Python: Port py/weak-crypto-key to use type-tracking

RasmusWL · RasmusWL · commit 46ad611d5763 · 2021-02-19T15:03:43.000+01:00
instead of points-to.

Looking at query results also made me realize I didn't supply a very good
"origin" for ECC in cryptography package, so I improved that 👍 -- maybe that
sohuld have been split into multiple commits... too late :(
diff --git a/python/change-notes/2021-02-02-port-weak-crypto-key-query.md b/python/change-notes/2021-02-02-port-weak-crypto-key-query.md
@@ -0,0 +1,2 @@
+lgtm,codescanning
+* Ported _Use of weak cryptographic key_ (`py/weak-crypto-key`) query to use new type-tracking approach instead of points-to. This might result in some difference in results being found, but overall this should result in a more robust and accurate analysis.
diff --git a/python/ql/src/Security/CWE-326/WeakCrypto.ql b/python/ql/src/Security/CWE-326/WeakCrypto.ql
@@ -10,72 +10,13 @@
  */
 
 import python
+import semmle.python.Concepts
+import semmle.python.dataflow.new.DataFlow
 
-int minimumSecureKeySize(string algo) {
-  algo = "DSA" and result = 2048
-  or
-  algo = "RSA" and result = 2048
-  or
-  algo = "ECC" and result = 224
-}
-
-predicate dsaRsaKeySizeArg(FunctionValue func, string algorithm, string arg) {
-  exists(ModuleValue mod | func = mod.attr(_) |
-    algorithm = "DSA" and
-    (
-      mod = Module::named("cryptography.hazmat.primitives.asymmetric.dsa") and arg = "key_size"
-      or
-      mod = Module::named("Crypto.PublicKey.DSA") and arg = "bits"
-      or
-      mod = Module::named("Cryptodome.PublicKey.DSA") and arg = "bits"
-    )
-    or
-    algorithm = "RSA" and
-    (
-      mod = Module::named("cryptography.hazmat.primitives.asymmetric.rsa") and arg = "key_size"
-      or
-      mod = Module::named("Crypto.PublicKey.RSA") and arg = "bits"
-      or
-      mod = Module::named("Cryptodome.PublicKey.RSA") and arg = "bits"
-    )
-  )
-}
-
-predicate ecKeySizeArg(FunctionValue func, string arg) {
-  exists(ModuleValue mod | func = mod.attr(_) |
-    mod = Module::named("cryptography.hazmat.primitives.asymmetric.ec") and arg = "curve"
-  )
-}
-
-int keySizeFromCurve(ClassValue curveClass) {
-  result = curveClass.declaredAttribute("key_size").(NumericValue).getIntValue()
-}
-
-predicate algorithmAndKeysizeForCall(
-  CallNode call, string algorithm, int keySize, ControlFlowNode keyOrigin
-) {
-  exists(FunctionValue func, string argname, ControlFlowNode arg |
-    arg = func.getNamedArgumentForCall(call, argname)
-  |
-    exists(NumericValue key |
-      arg.pointsTo(key, keyOrigin) and
-      dsaRsaKeySizeArg(func, algorithm, argname) and
-      keySize = key.getIntValue()
-    )
-    or
-    exists(Value curveClassInstance |
-      algorithm = "ECC" and
-      ecKeySizeArg(func, argname) and
-      arg.pointsTo(_, curveClassInstance, keyOrigin) and
-      keySize = keySizeFromCurve(curveClassInstance.getClass())
-    )
-  )
-}
-
-from CallNode call, string algo, int keySize, ControlFlowNode origin
+from Cryptography::PublicKey::KeyGeneration keyGen, int keySize, DataFlow::Node origin
 where
-  algorithmAndKeysizeForCall(call, algo, keySize, origin) and
-  keySize < minimumSecureKeySize(algo)
-select call,
-  "Creation of an " + algo + " key uses $@ bits, which is below " + minimumSecureKeySize(algo) +
-    " and considered breakable.", origin, keySize.toString()
+  keySize = keyGen.getKeySizeWithOrigin(origin) and
+  keySize < keyGen.minimumSecureKeySize()
+select keyGen,
+  "Creation of an " + keyGen.getName() + " key uses $@ bits, which is below " +
+    keyGen.minimumSecureKeySize() + " and considered breakable.", origin, keySize.toString()
diff --git a/python/ql/src/experimental/Security-old-dataflow/CWE-326/WeakCrypto.ql b/python/ql/src/experimental/Security-old-dataflow/CWE-326/WeakCrypto.ql
@@ -0,0 +1,81 @@
