is a strong password hashing algorithm.
-
-
-
-
- The second function uses Argon2 (through the argon2
- gem), which is a strong password hashing algorithm (and
- includes a per-password salt by default).
-
-
-
+
diff --git a/go/ql/src/Security/CWE-327/examples/Crypto.go b/go/ql/src/Security/CWE-327/examples/Crypto.go
index bc2b2fdeba4..b3f71f0772b 100644
--- a/go/ql/src/Security/CWE-327/examples/Crypto.go
+++ b/go/ql/src/Security/CWE-327/examples/Crypto.go
@@ -3,51 +3,18 @@ package main
import (
"crypto/aes"
"crypto/des"
- "crypto/md5"
- "crypto/rc4"
- "crypto/sha1"
- "crypto/sha256"
)
-func main() {
- public := []byte("hello")
-
- password := []byte("123456")
- buf := password // testing dataflow by passing into different variable
-
- // BAD, des is a weak crypto algorithm and password is sensitive data
- des.NewTripleDESCipher(buf)
-
- // BAD, md5 is a weak crypto algorithm and password is sensitive data
- md5.Sum(buf)
-
- // BAD, rc4 is a weak crypto algorithm and password is sensitive data
- rc4.NewCipher(buf)
-
- // BAD, sha1 is a weak crypto algorithm and password is sensitive data
- sha1.Sum(buf)
-
- // GOOD, password is sensitive data but aes is a strong crypto algorithm
- aes.NewCipher(buf)
-
- // GOOD, password is sensitive data but sha256 is a strong crypto algorithm
- sha256.Sum256(buf)
-
- // GOOD, des is a weak crypto algorithm but public is not sensitive data
- des.NewTripleDESCipher(public)
-
- // GOOD, md5 is a weak crypto algorithm but public is not sensitive data
- md5.Sum(public)
-
- // GOOD, rc4 is a weak crypto algorithm but public is not sensitive data
- rc4.NewCipher(public)
-
- // GOOD, sha1 is a weak crypto algorithm but public is not sensitive data
- sha1.Sum(public)
-
- // GOOD, aes is a strong crypto algorithm and public is not sensitive data
- aes.NewCipher(public)
-
- // GOOD, sha256 is a strong crypto algorithm and public is not sensitive data
- sha256.Sum256(public)
+func EncryptMessageWeak(key []byte, message []byte) (dst []byte) {
+ // BAD, DES is a weak crypto algorithm
+ block, _ := des.NewCipher(key)
+ block.Encrypt(dst, message)
+ return
+}
+
+func EncryptMessageStrong(key []byte, message []byte) (dst []byte) {
+ // GOOD, AES is a weak crypto algorithm
+ block, _ := aes.NewCipher(key)
+ block.Encrypt(dst, message)
+ return
}
diff --git a/go/ql/src/Security/CWE-327/examples/WeakPasswordHashing.go b/go/ql/src/Security/CWE-327/examples/WeakPasswordHashing.go
new file mode 100644
index 00000000000..671edede7d3
--- /dev/null
+++ b/go/ql/src/Security/CWE-327/examples/WeakPasswordHashing.go
@@ -0,0 +1,21 @@
+package main
+
+import (
+ "crypto/pbkdf2"
+ "crypto/rand"
+ "crypto/sha256"
+ "crypto/sha512"
+)
+
+func GetPasswordHashBad(password string) [32]byte {
+ // BAD, SHA256 is a strong hashing algorithm but it is not computationally expensive
+ return sha256.Sum256([]byte(password))
+}
+
+func GetPasswordHashGood(password string) []byte {
+ // GOOD, PBKDF2 is a strong hashing algorithm and it is computationally expensive
+ salt := make([]byte, 16)
+ rand.Read(salt)
+ key, _ := pbkdf2.Key(sha512.New, password, salt, 4096, 32)
+ return key
+}
diff --git a/go/ql/src/Security/CWE-327/examples/WeakSecretHashing.go b/go/ql/src/Security/CWE-327/examples/WeakSecretHashing.go
new file mode 100644
index 00000000000..fd65b802548
--- /dev/null
+++ b/go/ql/src/Security/CWE-327/examples/WeakSecretHashing.go
@@ -0,0 +1,19 @@
+package main
+
+import (
+ "crypto/sha1"
+ "crypto/sha256"
+ "slices"
+)
+
+func SecretMatchesKnownHashBad(secret []byte, known_hash []byte) bool {
+ // BAD, SHA1 is a weak crypto algorithm and secret is sensitive data
+ h := sha1.New()
+ return slices.Equal(h.Sum(secret), known_hash)
+}
+
+func SecretMatchesKnownHashGood(secret []byte, known_hash []byte) bool {
+ // GOOD, SHA256 is a strong hashing algorithm
+ h := sha256.New()
+ return slices.Equal(h.Sum(secret), known_hash)
+}