Skip to content

Commit

Permalink
Add rule for SHA224 hash in PHP, Java, Go, Python, Ruby (#3542)
Browse files Browse the repository at this point in the history
SHA224 and other hashes with 224 bits are currently on the edge of what is considered a secure hash function. The Australian Cyber Security Center and NIST have indicated that SHA224 is going to be deprecated in the future.

This adds a rule to detect SHA224 and similar hashes. It is distinct from the existing MD5 and SHA1 rules, because those are currently a security problem, and SHA224 is more of a future compliance problem.

Co-authored-by: Claudio <claudio@r2c.dev>
  • Loading branch information
Sjord and p4p3r authored Dec 20, 2024
1 parent a9aea6c commit 1c92567
Show file tree
Hide file tree
Showing 10 changed files with 371 additions and 0 deletions.
43 changes: 43 additions & 0 deletions go/lang/security/audit/crypto/sha224-hash.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
package main

import (
"crypto/sha256"
"golang.org/x/crypto/sha3"
"fmt"
"io"
"log"
"os"
)

func main() {
}

func test_sha224() {
f, err := os.Open("file.txt")
if err != nil {
log.Fatal(err)
}
defer f.Close()
// ruleid: sha224-hash
h := sha256.New224()
if _, err := io.Copy(h, f); err != nil {
log.Fatal(err)
}
// ruleid: sha224-hash
fmt.Printf("%x", sha256.Sum224(nil))
}

func test_sha3_224() {
f, err := os.Open("file.txt")
if err != nil {
log.Fatal(err)
}
defer f.Close()
// ruleid: sha224-hash
h := sha3.New224()
if _, err := io.Copy(h, f); err != nil {
log.Fatal(err)
}
// ruleid: sha224-hash
fmt.Printf("%x", sha3.Sum224(nil))
}
44 changes: 44 additions & 0 deletions go/lang/security/audit/crypto/sha224-hash.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
rules:
- id: sha224-hash
pattern-either:
- patterns:
- pattern-inside: |
import "crypto/sha256"
...
- pattern-either:
- pattern: |
sha256.New224()
- pattern: |
sha256.Sum224(...)
- patterns:
- pattern-inside: |
import "golang.org/x/crypto/sha3"
...
- pattern-either:
- pattern: |
sha3.New224()
- pattern: |
sha3.Sum224(...)
message: >-
This code uses a 224-bit hash function, which is deprecated or disallowed
in some security policies. Consider updating to a stronger hash function such
as SHA-384 or higher to ensure compliance and security.
languages: [go]
severity: WARNING
metadata:
owasp:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures
cwe:
- 'CWE-328: Use of Weak Hash'
category: security
technology:
- go
references:
- https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar3.ipd.pdf
- https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/ism/cyber-security-guidelines/guidelines-cryptography
subcategory:
- vuln
likelihood: LOW
impact: LOW
confidence: HIGH
56 changes: 56 additions & 0 deletions java/lang/security/audit/crypto/use-of-sha224.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
import java.security.MessageDigest;
import org.apache.commons.codec.digest.DigestUtils;
import static org.apache.commons.codec.digest.MessageDigestAlgorithms.SHA_224;

public class Bad {
public byte[] bad1(String password) {
// ruleid: use-of-sha224
MessageDigest sha224Digest = MessageDigest.getInstance("SHA-224");
sha224Digest.update(password.getBytes());
byte[] hashValue = sha224Digest.digest();
return hashValue;
}

public byte[] bad2(String password) {
// ruleid: use-of-sha224
byte[] hashValue = DigestUtils.getSha3_224Digest().digest(password.getBytes());
return hashValue;
}

public void bad3() {
// ruleid: use-of-sha224
java.security.MessageDigest md = java.security.MessageDigest.getInstance("sha224", "SUN");
byte[] input = { (byte) '?' };
Object inputParam = bar;
if (inputParam instanceof String)
input = ((String) inputParam).getBytes();
if (inputParam instanceof java.io.InputStream) {
byte[] strInput = new byte[1000];
int i = ((java.io.InputStream) inputParam).read(strInput);
if (i == -1) {
response.getWriter()
.println(
"This input source requires a POST, not a GET. Incompatible UI for the InputStream source.");
return;
}
input = java.util.Arrays.copyOf(strInput, i);
}
md.update(input);
byte[] result = md.digest();
java.io.File fileTarget = new java.io.File(
new java.io.File(org.owasp.benchmark.helpers.Utils.TESTFILES_DIR),
"passwordFile.txt");
java.io.FileWriter fw = new java.io.FileWriter(fileTarget, true); // the true will append the new data
fw.write(
"hash_value="
+ org.owasp.esapi.ESAPI.encoder().encodeForBase64(result, true)
+ "\n");
fw.close();
}