+/**
+ * @name Use of weak cryptographic key
+ * @description Use of a cryptographic key that is too small may allow the encryption to be broken.
+ * @kind problem
+ * @problem.severity error
+ * @precision high
+ * @id py/weak-crypto-key
+ * @tags security
+ *       external/cwe/cwe-326
+ */
+
+import python
+
+int minimumSecureKeySize(string algo) {
+  algo = "DSA" and result = 2048
+  or
+  algo = "RSA" and result = 2048
+  or
+  algo = "ECC" and result = 224
+}
+
+predicate dsaRsaKeySizeArg(FunctionValue func, string algorithm, string arg) {
+  exists(ModuleValue mod | func = mod.attr(_) |
+    algorithm = "DSA" and
+    (
+      mod = Module::named("cryptography.hazmat.primitives.asymmetric.dsa") and arg = "key_size"
+      or
+      mod = Module::named("Crypto.PublicKey.DSA") and arg = "bits"
+      or
+      mod = Module::named("Cryptodome.PublicKey.DSA") and arg = "bits"
+    )
+    or
+    algorithm = "RSA" and
+    (
+      mod = Module::named("cryptography.hazmat.primitives.asymmetric.rsa") and arg = "key_size"
+      or
+      mod = Module::named("Crypto.PublicKey.RSA") and arg = "bits"
+      or
+      mod = Module::named("Cryptodome.PublicKey.RSA") and arg = "bits"
+    )
+  )
+}
+
+predicate ecKeySizeArg(FunctionValue func, string arg) {
+  exists(ModuleValue mod | func = mod.attr(_) |
+    mod = Module::named("cryptography.hazmat.primitives.asymmetric.ec") and arg = "curve"
+  )
+}
+
+int keySizeFromCurve(ClassValue curveClass) {
+  result = curveClass.declaredAttribute("key_size").(NumericValue).getIntValue()
+}
+
+predicate algorithmAndKeysizeForCall(
+  CallNode call, string algorithm, int keySize, ControlFlowNode keyOrigin
+) {
+  exists(FunctionValue func, string argname, ControlFlowNode arg |
+    arg = func.getNamedArgumentForCall(call, argname)
+  |
+    exists(NumericValue key |
+      arg.pointsTo(key, keyOrigin) and
+      dsaRsaKeySizeArg(func, algorithm, argname) and
+      keySize = key.getIntValue()
+    )
+    or
+    exists(Value curveClassInstance |
+      algorithm = "ECC" and
+      ecKeySizeArg(func, argname) and
+      arg.pointsTo(_, curveClassInstance, keyOrigin) and
+      keySize = keySizeFromCurve(curveClassInstance.getClass())
+    )
+  )
+}
+
+from CallNode call, string algo, int keySize, ControlFlowNode origin
+where
+  algorithmAndKeysizeForCall(call, algo, keySize, origin) and
+  keySize < minimumSecureKeySize(algo)
+select call,
+  "Creation of an " + algo + " key uses $@ bits, which is below " + minimumSecureKeySize(algo) +
+    " and considered breakable.", origin, keySize.toString()
diff --git a/python/ql/src/semmle/python/frameworks/Cryptography.qll b/python/ql/src/semmle/python/frameworks/Cryptography.qll
@@ -423,22 +423,23 @@ private module CryptographyModel {
               result = ec_attr("BrainpoolP512R1") and keySize = 512
             }
 
-            /** Gets a predefined curve class instance with a specific key size (in bits). */
+            /** Gets a reference to a predefined curve class instance with a specific key size (in bits), as well as the origin of the class. */
             private DataFlow::Node curveClassInstanceWithKeySize(
-              DataFlow::TypeTracker t, int keySize
+              DataFlow::TypeTracker t, int keySize, DataFlow::Node origin
             ) {
               t.start() and
               result.asCfgNode().(CallNode).getFunction() =
-                curveClassWithKeySize(keySize).asCfgNode()
+                curveClassWithKeySize(keySize).asCfgNode() and
+              origin = result
               or
               exists(DataFlow::TypeTracker t2 |
-                result = curveClassInstanceWithKeySize(t2, keySize).track(t2, t)
+                result = curveClassInstanceWithKeySize(t2, keySize, origin).track(t2, t)
               )
             }
 
