Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add check for insecure hash algorithms #79

Merged
merged 12 commits into from
Jan 4, 2021
Merged

Add check for insecure hash algorithms #79

merged 12 commits into from
Jan 4, 2021

Conversation

spraints
Copy link
Member

MD5 and SHA1 are both subject to well-known attacks and are not recommended for use. This branch adds a cop that checks for these hash functions and recommends SHA256 in their place.

cc @dbussink @jhawthorn

@dbussink
Copy link

@spraints In https://github.com/github/github/pull/165161#discussion_r540253611 @vcsjones had a good idea to use an allow list instead. How about also doing that for the generic Rubocop rules here as well?

dbussink
dbussink reviewed Dec 11, 2020
View reviewed changes
lib/rubocop/cop/github/insecure_hash_algorithm.rb Outdated
# https://ruby-doc.org/stdlib-2.7.0/libdoc/openssl/rdoc/OpenSSL/Digest.html
DEFAULT_ALLOWED = %w[
RIPEMD160
RMD160
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These shouldn't be allowed.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I removed them (and SHA-224). The default allow list now is:

rubocop-github/lib/rubocop/cop/github/insecure_hash_algorithm.rb

Lines 61 to 65 in 4d952bb

DEFAULT_ALLOWED = %w[
SHA256
SHA384
SHA512
].freeze

@spraints
Copy link
Member Author

How about also doing that for the generic Rubocop rules here as well?

👍 It required a little bit of fiddling to get it to ignore Digest.bubblebabble('anything') but still catch OpenSSL::Digest.hexdigest('anything', 'else'), but it's working with an allow list now. The allowed funcs can be overridden in rubocop config, too. The default allow list is here:

rubocop-github/lib/rubocop/cop/github/insecure_hash_algorithm.rb

Lines 61 to 68 in c5a7ece

DEFAULT_ALLOWED = %w[
RIPEMD160
RMD160
SHA224
SHA256
SHA384
SHA512
].freeze

This leaves these as not allowed:

  • MD2, MD4, MDC2 (openssl)
  • MD5 (digest and openssl)
  • SHA (openssl)
  • SHA1 (digest and openssl)
  • DSS (openssl, alias of SHA)
  • DSS1 (openssl, alias of SHA1)

spraints and others added 4 commits December 11, 2020 13:39
@spraints
Be more picky about hash functions by default
4d952bb 
RIPEMD160 is an older function, about the same age as MD5, so we don't want to start using it in new code.

SHA-224 isn't one that we use much. It's more or less a truncated form of SHA-256, and SHA-256 itself works in places where SHA-224 would, so we opt for the longer output of SHA-256.
@spraints
Handle OpenSSL::HMAC.new correctly
abdcc08
@spraints
Test another scenario from our app
f4abd51
@spraints
Add special checks for rails's Digest::UUID
e51e5c2 
https://api.rubyonrails.org/classes/Digest/UUID.html

uuid_v3 uses MD5, so it's only allowed when MD5 is in the "Allowed"
list. uuid_v5 uses SHA1, so it's only allowed when SHA1 is in the
"Allowed" list.
dbussink
dbussink approved these changes Jan 4, 2021
View reviewed changes
Copy link

@dbussink dbussink left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking good to me 👍

@spraints spraints merged commit d910021 into github:master Jan 4, 2021
@spraints spraints deleted the insecure-hash-algorithms branch January 4, 2021 14:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dbussink dbussink dbussink approved these changes

@jhawthorn jhawthorn jhawthorn approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@spraints @dbussink @jhawthorn