Ruby: rb/weak-sensitive-data-hashing qhelp

2026-04-25 08:45:14 +02:00 · 2024-06-17 15:29:53 +01:00
parent d4203d9286
commit f017821062
4 changed files with 129 additions and 0 deletions
--- a/ruby/ql/src/queries/security/cwe-327/WeakSensitiveDataHashing.qhelp
+++ b/ruby/ql/src/queries/security/cwe-327/WeakSensitiveDataHashing.qhelp
@@ -0,0 +1,104 @@
+<!DOCTYPE qhelp PUBLIC
+"-//Semmle//qhelp//EN"
+"qhelp.dtd">
+<qhelp>
+     <overview>
+          <p>
+               Using a broken or weak cryptographic hash function can leave data
+               vulnerable, and should not be used in security related code.
+          </p>
+
+          <p>
+               A strong cryptographic hash function should be resistant to:
+          </p>
+          <ul>
+               <li>
+                    pre-image attacks: if you know a hash value <code>h(x)</code>,
+                    you should not be able to easily find the input <code>x</code>.
+               </li>
+               <li>
+                    collision attacks: if you know a hash value <code>h(x)</code>,
+                    you should not be able to easily find a different input <code>y</code>
+                    with the same hash value <code>h(x) = h(y)</code>.
+               </li>
+          </ul>
+          <p>
+               In cases with a limited input space, such as for passwords, the hash
+               function also needs to be computationally expensive to be resistant to
+               brute-force attacks. Passwords should also have an unique salt applied
+               before hashing, but that is not considered by this query.
+          </p>
+
+          <p>
+               As an example, both MD5 and SHA-1 are known to be vulnerable to collision attacks.
+          </p>
+
+          <p>
+               Since it's OK to use a weak cryptographic hash function in a non-security
+               context, this query only alerts when these are used to hash sensitive
+               data (such as passwords, certificates, usernames).
+          </p>
+
+          <p>
+               Use of broken or weak cryptographic algorithms that are not hashing algorithms, is
+               handled by the <code>rb/weak-cryptographic-algorithm</code> query.
+          </p>
+
+     </overview>
+     <recommendation>
+
+          <p>
+               Ensure that you use a strong, modern cryptographic hash function:
+          </p>
+
+          <ul>
+               <li>
+                    such as Argon2, scrypt, bcrypt, or PBKDF2 for passwords and other data with limited input space.
+               </li>
+               <li>
+                    such as SHA-2, or SHA-3 in other cases.
+               </li>
+          </ul>
+
+     </recommendation>
+     <example>
+
+          <p>
+               The following example shows two functions for checking whether the hash
+               of a certificate matches a known value -- to prevent tampering.
+
+               The first function uses MD5 that is known to be vulnerable to collision attacks.
+
+               The second function uses SHA-256 that is a strong cryptographic hashing function.
+          </p>
+
+          <sample src="examples/weak_certificate_hashing.rb" />
+
+     </example>
+     <example>
+          <p>
+               The following example shows two functions for hashing passwords.
+
+               The first function uses SHA-256 to hash passwords. Although SHA-256 is a
+               strong cryptographic hash function, it is not suitable for password
+               hashing since it is not computationally expensive.
+          </p>
+
+          <sample src="examples/weak_password_hashing_bad.rb" />
+
+
+          <p>
+               The second function uses Argon2 (through the <code>argon2</code>
+               gem), which is a strong password hashing algorithm (and
+               includes a per-password salt by default).
+          </p>
+
+          <sample src="examples/weak_password_hashing_good.rb" />
+
+     </example>
+
+     <references>
+          <li>OWASP: <a href="https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html">Password Storage Cheat Sheet</a></li>
+     </references>
+
+</qhelp>
--- a/ruby/ql/src/queries/security/cwe-327/examples/weak_certificate_hashing.rb
+++ b/ruby/ql/src/queries/security/cwe-327/examples/weak_certificate_hashing.rb
@@ -0,0 +1,11 @@
+require 'openssl'
+
+def certificate_matches_known_hash_bad(certificate, known_hash)
+  hash = OpenSSL::Digest.new('SHA1').digest certificate
+  hash == known_hash
+end
+
+def certificate_matches_known_hash_good(certificate, known_hash)
+  hash = OpenSSL::Digest.new('SHA256').digest certificate
+  hash == known_hash
+end
--- a/ruby/ql/src/queries/security/cwe-327/examples/weak_password_hashing_bad.rb
+++ b/ruby/ql/src/queries/security/cwe-327/examples/weak_password_hashing_bad.rb
@@ -0,0 +1,5 @@
+require 'openssl'
+
+def get_password_hash(password, salt)
+  OpenSSL::Digest.new('SHA256').digest(password + salt) # BAD
+end
--- a/ruby/ql/src/queries/security/cwe-327/examples/weak_password_hashing_good.rb
+++ b/ruby/ql/src/queries/security/cwe-327/examples/weak_password_hashing_good.rb
@@ -0,0 +1,9 @@
+require 'argon2'
+
+def get_initial_hash(password)
+  Argon2::Password.create(password)
+end
+
+def check_password(password, known_hash)
+  Argon2::Password.verify_password(password, known_hash)
+end