Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Misuses caught in analysis where a map is used for storing values #165

Open
enriozuni opened this issue Jun 13, 2019 · 1 comment
Open

Misuses caught in analysis where a map is used for storing values #165

enriozuni opened this issue Jun 13, 2019 · 1 comment
Assignees
@smeyer198
Labels
false negative

Comments

@enriozuni
Copy link
Contributor

In various CryptoGuard projects in issue #134 that were headless tested, misuses were not caught in the following scenario from the analysis. The cases include a particular scenario where a value is stored in a map and is later used as parameter in objects from JCA. I have listed below the projects and the objects from the JCA that were present in these cases.

CryptoGuard projects and their respective cases

Below are cases that were headless tested. They are grouped according to their project name in CryptoGuard and the JCA object involved.

package example.pbeiteration;

import javax.crypto.spec.PBEParameterSpec;
import java.security.SecureRandom;
import java.util.HashMap;
import java.util.Map;

public class LessThan1000IterationPBEABHCase1 {
    public static void main(){
        LessThan1000IterationPBEABHCase1 lt = new LessThan1000IterationPBEABHCase1();
        lt.key2();
    }
    public void key2(){
        String name = "abcdef";
        Map<String,Integer> hm = new HashMap<String, Integer>();
        hm.put("aaa", new Integer(1020));
        hm.put("bbb", new Integer(20));


        int iteration = hm.get("bbb");

        SecureRandom random = new SecureRandom();
        PBEParameterSpec pbeParamSpec = null;
        byte[] salt = new byte[32];
        random.nextBytes(salt);
        //int count = 20;
        pbeParamSpec = new PBEParameterSpec(salt, iteration);
    }
}

No ConstraintError for iteration size being less 10000 is reported in PBEParameterSpec.

  • predictableseeds (SecureRandom)
    Other similar cases in this project folder include:

  • predictablecryptographickey (SecretKeySpec)
    Other similar cases in this project folder include the case when misuse is caught by the analysis, but not because the analysis understands that a map is used. So the fix for this issue need to take into account also these types of cases. The case is PredictableCryptographicKeyABHCase2

package example.predictablecryptographickey;

import javax.crypto.spec.SecretKeySpec;
import java.io.UnsupportedEncodingException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;

public class PredictableCryptographicKeyABHCase2 {
    public static void main(String [] args) throws UnsupportedEncodingException {

        Map<String,String> hm = new HashMap<String, String>();
        hm.put("aaa", "afix");
        hm.put("bbb", "bfix");
        hm.put("ccc", "cfix");
        hm.put("ddd", "dfix");

        String key = hm.get("aaa");

        byte [] keyBytes = key.getBytes();
        keyBytes = Arrays.copyOf(keyBytes,16);
        SecretKeySpec keySpec = new SecretKeySpec(keyBytes, "AES");
    }
}
@johspaeth
Copy link
Member

We currently do not model maps, lists etc. hence the analysis does not detect the flow.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@smeyer198 smeyer198

Labels
false negative
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@johspaeth @enriozuni @smeyer198