-            /** Gets a predefined curve class instance with a specific key size (in bits). */
-            DataFlow::Node curveClassInstanceWithKeySize(int keySize) {
-              result = curveClassInstanceWithKeySize(DataFlow::TypeTracker::end(), keySize)
+            /** Gets a reference to a predefined curve class instance with a specific key size (in bits), as well as the origin of the class. */
+            DataFlow::Node curveClassInstanceWithKeySize(int keySize, DataFlow::Node origin) {
+              result = curveClassInstanceWithKeySize(DataFlow::TypeTracker::end(), keySize, origin)
             }
           }
         }
@@ -505,9 +506,9 @@ private module CryptographyModel {
     }
 
     override int getKeySizeWithOrigin(DataFlow::Node origin) {
-      origin = this.getCurveArg() and
-      origin =
-        cryptography::hazmat::primitives::asymmetric::ec::curveClassInstanceWithKeySize(result)
+      this.getCurveArg() =
+        cryptography::hazmat::primitives::asymmetric::ec::curveClassInstanceWithKeySize(result,
+          origin)
     }
 
     // Note: There is not really a key-size argument, since it's always specified by the curve.
diff --git a/python/ql/test/query-tests/Security/CWE-326/options b/python/ql/test/query-tests/Security/CWE-326/options

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+lgtm,codescanning`
	`2`	+* Ported _Use of weak cryptographic key_ (`py/weak-crypto-key`) query to use new type-tracking approach instead of points-to. This might result in some difference in results being found, but overall this should result in a more robust and accurate analysis.
Original file line number	Diff line number	Diff line change
`@@ -423,22 +423,23 @@ private module CryptographyModel {`
`423`	`423`	`result = ec_attr("BrainpoolP512R1") and keySize = 512`
`424`	`424`	`}`
`425`	`425`
`426`		`- /** Gets a predefined curve class instance with a specific key size (in bits). */`
	`426`	`+ /** Gets a reference to a predefined curve class instance with a specific key size (in bits), as well as the origin of the class. */`
`427`	`427`	`private DataFlow::Node curveClassInstanceWithKeySize(`
`428`		`- DataFlow::TypeTracker t, int keySize`
	`428`	`+ DataFlow::TypeTracker t, int keySize, DataFlow::Node origin`
`429`	`429`	`) {`
`430`	`430`	`t.start() and`
`431`	`431`	`result.asCfgNode().(CallNode).getFunction() =`
`432`		`- curveClassWithKeySize(keySize).asCfgNode()`
	`432`	`+ curveClassWithKeySize(keySize).asCfgNode() and`
	`433`	`+ origin = result`
`433`	`434`	`or`
`434`	`435`	`exists(DataFlow::TypeTracker t2 \|`
`435`		`- result = curveClassInstanceWithKeySize(t2, keySize).track(t2, t)`
	`436`	`+ result = curveClassInstanceWithKeySize(t2, keySize, origin).track(t2, t)`
`436`	`437`	`)`
`437`	`438`	`}`
`438`	`439`
`439`		`- /** Gets a predefined curve class instance with a specific key size (in bits). */`
`440`		`- DataFlow::Node curveClassInstanceWithKeySize(int keySize) {`
`441`		`- result = curveClassInstanceWithKeySize(DataFlow::TypeTracker::end(), keySize)`
	`440`	`+ /** Gets a reference to a predefined curve class instance with a specific key size (in bits), as well as the origin of the class. */`
	`441`	`+ DataFlow::Node curveClassInstanceWithKeySize(int keySize, DataFlow::Node origin) {`
	`442`	`+ result = curveClassInstanceWithKeySize(DataFlow::TypeTracker::end(), keySize, origin)`
`442`	`443`	`}`
`443`	`444`	`}`
`444`	`445`	`}`
`@@ -505,9 +506,9 @@ private module CryptographyModel {`
`505`	`506`	`}`
`506`	`507`
`507`	`508`	`override int getKeySizeWithOrigin(DataFlow::Node origin) {`
`508`		`- origin = this.getCurveArg() and`
`509`		`- origin =`
`510`		`- cryptography::hazmat::primitives::asymmetric::ec::curveClassInstanceWithKeySize(result)`
	`509`	`+ this.getCurveArg() =`
	`510`	`+ cryptography::hazmat::primitives::asymmetric::ec::curveClassInstanceWithKeySize(result,`
	`511`	`+ origin)`
`511`	`512`	`}`
`512`	`513`
`513`	`514`	`// Note: There is not really a key-size argument, since it's always specified by the curve.`