public byte[] bad4(String password) {
// ruleid: use-of-sha224
byte [] hashValue = new DigestUtils(SHA_224).digest(password.getBytes());
return hashValue;
}
}
47 changes: 47 additions & 0 deletions java/lang/security/audit/crypto/use-of-sha224.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
rules:
- id: use-of-sha224
message: >-
This code uses a 224-bit hash function, which is deprecated or disallowed
in some security policies. Consider updating to a stronger hash function such
as SHA-384 or higher to ensure compliance and security.
languages: [java]
severity: WARNING
metadata:
functional-categories:
- 'crypto::search::hash-algorithm::javax.crypto'
owasp:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures
cwe:
- 'CWE-328: Use of Weak Hash'
asvs:
section: V6 Stored Cryptography Verification Requirements
control_id: 6.2.5 Insecure Algorithm
control_url: https://github.com/OWASP/ASVS/blob/master/4.0/en/0x14-V6-Cryptography.md#v62-algorithms
version: '4'
category: security
technology:
- java
references:
- https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar3.ipd.pdf
- https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/ism/cyber-security-guidelines/guidelines-cryptography
subcategory:
- vuln
likelihood: LOW
impact: LOW
confidence: HIGH
pattern-either:
- pattern: org.apache.commons.codec.digest.DigestUtils.getSha3_224Digest()
- pattern: org.apache.commons.codec.digest.DigestUtils.getSha512_224Digest()
- pattern: org.apache.commons.codec.digest.DigestUtils.sha3_224(...)
- pattern: org.apache.commons.codec.digest.DigestUtils.sha3_224Hex(...)
- pattern: org.apache.commons.codec.digest.DigestUtils.sha512_224(...)
- pattern: org.apache.commons.codec.digest.DigestUtils.sha512_224Hex(...)
- pattern: new org.apache.commons.codec.digest.DigestUtils(org.apache.commons.codec.digest.MessageDigestAlgorithms.SHA_224)
- pattern: new org.apache.commons.codec.digest.DigestUtils(org.apache.commons.codec.digest.MessageDigestAlgorithms.SHA_512_224)
- pattern: new org.apache.commons.codec.digest.DigestUtils(org.apache.commons.codec.digest.MessageDigestAlgorithms.SHA3_224)
- patterns:
- pattern: java.security.MessageDigest.getInstance("$ALGO", ...);
- metavariable-regex:
metavariable: $ALGO
regex: '.*224'
22 changes: 22 additions & 0 deletions php/lang/security/audit/sha224-hash.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
<?php

// ruleid: sha224-hash
var_dump(hash('sha224', 'mypassword'));

// ruleid: sha224-hash
var_dump(hash('sha512/224', 'mypassword'));

// ruleid: sha224-hash
var_dump(hash('sha3-224', 'mypassword'));

// ruleid: sha224-hash
var_dump(hash_hmac('sha224', 'mypassword'));

// ruleid: sha224-hash
var_dump(hash_hmac('sha512/224', 'mypassword'));

// ruleid: sha224-hash
var_dump(hash_hmac('sha3-224', 'mypassword'));

// ok: sha224-hash
var_dump(hash('sha384', 'mypassword'));
32 changes: 32 additions & 0 deletions php/lang/security/audit/sha224-hash.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
rules:
- id: sha224-hash
pattern-either:
- pattern: hash('sha224', ...);
- pattern: hash('sha512/224', ...);
- pattern: hash('sha3-224', ...);
- pattern: hash_hmac('sha224', ...);
- pattern: hash_hmac('sha512/224', ...);
- pattern: hash_hmac('sha3-224', ...);
message: >-
This code uses a 224-bit hash function, which is deprecated or disallowed
in some security policies. Consider updating to a stronger hash function such
as SHA-384 or higher to ensure compliance and security.
metadata:
cwe:
- 'CWE-328: Use of Weak Hash'
references:
- https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar3.ipd.pdf
- https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/ism/cyber-security-guidelines/guidelines-cryptography
category: security
technology:
- php
owasp:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures
subcategory:
- audit
likelihood: LOW
impact: LOW
confidence: HIGH
languages: [php]
severity: WARNING
10 changes: 10 additions & 0 deletions python/lang/security/audit/sha224-hash.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
import hashlib

