Merge pull request #53 from formanek/master

ECB and no integrity detection + tests

Author: h3xstream

plugin/src/main/java/com/h3xstream/findsecbugs/crypto/CipherWithNoIntegrityDetector.java

@@ -23,14 +23,12 @@
 import edu.umd.cs.findbugs.OpcodeStack;
 import edu.umd.cs.findbugs.Priorities;
 import edu.umd.cs.findbugs.bcel.OpcodeStackDetector;
+import java.util.regex.Pattern;
 import org.apache.bcel.Constants;
 
-import java.util.Arrays;
-import java.util.List;
-
 /**
- * <p>
  * This detector mark cipher usage that doesn't provide integrity.
+ * <p>
  * The identification will be made base on the mode use.
  * </p>
  * <p>
@@ -53,53 +51,55 @@
  *     </ul>
  * </p>
  * Ref: <a href="http://en.wikipedia.org/wiki/Authenticated_encryption">Wikipedia: Authenticated encryption</a>
+ * Ref for the list of potential ciphers:
+ * http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#impl
+ * Note: Not all ECB mode are vulnerable. see RSA/ECB/*
  */
 public class CipherWithNoIntegrityDetector extends OpcodeStackDetector {
 
     private static final String ECB_MODE_TYPE = "ECB_MODE";
     private static final String PADDING_ORACLE_TYPE = "PADDING_ORACLE";
     private static final String CIPHER_INTEGRITY_TYPE = "CIPHER_INTEGRITY";
 
-    private static final boolean DEBUG = false;
-    private static final List<String> SECURE_CIPHER_MODES = Arrays.asList("CCM","CWC","OCB","EAX","GCM");
+    private static final Pattern AUTHENTICATED_CIPHER_MODES = Pattern.compile(".*/(CCM|CWC|OCB|EAX|GCM)/.*");
+    private static final Pattern INSECURE_ECB_MODES = Pattern.compile("(AES|DES(ede)?)(/ECB/.*)?");
 
-    private BugReporter bugReporter;
+    private final BugReporter bugReporter;
 
     public CipherWithNoIntegrityDetector(BugReporter bugReporter) {
         this.bugReporter = bugReporter;
     }
 
     @Override
     public void sawOpcode(int seen) {
-        if (seen == Constants.INVOKESTATIC && getClassConstantOperand().equals("javax/crypto/Cipher") &&
-                getNameConstantOperand().equals("getInstance")) {
-            OpcodeStack.Item item = stack.getStackItem(stack.getStackDepth() - 1); //The first argument is last
-            if (StackUtils.isConstantString(item)) {
-                String cipherValue = (String) item.getConstant();
-                if (DEBUG) System.out.println(cipherValue);
-
-                //Ref for the list of potential ciphers : http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#impl
-                //Note: Not all ECB mode are vulnerable. see RSA/ECB/*
-                if (cipherValue.contains("AES/ECB/") || cipherValue.contains("DES/ECB/") || cipherValue.contains("DESede/ECB/")) {
-                    bugReporter.reportBug(new BugInstance(this, ECB_MODE_TYPE, Priorities.HIGH_PRIORITY) //
-                            .addClass(this).addMethod(this).addSourceLine(this));
-                }
-
-                if (cipherValue.contains("/CBC/PKCS5Padding")) {
-                    bugReporter.reportBug(new BugInstance(this, PADDING_ORACLE_TYPE, Priorities.HIGH_PRIORITY) //
-                            .addClass(this).addMethod(this).addSourceLine(this));
-                }
-
-                String[] cipherDefinition = cipherValue.split("/");
-                if(cipherDefinition.length > 1 && !cipherValue.startsWith("RSA/")) { //Some cipher will not have mode specified (ie: "RSA" .. issue GitHub #24)
-                    String cipherMode = cipherDefinition[1];
+        if ((seen != Constants.INVOKESTATIC
+                || !getClassConstantOperand().equals("javax/crypto/Cipher"))
+                || !getNameConstantOperand().equals("getInstance")) {
+            return;
+        }
+        OpcodeStack.Item item = stack.getStackItem(stack.getStackDepth() - 1);
+        String cipherValue;
+        if (StackUtils.isConstantString(item)) {
+            cipherValue = (String) item.getConstant();
+        } else {
+            return;
+        }
+        if (INSECURE_ECB_MODES.matcher(cipherValue).matches()) {
+            reportBug(ECB_MODE_TYPE);
+        }
+        if (cipherValue.contains("/CBC/PKCS5Padding")) {
+            reportBug(PADDING_ORACLE_TYPE);
+        }
 
