Ruby: Add rb/weak-cryptographic-algorithm query

[alexrford]

Ports py/weak-cryptographic-algorithm to Ruby. Currently supports OpenSSL ciphers.

This is generally similar, using the Cryptography::CryptographicOperation concept. There is a slight tweak in moving the isWeak() predicate into CryptographicOperation rather than only having it on CryptographicAlgorithm, which allows us to account for operations with ciphers that use a weak block mode (in practice, this means ECB). The CryptographicAlgorithm only includes the block encryption algorithm itself, not the block mode in the context where the algorithm is used in a stream cipher.

The side-effect of this is that the alert messages can currently be misleading, e.g. suggesting that the block encryption algorithm is weak when it is actually the block mode.

The best solutions to this that I can see are:

1. Keeping CryptographicAlgorithm and the block mode separate, but introducing a proper BlockMode class with e.g. an isWeak() predicate of its own. CryptographicOperation could then have a BlockMode getBlockMode() predicate rather than its own isWeak() predicate, and the query could check both the encryption algorithm and the block mode.
2. Include the block mode in the CryptographicAlgorithm, and add 2 predicates - isWeakEncryptionAlgorithm and isWeakBlockMode, to that class. Then CryptographicOperation#isWeak() could be removed.

[github-actions]

QHelp previews:

ruby/ql/src/queries/security/cwe-327/BrokenCryptoAlgorithm.qhelp

Use of a broken or weak cryptographic algorithm

Using broken or weak cryptographic algorithms can leave data vulnerable to being decrypted or forged by an attacker.

Many cryptographic algorithms provided by cryptography libraries are known to be weak, or flawed. Using such an algorithm means that encrypted or hashed data is less secure than it appears to be.

Recommendation

Ensure that you use a strong, modern cryptographic algorithm, such as AES-128 or RSA-2048.

Example

The following code uses the OpenSSL library to encrypt some secret data. When you create a cipher using OpenSSL you must specify the encryption algorithm to use. The first example uses DES, which is an older algorithm that is now considered weak. The second example uses AES, which is a stronger modern algorithm.

require 'openssl'

class Encryptor
  attr_accessor :secret_key

  def encrypt_message_weak(message)
    cipher = OpenSSL::Cipher.new('des') # BAD: weak encryption
    cipher.encrypt
    cipher.key = secret_key
    cipher.update(message)
    cipher.final
  end

  def encrypt_message_strong(message)
    cipher = OpenSSL::Cipher::AES128.new # GOOD: strong encryption
    cipher.encrypt
    cipher.key = secret_key
    cipher.update(message)
    cipher.final
  end
end

References

• NIST, FIPS 140 Annex a: Approved Security Functions.
• NIST, SP 800-131A: Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths.
• OWASP: Rule - Use strong approved cryptographic algorithms.
• Common Weakness Enumeration: CWE-327.

[github-actions]

QHelp previews:

ruby/ql/src/queries/security/cwe-327/BrokenCryptoAlgorithm.qhelp

Use of a broken or weak cryptographic algorithm

Using broken or weak cryptographic algorithms can leave data vulnerable to being decrypted or forged by an attacker.

Many cryptographic algorithms provided by cryptography libraries are known to be weak, or flawed. Using such an algorithm means that encrypted or hashed data is less secure than it appears to be.

Recommendation

Ensure that you use a strong, modern cryptographic algorithm, such as AES-128 or RSA-2048.

Example

The following code uses the OpenSSL library to encrypt some secret data. When you create a cipher using OpenSSL you must specify the encryption algorithm to use. The first example uses DES, which is an older algorithm that is now considered weak. The second example uses AES, which is a stronger modern algorithm.

require 'openssl'

class Encryptor
  attr_accessor :secret_key

  def encrypt_message_weak(message)
    cipher = OpenSSL::Cipher.new('des') # BAD: weak encryption
    cipher.encrypt
    cipher.key = secret_key
    cipher.update(message)
    cipher.final
  end

  def encrypt_message_strong(message)
    cipher = OpenSSL::Cipher::AES128.new # GOOD: strong encryption
    cipher.encrypt
    cipher.key = secret_key
    cipher.update(message)
    cipher.final
  end
end

References

• NIST, FIPS 140 Annex a: Approved Security Functions.
• NIST, SP 800-131A: Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths.
• OWASP: Rule - Use strong approved cryptographic algorithms.
• Common Weakness Enumeration: CWE-327.

[aibaars]

This looks good to me.

[aibaars]

Perhaps things -> concepts.

[aibaars]

I think this can be moved to line 381 .

exists(string cipherName |  cipher.matchesName(cipherName) |
    ...
    or
    ...
)

[aibaars]

This is quite a large block of text and I wonder if it would improve readability if split into smaller predicates.

[alexrford]

I've split this into 4 separate predicates that each cover a subset of cases, I think it's slightly clearer.

[github-actions]

QHelp previews:

ruby/ql/src/queries/security/cwe-327/BrokenCryptoAlgorithm.qhelp

Use of a broken or weak cryptographic algorithm

Using broken or weak cryptographic algorithms can leave data vulnerable to being decrypted or forged by an attacker.

Many cryptographic algorithms provided by cryptography libraries are known to be weak, or flawed. Using such an algorithm means that encrypted or hashed data is less secure than it appears to be.

Recommendation

Ensure that you use a strong, modern cryptographic algorithm, such as AES-128 or RSA-2048.