# ruleid:sha224-hash
hashlib.sha224(b"1")

# ruleid:sha224-hash
hashlib.sha3_224(b"1")

# ok:sha224-hash
hashlib.sha384(b"1")
29 changes: 29 additions & 0 deletions python/lang/security/audit/sha224-hash.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
rules:
- id: sha224-hash
message: >-
This code uses a 224-bit hash function, which is deprecated or disallowed
in some security policies. Consider updating to a stronger hash function such
as SHA-384 or higher to ensure compliance and security.
metadata:
cwe:
- 'CWE-327: Use of a Broken or Risky Cryptographic Algorithm'
owasp:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures
references:
- https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar3.ipd.pdf
- https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/ism/cyber-security-guidelines/guidelines-cryptography
category: security
technology:
- python
subcategory:
- vuln
likelihood: LOW
impact: LOW
confidence: HIGH
severity: WARNING
languages:
- python
pattern-either:
- pattern: hashlib.sha224(...)
- pattern: hashlib.sha3_224(...)
48 changes: 48 additions & 0 deletions ruby/lang/security/audit/sha224-hash.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
require 'digest'
class Bad_sha224
def bad_sha224_code()
# ruleid: sha224-hash
sha = Digest::SHA224.hexdigest 'abc'
# ruleid: sha224-hash
sha = Digest::SHA224.new
# ruleid: sha224-hash
sha = Digest::SHA224.base64digest 'abc'
# ruleid: sha224-hash
sha = Digest::SHA224.digest 'abc'

# ruleid: sha224-hash
digest = OpenSSL::Digest::SHA224.new
# ruleid: sha224-hash
digest = OpenSSL::Digest::SHA224.hexdigest 'abc'
# ruleid: sha224-hash
digest = OpenSSL::Digest::SHA224.new
# ruleid: sha224-hash
digest = OpenSSL::Digest::SHA224.base64digest 'abc'
# ruleid: sha224-hash
digest = OpenSSL::Digest::SHA224.digest 'abc'
# ruleid: sha224-hash
OpenSSL::HMAC.hexdigest("sha224", key, data)
# ok: sha224-hash
OpenSSL::HMAC.hexdigest("SHA256", key, data)
# ok: sha224-hash
digest = OpenSSL::Digest::SHA256.new
# ok: sha224-hash
digest = OpenSSL::Digest::SHA256.hexdigest 'abc'

# ruleid: sha224-hash
digest = OpenSSL::Digest.new('SHA224')

# ruleid: sha224-hash
digest = OpenSSL::Digest.new('SHA512-224')

# ruleid: sha224-hash
digest = OpenSSL::Digest.new('SHA3-224')

# ruleid: sha224-hash
hmac = OpenSSL::HMAC.new(key, 'sha224')

# ruleid: sha224-hash
hmac = OpenSSL::HMAC.new(key, 'SHA224')

end
end
40 changes: 40 additions & 0 deletions ruby/lang/security/audit/sha224-hash.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
rules:
- id: sha224-hash
message: >-
This code uses a 224-bit hash function, which is deprecated or disallowed
in some security policies. Consider updating to a stronger hash function such
as SHA-384 or higher to ensure compliance and security.
metadata:
cwe:
- 'CWE-328: Use of Weak Hash'
references:
- https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar3.ipd.pdf
- https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/ism/cyber-security-guidelines/guidelines-cryptography
category: security
technology:
- ruby
owasp:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures
subcategory:
- vuln
likelihood: LOW
impact: LOW
confidence: HIGH
languages:
- ruby
severity: WARNING
pattern-either:
- pattern: Digest::SHA224.$FUNC
- pattern: OpenSSL::Digest::SHA224.$FUNC
- pattern: SHA3::Digest::SHA224(...)
- patterns:
- pattern-either:
- pattern: OpenSSL::HMAC.hexdigest("$ALGO", ...)
- pattern: OpenSSL::HMAC.digest("$ALGO", ...)
- pattern: OpenSSL::HMAC.new($KEY, "$ALGO")
- pattern: OpenSSL::Digest.digest("$ALGO", ...)
- pattern: OpenSSL::Digest.new("$ALGO", ...)
- metavariable-regex:
metavariable: $ALGO
regex: '.*224'

0 comments on commit 1c92567

Please sign in to comment.