SONARPY-1682 S5547: Update TLS cipher suite detection logic (#201)

GitOrigin-RevId: 88ef0572d803cd1780da2daf783c22efee7f5db3

Author: guillaume-dequenne

python-checks/src/main/java/org/sonar/python/checks/RobustCipherAlgorithmCheck.java

@@ -16,114 +16,140 @@
  */
 package org.sonar.python.checks;
 
-import java.util.Arrays;
-import java.util.HashSet;
+import java.util.LinkedHashSet;
 import java.util.Optional;
 import java.util.Set;
+import java.util.function.Predicate;
+import java.util.stream.Collectors;
 import java.util.stream.Stream;
 import javax.annotation.CheckForNull;
 import javax.annotation.Nullable;
 import org.sonar.check.Rule;
 import org.sonar.plugins.python.api.PythonSubscriptionCheck;
+import org.sonar.plugins.python.api.SubscriptionContext;
 import org.sonar.plugins.python.api.symbols.Symbol;
 import org.sonar.plugins.python.api.tree.CallExpression;
 import org.sonar.plugins.python.api.tree.Expression;
 import org.sonar.plugins.python.api.tree.Name;
 import org.sonar.plugins.python.api.tree.RegularArgument;
+import org.sonar.plugins.python.api.tree.StringLiteral;
 import org.sonar.plugins.python.api.tree.Tree;
 import org.sonar.python.checks.utils.Expressions;
 import org.sonar.python.tree.StringLiteralImpl;
 import org.sonar.python.tree.TreeUtils;
 
-import static java.util.Arrays.asList;
-
 // https://jira.sonarsource.com/browse/RSPEC-5547 (general)
 // https://jira.sonarsource.com/browse/RSPEC-5552 (python-specific)
 @Rule(key = "S5547")
 public class RobustCipherAlgorithmCheck extends PythonSubscriptionCheck {
 
   private static final String MESSAGE = "Use a strong cipher algorithm.";
-  private static final HashSet<String> sensitiveCalleeFqns = new HashSet<>();
 
   private static final Set<String> INSECURE_CIPHERS = Set.of(
     "NULL",
+    "aNULL",
+    "eNULL",
+    "COMPLEMENTOFALL",
     "RC2",
     "RC4",
+    "IDEA",
+    "SEED",
     "DES",
     "3DES",
     "MD5",
-    "SHA"
+    "SHA",
+    "SHA1",
+    "ADH",
+    "AECDH",
+    "CBC",
+    "LOW",
+    "@SECLEVEL=0",
+    "@SECLEVEL=1",
+    "DEFAULT@SECLEVEL=0",
+    "DEFAULT@SECLEVEL=1"
   );
 
   public static final String SSL_SET_CIPHERS_FQN = "ssl.SSLContext.set_ciphers";
 
-  static {
-    // `pycryptodomex`, `pycryptodome`, and `pycrypto` all share the same names of the algorithms,
-    // moreover, `pycryptodome` is drop-in replacement for `pycrypto`, thus they share same name ("Crypto").
-    for (String libraryName : asList("Cryptodome", "Crypto")) {
-      for (String vulnerableMethodName : asList("DES", "DES3", "ARC2", "ARC4", "Blowfish")) {
-        sensitiveCalleeFqns.add(String.format("%s.Cipher.%s.new", libraryName, vulnerableMethodName));
-      }
-    }
-
-
-    // Idea is listed under "Weak Algorithms" in pyca/cryptography documentation
-    // https://cryptography.io/en/latest/hazmat/primitives/symmetric-encryption/\
-    // #cryptography.hazmat.primitives.ciphers.algorithms.IDEA
-    // pyca (pyca/cryptography)
-    for (String methodName : asList("TripleDES", "Blowfish", "ARC4", "IDEA")) {
-      sensitiveCalleeFqns.add(String.format("cryptography.hazmat.primitives.ciphers.algorithms.%s", methodName));
-    }
-
-    // pydes
-    sensitiveCalleeFqns.add("pyDes.des");
-    sensitiveCalleeFqns.add("pyDes.triple_des");
-  }
+  private static final Set<String> SENSITIVE_CALLEE_FQNS = Set.of(
+    "Crypto.Cipher.ARC2.new",
+    "Crypto.Cipher.ARC4.new",
+    "Crypto.Cipher.Blowfish.new",
+    "Crypto.Cipher.DES.new",
+    "Crypto.Cipher.DES3.new",
+    "Cryptodome.Cipher.ARC2.new",
+    "Cryptodome.Cipher.ARC4.new",
+    "Cryptodome.Cipher.Blowfish.new",
+    "Cryptodome.Cipher.DES.new",
+    "Cryptodome.Cipher.DES3.new",
+    "cryptography.hazmat.primitives.ciphers.algorithms.ARC4",
+    "cryptography.hazmat.primitives.ciphers.algorithms.Blowfish",
+    "cryptography.hazmat.primitives.ciphers.algorithms.IDEA",
+    "cryptography.hazmat.primitives.ciphers.algorithms.TripleDES",
+    "pyDes.des",
+    "pyDes.triple_des"
+  );
 
   @Override
   public void initialize(Context context) {
-    context.registerSyntaxNodeConsumer(Tree.Kind.CALL_EXPR, subscriptionContext -> {
-      CallExpression callExpr = (CallExpression) subscriptionContext.syntaxNode();
-      Optional.ofNullable(callExpr)
-        .map(CallExpression::calleeSymbol)
-        .map(Symbol::fullyQualifiedName)
-        .filter(fqn -> sensitiveCalleeFqns.contains(fqn) ||
-          (SSL_SET_CIPHERS_FQN.equals(fqn) && hasArgumentWithSensitiveAlgorithm(callExpr)))
-        .ifPresent(fqn -> subscriptionContext.addIssue(callExpr.callee(), MESSAGE));
-    });
+    context.registerSyntaxNodeConsumer(Tree.Kind.CALL_EXPR, RobustCipherAlgorithmCheck::checkCallExpression);
   }
 
+  private static void checkCallExpression(SubscriptionContext subscriptionContext) {
+    CallExpression callExpr = (CallExpression) subscriptionContext.syntaxNode();
+    Optional.of(callExpr)
+      .map(CallExpression::calleeSymbol)
+      .map(Symbol::fullyQualifiedName)
+      .ifPresent(fullyQualifiedName -> {
+        if (SENSITIVE_CALLEE_FQNS.contains(fullyQualifiedName)) {
+          subscriptionContext.addIssue(callExpr.callee(), MESSAGE);
+        } else if (SSL_SET_CIPHERS_FQN.equals(fullyQualifiedName)) {
+          checkForInsecureCiphers(subscriptionContext, callExpr);
+        }
+      });
+  }
 
-  private static boolean hasArgumentWithSensitiveAlgorithm(CallExpression callExpression) {
-    return Optional.of(callExpression.arguments())
+  private static void checkForInsecureCiphers(SubscriptionContext ctx, CallExpression callExpression) {
+    Optional.of(callExpression.arguments())
       .filter(list -> list.size() == 1)
       .map(list -> list.get(0))
       .flatMap(TreeUtils.toOptionalInstanceOfMapper(RegularArgument.class))
       .map(RegularArgument::expression)
       .map(RobustCipherAlgorithmCheck::unpackArgument)
-      .filter(RobustCipherAlgorithmCheck::containsInsecureCipher)
-      .isPresent();
+      .ifPresent(stringLiteral -> Optional.of(stringLiteral.trimmedQuotesValue())
+        .map(RobustCipherAlgorithmCheck::findInsecureCiphers)
+        .filter(Predicate.not(Set::isEmpty))
+        .ifPresent(insecureCiphers -> {
+          var secondaryMessage = insecureCiphers.size() > 1 ? "The following cipher strings are insecure: " :
+            "The following cipher string is insecure: ";
+          secondaryMessage = insecureCiphers.stream().collect(Collectors.joining("`, `", secondaryMessage + "`", "`"));
+
+          ctx.addIssue(callExpression.callee(), MESSAGE)
+            .secondary(stringLiteral, secondaryMessage);
+        }));
   }
 
   @CheckForNull
-  private static String unpackArgument(@Nullable Expression expression) {
+  private static StringLiteral unpackArgument(@Nullable Expression expression) {
     if (expression == null) {
       return null;
     } else if (expression.is(Tree.Kind.STRING_LITERAL)) {
-      return ((StringLiteralImpl) expression).trimmedQuotesValue();
+      return ((StringLiteralImpl) expression);
     } else if (expression.is(Tree.Kind.NAME)) {
       return unpackArgument(Expressions.singleAssignedValue((Name) expression));
     } else {
       return null;
     }
   }
 
-  private static boolean containsInsecureCipher(String ciphers) {
+  private static Set<String> findInsecureCiphers(String ciphers) {
     return Stream.of(ciphers)
-      .flatMap(str -> Arrays.stream(str.split(":")))
-      .flatMap(str -> Arrays.stream(str.split("-")))
-      .anyMatch(INSECURE_CIPHERS::contains);
+      .flatMap(str -> Stream.of(str.split(":")))
+      .filter(str -> !str.startsWith("!") && !str.startsWith("-"))
+      .flatMap(str -> Stream.of(str.split("\\+")))
+      .flatMap(str -> Stream.of(str.split("-")))
+      .filter(INSECURE_CIPHERS::contains)
+      .collect(Collectors.toCollection(LinkedHashSet::new));
   }
-
-
 }
+

python-checks/src/test/resources/checks/robustCipherAlgorithm.py

@@ -96,7 +96,27 @@ def pyssl_examples():
   ciphers4 = 'ECDHE:RSA:AES256:SHA'
   ctx.set_ciphers(ciphers4)  # Noncompliant
   ciphers5 = 'ECDHE:RSA:AES256:SHA:ECDHE-RSA-AES256-SHA'
+#            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^> {{The following cipher string is insecure: `SHA`}}
   ctx.set_ciphers(ciphers5)  # Noncompliant
+# ^^^^^^^^^^^^^^^
+
+  ctx = ssl.create_default_context()
+  ctx.set_ciphers("NULL+SHA")  # Noncompliant
+
+  ctx4 = ssl.create_default_context()
+  ctx4.set_ciphers("DEFAULT:-RSA+LOW:!SHA:LOW")  # Noncompliant
+# ^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^< {{The following cipher string is insecure: `LOW`}}
+
+  ctx5 = ssl.create_default_context()
+  ctx5.set_ciphers("@SECLEVEL=1")  # Noncompliant
+
+  ctx6 = ssl.create_default_context()
+  ctx6.set_ciphers("@SECLEVEL=0")  # Noncompliant
+
+  ciphers6 = 'ECDHE:RSA:AES256:LOW:ECDHE-RSA-AES256-SHA'
+  #          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^> {{The following cipher strings are insecure: `LOW`, `SHA`}}
+  ctx.set_ciphers(ciphers6)  # Noncompliant
+# ^^^^^^^^^^^^^^^
 
 def pycryptodome_compliant():
   from Crypto.Cipher import AES
@@ -130,4 +150,9 @@ def pyssl_compliant(unknown_cipher):
   ctx.set_ciphers(unknown_cipher)
   ctx.set_ciphers(ciphers, ciphers2)
 
+  ctx2 = ssl.create_default_context()
+  ctx2.set_ciphers("ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128")  # Compliant
+
+  ctx3 = ssl.create_default_context()
+  ctx3.set_ciphers("DEFAULT:!eNULL:!aNULL:!MD5")  # Compliant