advanced-security · GeekMasher · Apr 13, 2022 · Apr 13, 2022 · Apr 13, 2022
diff --git a/tests/.gitignore b/tests/.gitignore
@@ -0,0 +1,2 @@
+**/*.testproj
+**/*.actual
diff --git a/tests/csharp-tests/CWE-760/HardcodedSalt.expected b/tests/csharp-tests/CWE-760/HardcodedSalt.expected
@@ -0,0 +1,18 @@
+edges
+| Test.cs:13:16:13:55 | call to method GetBytes : Byte[] | Test.cs:14:49:14:52 | access to local variable salt |
+| Test.cs:13:39:13:54 | "Hardcoded Salt" : String | Test.cs:13:16:13:55 | call to method GetBytes : Byte[] |
+| Test.cs:23:12:23:28 | "Hardcoded Salt2" : String | Test.cs:29:39:29:63 | call to method generateSalt : String |
+| Test.cs:29:16:29:64 | call to method GetBytes : Byte[] | Test.cs:30:49:30:52 | access to local variable salt |
+| Test.cs:29:39:29:63 | call to method generateSalt : String | Test.cs:29:16:29:64 | call to method GetBytes : Byte[] |
+nodes
+| Test.cs:13:16:13:55 | call to method GetBytes : Byte[] | semmle.label | call to method GetBytes : Byte[] |
+| Test.cs:13:39:13:54 | "Hardcoded Salt" : String | semmle.label | "Hardcoded Salt" : String |
+| Test.cs:14:49:14:52 | access to local variable salt | semmle.label | access to local variable salt |
+| Test.cs:23:12:23:28 | "Hardcoded Salt2" : String | semmle.label | "Hardcoded Salt2" : String |
+| Test.cs:29:16:29:64 | call to method GetBytes : Byte[] | semmle.label | call to method GetBytes : Byte[] |
+| Test.cs:29:39:29:63 | call to method generateSalt : String | semmle.label | call to method generateSalt : String |
+| Test.cs:30:49:30:52 | access to local variable salt | semmle.label | access to local variable salt |
+subpaths
+#select
+| Test.cs:14:49:14:52 | access to local variable salt | Test.cs:13:39:13:54 | "Hardcoded Salt" : String | Test.cs:14:49:14:52 | access to local variable salt | Use of $@. | Test.cs:13:39:13:54 | "Hardcoded Salt" | hardcoded salt |
+| Test.cs:30:49:30:52 | access to local variable salt | Test.cs:23:12:23:28 | "Hardcoded Salt2" : String | Test.cs:30:49:30:52 | access to local variable salt | Use of $@. | Test.cs:23:12:23:28 | "Hardcoded Salt2" | hardcoded salt |
diff --git a/tests/csharp-tests/CWE-760/HardcodedSalt.qlref b/tests/csharp-tests/CWE-760/HardcodedSalt.qlref
@@ -0,0 +1 @@
+CWE-760/HardcodedSalt.ql
diff --git a/tests/csharp-tests/CWE-760/Test.cs b/tests/csharp-tests/CWE-760/Test.cs
@@ -0,0 +1,32 @@
+using System;
+using System.IO;
+using System.Text;
+using System.Runtime.Serialization;
+using System.Security.Cryptography;
+using System.Security.Permissions;
+
+public class StaticSalt {
+  public void Test1() {
+    string password = "TestPassword";
+
+    // BAD: Static String 
+    var salt = Encoding.UTF8.GetBytes("Hardcoded Salt");
+    var hash = new Rfc2898DeriveBytes(password, salt);
+
+    // Good: Randomly generated byte array 
+    var randonSalt = new byte[16];
+    RandomNumberGenerator.Create().GetBytes(randonSalt);
+    var hash_safe = new Rfc2898DeriveBytes(password, randonSalt);
+  }
+
+  public static string generateSalt() {
+    return "Hardcoded Salt2";
+  }
+  public void Test2() {
+    string password = "TestPassword2";
+
+    // BAD: Static String 
+    var salt = Encoding.UTF8.GetBytes(StaticSalt.generateSalt());
+    var hash = new Rfc2898DeriveBytes(password, salt);
+  }
+}
diff --git a/tests/csharp-tests/CWE-760/options b/tests/csharp-tests/CWE-760/options
@@ -0,0 +1 @@
+semmle-extractor-options: /r:System.Security.Cryptography.Csp.dll /r:System.Security.Cryptography.Algorithms.dll
diff --git a/tests/csharp-tests/CWE-916/Test.cs b/tests/csharp-tests/CWE-916/Test.cs
@@ -0,0 +1,26 @@
+using System;
+using System.IO;
+using System.Text;
+using System.Runtime.Serialization;
+using System.Security.Cryptography;
+using System.Security.Permissions;
+
+public class StaticSalt {
+  public void Test1() {
+    string password = "TestPassword";
+    var randonSalt = new byte[16];
+    RandomNumberGenerator.Create().GetBytes(randonSalt);
+
+
+    // BAD: Default (1000)
+    var hash = new Rfc2898DeriveBytes(password, randonSalt);
+
+    // BAD: Static int
+    var hash2 = new Rfc2898DeriveBytes(password, randonSalt, 1000);
+
+
+
+    // Good: High interations
+    var hash_safe = new Rfc2898DeriveBytes(password, randonSalt, 100000);
+  }
+}
diff --git a/tests/csharp-tests/CWE-916/WeakIterations.expected b/tests/csharp-tests/CWE-916/WeakIterations.expected
@@ -0,0 +1,6 @@
+edges
+nodes
+| Test.cs:19:62:19:65 | 1000 | semmle.label | 1000 |
+subpaths
+#select
+| Test.cs:19:62:19:65 | 1000 | Test.cs:19:62:19:65 | 1000 | Test.cs:19:62:19:65 | 1000 | Use of $@. | Test.cs:19:62:19:65 | 1000 | hardcoded weak iterations |
diff --git a/tests/csharp-tests/CWE-916/WeakIterations.qlref b/tests/csharp-tests/CWE-916/WeakIterations.qlref
@@ -0,0 +1 @@
+CWE-916/WeakIterations.ql
diff --git a/tests/csharp-tests/CWE-916/options b/tests/csharp-tests/CWE-916/options
@@ -0,0 +1 @@
+semmle-extractor-options: /r:System.Security.Cryptography.Csp.dll /r:System.Security.Cryptography.Algorithms.dll
diff --git a/tests/csharp-tests/qlpack.lock.yml b/tests/csharp-tests/qlpack.lock.yml
@@ -0,0 +1,4 @@
+---
+dependencies: {}
+compiled: false
+lockVersion: 1.0.0
diff --git a/tests/csharp-tests/qlpack.yml b/tests/csharp-tests/qlpack.yml
@@ -0,0 +1,8 @@
+name: github-queries-csharp-tests
+groups: [csharp, test]
+dependencies:
+  codeql/csharp-all: "*"
+  github-queries-csharp: "*"
+
+extractor: csharp
+tests: .
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		semmle-extractor-options: /r:System.Security.Cryptography.Csp.dll /r:System.Security.Cryptography.Algorithms.dll