Skip to content

Commit

Permalink
Investigation of issue #219 (#445)
Browse files Browse the repository at this point in the history

Add a test case to investigate issue #219. The result is expected. However, see discussion of #219.
  • Loading branch information
fwendland authored Mar 23, 2022
1 parent 7867852 commit accf7db
Show file tree
Hide file tree
Showing 5 changed files with 114 additions and 0 deletions.
16 changes: 16 additions & 0 deletions src/test/java/de/fraunhofer/aisec/codyze/crymlin/IssueTest.kt
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
package de.fraunhofer.aisec.codyze.crymlin

import java.lang.Exception
import kotlin.Throws
import org.junit.jupiter.api.Test

class IssueTest : AbstractMarkTest() {

@Test
@Throws(Exception::class)
fun issue219() {
val findings = performTest("issues/219/Main.java", "issues/219/")

expected(findings, "line 6: Rule JCAProvider_PBEParameterSpec_2 violated")
}
}
9 changes: 9 additions & 0 deletions src/test/resources/issues/219/Main.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
import java.security.SecureRandom;

public class Main {

public void test() {
SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
}

}
20 changes: 20 additions & 0 deletions src/test/resources/issues/219/PBEParameterSpec.mark
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
package java.jca

entity PBEParameterSpec {

var salt;
var iterationCount;
var paramSpec;

op instantiate {
javax.crypto.spec.PBEParameterSpec(
salt : byte[],
iterationCount : int
);
javax.crypto.spec.PBEParameterSpec(
salt : byte[],
iterationCount : int,
paramSpec : java.security.AlgorithmParameter
);
}
}
58 changes: 58 additions & 0 deletions src/test/resources/issues/219/SecureRandom.mark
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
package java.jca

entity SecureRandom {

var algorithm;
var provider;
var params;
var seed;
var numBytes;
var randomBytes;

op instantiate {
java.security.SecureRandom.getInstance(algorithm : java.lang.String);
java.security.SecureRandom.getInstance(
algorithm : java.lang.String,
provider : java.lang.String | java.security.Provider
);
java.security.SecureRandom.getInstance(
algorithm : java.lang.String,
params : java.security.SecureRandomParameters
);
java.security.SecureRandom.getInstance(
algorithm : java.lang.String,
params : java.security.SecureRandomParameters,
provider : java.lang.String | java.security.Provider
);
java.security.SecureRandom.getInstanceStrong();

// forbidden calls because they don't respect BC as provider
forbidden java.security.SecureRandom();
forbidden java.security.SecureRandom(
seed : byte[]
);
}

op seed {
java.security.SecureRandom.setSeed(seed : byte[] | long);
}

op reseed {
java.security.SecureRandom.reseed();
java.security.SecureRandom.reseed(params : java.security.SecureRandomParameters);
}

op generateSeed {
seed = java.security.SecureRandom.generateSeed(numBytes : int);
}

op generate {
java.security.SecureRandom.next(numBytes : int);
java.security.SecureRandom.nextBytes(randomBytes : bytes[]);
java.security.SecureRandom.nextBytes(
randomBytes : bytes[],
params : java.security.SecureRandomParameters
);
}

}
11 changes: 11 additions & 0 deletions src/test/resources/issues/219/rules.mark
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
package issue_219

rule JCAProvider_PBEParameterSpec_2{
using
PBEParameterSpec as pbeps,
SecureRandom as sr
ensure
_is(pbeps.salt, sr)
onfail
NotRandomizedSaltPBEParameterSpec
}

0 comments on commit accf7db

Please sign in to comment.