-                    if (!SECURE_CIPHER_MODES.contains(cipherMode)) { //Not a secure mode!
-                        bugReporter.reportBug(new BugInstance(this, CIPHER_INTEGRITY_TYPE, Priorities.HIGH_PRIORITY) //
-                                .addClass(this).addMethod(this).addSourceLine(this));
-                    }
-                }
-            }
+        //Some cipher will not have mode specified (ie: "RSA" .. issue GitHub #24)
+        if (!AUTHENTICATED_CIPHER_MODES.matcher(cipherValue).matches()
+                && !cipherValue.startsWith("RSA")) {
+            reportBug(CIPHER_INTEGRITY_TYPE);
         }
     }
+
+    private void reportBug(String type) {
+        bugReporter.reportBug(new BugInstance(this, type, Priorities.HIGH_PRIORITY)
+                .addClass(this).addMethod(this).addSourceLine(this));
+    }
 }

plugin/src/test/java/com/h3xstream/findsecbugs/crypto/CipherWithNoIntegrityDetectorTest.java

@@ -19,33 +19,73 @@
 
 import com.h3xstream.findbugs.test.BaseDetectorTest;
 import com.h3xstream.findbugs.test.EasyBugReporter;
-import org.testng.annotations.Test;
-
-import static org.mockito.Mockito.never;
+import java.util.Arrays;
+import java.util.List;
 import static org.mockito.Mockito.spy;
+import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
+import org.testng.annotations.Test;
 
 public class CipherWithNoIntegrityDetectorTest extends BaseDetectorTest {
 
     /**
-     * Test to confirm the fix of https://github.com/h3xstream/find-sec-bugs/issues/24
+     * General tests plus test to confirm the fix of
+     * https://github.com/h3xstream/find-sec-bugs/issues/24
+     *
      * @throws Exception
      */
     @Test
     public void detectCustomDigest() throws Exception {
         //Locate test code
         String[] files = {
-                getClassFilePath("testcode/crypto/CipherNoIntegrityBugFixRsa")
+            getClassFilePath("testcode/crypto/CipherNoIntegrity"),
+            getClassFilePath("testcode/crypto/CipherNoIntegrityBugFixRsa")
         };
 
         //Run the analysis
         EasyBugReporter reporter = spy(new EasyBugReporter());
         analyze(files, reporter);
 
-        verify(reporter,never()).doReportBug(
+        List<Integer> linesECB = Arrays.asList(9, 11);
+        for (Integer line : linesECB) {
+            verify(reporter).doReportBug(
+                    bugDefinition()
+                    .bugType("ECB_MODE")
+                    .inClass("CipherNoIntegrity").atLine(line)
+                    .build()
+            );
+        }
+        verify(reporter, times(linesECB.size())).doReportBug(
+                bugDefinition()
+                .bugType("ECB_MODE")
+                .build()
+        );
+
+        List<Integer> linesNoIntegrity = Arrays.asList(9, 10, 11, 12);
+        for (Integer line : linesNoIntegrity) {
+            verify(reporter).doReportBug(
+                    bugDefinition()
+                    .bugType("CIPHER_INTEGRITY")
+                    .inClass("CipherNoIntegrity").atLine(line)
+                    .build()
+            );
+        }
+        verify(reporter, times(linesNoIntegrity.size())).doReportBug(
+                bugDefinition()
+                .bugType("CIPHER_INTEGRITY")
+                .build()
+        );
+
+        verify(reporter).doReportBug(
+                bugDefinition()
+                .bugType("PADDING_ORACLE")
+                .inClass("CipherNoIntegrity").atLine(12)
+                .build()
+        );
+        verify(reporter, times(1)).doReportBug(
                 bugDefinition()
-                        .bugType("ECB_MODE_TYPE")
-                        .build()
+                .bugType("PADDING_ORACLE")
+                .build()
         );
     }
 }

plugin/src/test/java/testcode/crypto/CipherNoIntegrity.java

@@ -0,0 +1,17 @@
+package testcode.crypto;
+
+import javax.crypto.Cipher;
+
+public class CipherNoIntegrity {
+
+    public static void main(String[] args) throws Exception {
+        Cipher.getInstance("AES/GCM/..."); // ok
+        Cipher.getInstance("AES"); // ECB and no integrity
+        Cipher.getInstance("DES/CTR/NoPadding"); // no integrity
+        Cipher.getInstance("DESede/ECB/PKCS5Padding"); // ECB and no integrity
+        Cipher.getInstance("AES/CBC/PKCS5Padding"); // oracle and no integrity
+        Cipher.getInstance("RSA"); // ok
+        Cipher.getInstance("RSA/ECB/PKCS1Padding"); // ok
+        Cipher.getInstance(args[0]); // ok
+    }
+}