Skip to content
This repository was archived by the owner on Jan 5, 2023. It is now read-only.

Insufficient Randomness#286

Closed
dilanbhalla wants to merge 5 commits intogithub:mainfrom
dilanbhalla:gorand
Closed

Insufficient Randomness#286
dilanbhalla wants to merge 5 commits intogithub:mainfrom
dilanbhalla:gorand

Conversation

@dilanbhalla
Copy link
Copy Markdown

Query to detect use of insufficient randomness generated for keys in cryptographic algorithms. So far, a common case of this, using math/rand, is the detected (via dataflow from this here to function names that generally take in cryptographic keys). However, as seen in the insecure randomness queries for other languages, this can be drastically expanded upon through detection of various secure/insecure random sources and cryptographic sinks. Let me know if this could be of use, or if there are any modifications I can make!

Comment thread ql/src/experimental/CWE-327/InsecureRandomnessCustomizations.qll Outdated
Comment thread ql/src/experimental/CWE-327/InsecureRandomnessCustomizations.qll Outdated
Comment thread ql/test/experimental/CWE-327/Crypto.go
@dilanbhalla dilanbhalla requested a review from smowton August 14, 2020 08:24
Comment thread ql/src/experimental/CWE-327/InsecureRandomness.ql Outdated
Comment on lines +29 to +31
class NonRandomSource extends Source {
NonRandomSource() {
exists(CallExpr call |
this.asExpr() = call and
call.getTarget().getPackage().getPath() = "math/rand"
)
}
}
Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
class NonRandomSource extends Source {
NonRandomSource() {
exists(CallExpr call |
this.asExpr() = call and
call.getTarget().getPackage().getPath() = "math/rand"
)
}
}
class NonRandomSource extends Source, DataFlow::CallNode {
NonRandomSource() {
this.getTarget().getPackage().getPath() = "math/rand"
}
}

This is a fairly imprecise model. In particular, it assumes that the insufficiently random output is always the result of the function. That is, however, not true for, e.g., Read, which stores its output in the first parameter. FunctionOutput can be used to model that sort of thing.

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @max-schaefer, this is a good point. In that example though, I don't see how it would be any different if Read was used to store a random number in a parameter, and the parameter was later used as a key. This is the only case in which the query would detect this, since it looks for dataflow. However I completely understand your concern about this query in general, and I am not a big fan of it either in its current state. I think insufficient randomness for cryptographic keys is an important issue to tackle though (and is done in other languages), so if you have any advice/ideas regarding how it should be implemented I'd love to hear!

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Apologies, my explanation above was perhaps overly brief. Your current model says that the result of any function in math/rand is a source, from which we then try to find a path to a sink.

The point I was trying to make above is that this is wrong for Read: a path from the result of Read to a sink is uninteresting, since the result of Read doesn't contain the cryptographically problematic data. On the other hand, by restricting ourselves to results we may miss potentially interesting flows from a buffer passed to Read (which after the call does contain the problematic data) to a sink.

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see @max-schaefer, that completely makes sense. For now I am making fixes for the comments/conflicts in this commit. I will continue to brainstorm ways to tackle this in more detail. I also think it would be very interesting as @smowton mentioned to see what the query discovers experimentally to help discover false positives/negatives.

On that note actually, I am noticing that this PR says this branch has conflicting files (that appear to be files from my other PR) in it, which is very confusing to me. I believe I might have had these files in this branch at some point in the past to help me use similar crypto/dataflow concepts for Go, but they have long since been removed and I am not sure how to fix this (and the "Resolve Conflicts" button next to this conflict is greyed out for me). Do you know what's happening by any chance?

Thanks for all of your help!

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So many git errors :( I am also getting just a merge conflict now with my latest commit to fix things on this thread, and can't even force push it. This may have to do with the conflicting files error I mentioned above, but I'm not sure.

Comment thread ql/src/experimental/CWE-327/InsecureRandomnessCustomizations.qll Outdated
Copy link
Copy Markdown
Contributor

@smowton smowton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks much better -- @max-schaefer are you happy to go with the quite-broad definitions (anything in math/rand -> anything in cypto/*) for now and perhaps tighten up during promotion from experimental status?

Comment thread ql/src/experimental/CWE-327/InsecureRandomnessCustomizations.qll Outdated
@max-schaefer
Copy link
Copy Markdown
Contributor

Yes, I agree this is fine for an experimental query, so once the conflicts are resolved I think we can merge this.

@max-schaefer
Copy link
Copy Markdown
Contributor

Try rebasing your branch onto latest main and force-pushing, that should hopefully fix the conflicts.

@dilanbhalla
Copy link
Copy Markdown
Author

After a bunch of git manipulation it looks like its merging smoothly now. Tests are still running but so far looking good 👍

@smowton
Copy link
Copy Markdown
Contributor

smowton commented Aug 17, 2020

Made some trivial fixes as #289, intending to merge than when tests pass

@smowton
Copy link
Copy Markdown
Contributor

smowton commented Aug 17, 2020

Merged via #289

@smowton smowton closed this Aug 17, 2020
@smowton
Copy link
Copy Markdown
Contributor

smowton commented Aug 17, 2020

@dilanbhalla thanks for your contribution!

@dilanbhalla
Copy link
Copy Markdown
Author

@smowton no problem!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants