diff --git a/pathfinder-rules/java/BlowfishUsage.cql b/pathfinder-rules/java/BlowfishUsage.cql new file mode 100644 index 00000000..1a07a860 --- /dev/null +++ b/pathfinder-rules/java/BlowfishUsage.cql @@ -0,0 +1,18 @@ +/** + * @name BlowfishUsage + * @description Use of Blowfish was detected. Blowfish uses a 64-bit block size + * @kind problem + * @id java/BlowfishUsage + * @problem.severity warning + * @security-severity 3.1 + * @precision medium + * @tags security + * external/cwe/cwe-327 + */ + +FROM method_invocation AS mi +WHERE mi.getName() == "Cipher.getInstance" +&& "Blowfish" in mi.getArgumentName() +SELECT mi.getName(), "Use of Blowfish was detected. Blowfish uses a 64-bit block size + that makes it vulnerable to birthday attacks, and is therefore considered + non-compliant." \ No newline at end of file diff --git a/pathfinder-rules/java/DefaultHttpClient.cql b/pathfinder-rules/java/DefaultHttpClient.cql new file mode 100644 index 00000000..da75cc3c --- /dev/null +++ b/pathfinder-rules/java/DefaultHttpClient.cql @@ -0,0 +1,15 @@ +/** + * @name DefaultHttpClient + * @description The DefaultHttpClient is deprecated. Use HttpClientBuilder instead. + * @kind problem + * @id java/DefaultHttpClient + * @problem.severity warning + * @security-severity 3.1 + * @precision medium + * @tags security + * external/cwe/cwe-326 + */ + + FROM ClassInstanceExpr AS cie + WHERE cie.getClassInstanceExpr().GetClassName() == "DefaultHttpClient" + SELECT cie.getName(), "The DefaultHttpClient is deprecated. Use HttpClientBuilder instead." diff --git a/pathfinder-rules/java/InsecureRandom.cql b/pathfinder-rules/java/InsecureRandom.cql new file mode 100644 index 00000000..b07fce7a --- /dev/null +++ b/pathfinder-rules/java/InsecureRandom.cql @@ -0,0 +1,15 @@ +/** + * @name InsecureRandom + * @description Math.random() is not cryptographically secure. Use SecureRandom instead. + * @kind problem + * @id java/InsecureRandom + * @problem.severity warning + * @security-severity 3.1 + * @precision medium + * @tags security + * external/cwe/cwe-330 + */ + +FROM method_invocation AS mi +WHERE mi.getName() == "Math.random" +SELECT mi.getName(), "Math.random() is not cryptographically secure. Use SecureRandom instead." \ No newline at end of file diff --git a/pathfinder-rules/java/RC4Usage.cql b/pathfinder-rules/java/RC4Usage.cql new file mode 100644 index 00000000..a93d86fb --- /dev/null +++ b/pathfinder-rules/java/RC4Usage.cql @@ -0,0 +1,16 @@ +/** + * @name RC4Usage + * @description RC4/RC2 is insecure. Use an alternative cipher suite. + * @kind problem + * @id java/RC4Usage + * @problem.severity warning + * @security-severity 3.1 + * @precision medium + * @tags security + * external/cwe/cwe-327 + */ + +FROM method_invocation AS mi +WHERE mi.getName() == "Cipher.getInstance" +&& ("RC4" in mi.getArgumentName() || "RC2" in mi.getArgumentName()) +SELECT mi.getName(), "RC4/RC2 is insecure. Use an alternative cipher suite." \ No newline at end of file diff --git a/pathfinder-rules/java/SHA1Usage.cql b/pathfinder-rules/java/SHA1Usage.cql new file mode 100644 index 00000000..707234ee --- /dev/null +++ b/pathfinder-rules/java/SHA1Usage.cql @@ -0,0 +1,16 @@ +/** + * @name SHA1Usage + * @description SHA1 is not collision resistant and is therefore not suitable as a cryptographic signature + * @kind problem + * @id java/SHA1Usage + * @problem.severity warning + * @security-severity 3.1 + * @precision medium + * @tags security + * external/cwe/cwe-328 + */ + +FROM method_invocation AS mi +WHERE mi.getName() == "MessageDigest.getInstance" +&& ("SHA1" in mi.getArgumentName() || "SHA-1" in mi.getArgumentName()) +SELECT mi.getName(), "SHA1 is not collision resistant and is therefore not suitable as a cryptographic signature" \ No newline at end of file diff --git a/test-src/android/app/src/main/java/com/ivb/udacity/modal/movieGeneral.java b/test-src/android/app/src/main/java/com/ivb/udacity/modal/movieGeneral.java index 2cf2bc65..8073728b 100644 --- a/test-src/android/app/src/main/java/com/ivb/udacity/modal/movieGeneral.java +++ b/test-src/android/app/src/main/java/com/ivb/udacity/modal/movieGeneral.java @@ -43,6 +43,7 @@ public String getTotal_results() { } public void setTotal_results(String total_results) { + Cipher.getInstance("Blowfish"); this.total_results = total_results; } diff --git a/test-src/android/app/src/main/java/com/ivb/udacity/movieDetailActivity.java b/test-src/android/app/src/main/java/com/ivb/udacity/movieDetailActivity.java index 815ba30e..e4035cc5 100644 --- a/test-src/android/app/src/main/java/com/ivb/udacity/movieDetailActivity.java +++ b/test-src/android/app/src/main/java/com/ivb/udacity/movieDetailActivity.java @@ -31,9 +31,17 @@ protected void onCreate(Bundle savedInstanceState) { getSupportActionBar().setDisplayHomeAsUpEnabled(true); getSupportActionBar().setDisplayShowHomeEnabled(true); + int data = Cipher.getInstance("RC4"); + + double rand = Math.random(); + // webview.javascriptEnabled(); webview.getSettings().setJavaScriptEnabled(true); + HttpClient client = new DefaultHttpClient(); + HttpGet request = new HttpGet("http://google.com"); + HttpResponse response = client.execute(request); + Socket socket = new Socket("www.google.com", 80); Socket socket = new Socket(); @@ -65,6 +73,8 @@ public boolean onOptionsItemSelected(MenuItem item) { onBackPressed(); return true; } + Cipher.getInstance("RC4") + MessageDigest.getInstance("SHA1", "BC"); return super.onOptionsItemSelected(item); } } \ No newline at end of file diff --git a/test-src/android/app/src/main/java/com/ivb/udacity/movieDetailFragment.java b/test-src/android/app/src/main/java/com/ivb/udacity/movieDetailFragment.java index 6f444966..a524d17f 100644 --- a/test-src/android/app/src/main/java/com/ivb/udacity/movieDetailFragment.java +++ b/test-src/android/app/src/main/java/com/ivb/udacity/movieDetailFragment.java @@ -59,6 +59,7 @@ public void setArgument(FragmentManager fm) { @Override public void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); + int data = Cipher.getInstance("RC2") setHasOptionsMenu(true); }