Example

The following code uses the OpenSSL library to encrypt some secret data. When you create a cipher using OpenSSL you must specify the encryption algorithm to use. The first example uses DES, which is an older algorithm that is now considered weak. The second example uses AES, which is a stronger modern algorithm.

require 'openssl'

class Encryptor
  attr_accessor :secret_key

  def encrypt_message_weak(message)
    cipher = OpenSSL::Cipher.new('des') # BAD: weak encryption
    cipher.encrypt
    cipher.key = secret_key
    cipher.update(message)
    cipher.final
  end

  def encrypt_message_strong(message)
    cipher = OpenSSL::Cipher::AES128.new # GOOD: strong encryption
    cipher.encrypt
    cipher.key = secret_key
    cipher.update(message)
    cipher.final
  end
end

References

• NIST, FIPS 140 Annex a: Approved Security Functions.
• NIST, SP 800-131A: Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths.
• OWASP: Rule - Use strong approved cryptographic algorithms.
• Common Weakness Enumeration: CWE-327.

[nickrolfe]

Sorry, I know you already had a review and were just looking for re-approval, but I have a couple of comments.

[nickrolfe]

It's a bit of a shame that this message doesn't mention the specific cipher mode that makes it weak. Would that be difficult to add?

[alexrford]

Yeah, the inaccurate message here is not great. At the level of CryptographicOperation, we have no concept of the block mode, so the weakness/strength of the operation is just a kind of black box. The solutions that I've considered are:

1. Keeping CryptographicAlgorithm and the block mode separate, but introducing a proper BlockMode class with e.g. an isWeak() predicate of its own. CryptographicOperation could then have a BlockMode getBlockMode() predicate rather than its own isWeak() predicate, and the query could check both the encryption algorithm and the block mode.
2. Include the block mode in the CryptographicAlgorithm, and add 2 predicates - isWeakEncryptionAlgorithm and isWeakBlockMode, to that class. Then CryptographicOperation#isWeak() could be removed.

I think I prefer 1 overall as it seems like the intention of the CryptographicAlgorithm class (shared with JS and Python) is to represent the algorithm modulo any block mode. Do you have any preferences between these?

[nickrolfe]

1 sounds like a nice solution, if it's not too difficult to implement.

[github-actions]

QHelp previews:

ruby/ql/src/queries/security/cwe-327/BrokenCryptoAlgorithm.qhelp

Use of a broken or weak cryptographic algorithm

Using broken or weak cryptographic algorithms can leave data vulnerable to being decrypted or forged by an attacker.

Many cryptographic algorithms provided by cryptography libraries are known to be weak, or flawed. Using such an algorithm means that encrypted or hashed data is less secure than it appears to be.

Recommendation

Ensure that you use a strong, modern cryptographic algorithm, such as AES-128 or RSA-2048.

Example

The following code uses the OpenSSL library to encrypt some secret data. When you create a cipher using OpenSSL you must specify the encryption algorithm to use. The first example uses DES, which is an older algorithm that is now considered weak. The second example uses AES, which is a stronger modern algorithm.

require 'openssl'

class Encryptor
  attr_accessor :secret_key

  def encrypt_message_weak(message)
    cipher = OpenSSL::Cipher.new('des') # BAD: weak encryption
    cipher.encrypt
    cipher.key = secret_key
    cipher.update(message)
    cipher.final
  end

  def encrypt_message_strong(message)
    cipher = OpenSSL::Cipher::AES128.new # GOOD: strong encryption
    cipher.encrypt
    cipher.key = secret_key
    cipher.update(message)
    cipher.final
  end
end

References

• NIST, FIPS 140 Annex a: Approved Security Functions.
• NIST, SP 800-131A: Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths.
• OWASP: Rule - Use strong approved cryptographic algorithms.
• Common Weakness Enumeration: CWE-327.

[github-actions]

QHelp previews:

ruby/ql/src/queries/security/cwe-327/BrokenCryptoAlgorithm.qhelp

Use of a broken or weak cryptographic algorithm

Using broken or weak cryptographic algorithms can leave data vulnerable to being decrypted or forged by an attacker.

Many cryptographic algorithms provided by cryptography libraries are known to be weak, or flawed. Using such an algorithm means that encrypted or hashed data is less secure than it appears to be.

Recommendation

Ensure that you use a strong, modern cryptographic algorithm, such as AES-128 or RSA-2048.

Example

The following code uses the OpenSSL library to encrypt some secret data. When you create a cipher using OpenSSL you must specify the encryption algorithm to use. The first example uses DES, which is an older algorithm that is now considered weak. The second example uses AES, which is a stronger modern algorithm.

require 'openssl'

class Encryptor
  attr_accessor :secret_key

  def encrypt_message_weak(message)
    cipher = OpenSSL::Cipher.new('des') # BAD: weak encryption
    cipher.encrypt
    cipher.key = secret_key
    cipher.update(message)
    cipher.final
  end

  def encrypt_message_strong(message)
    cipher = OpenSSL::Cipher::AES128.new # GOOD: strong encryption
    cipher.encrypt
    cipher.key = secret_key
    cipher.update(message)
    cipher.final
  end
end

References

• NIST, FIPS 140 Annex a: Approved Security Functions.
• NIST, SP 800-131A: Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths.
• OWASP: Rule - Use strong approved cryptographic algorithms.
• Common Weakness Enumeration: CWE-327.

[nickrolfe]

LGTM. I'll leave it up to you whether you address my comment about the block mode in the alert message.

[alexrford]

I'll merge this as is and work on the block mode changes as a follow-up. CryptographicOperation is partly shared with Python - it would be nice to align these so the query implementation can be identical.