diff --git a/rules/php/lang/information_leakage.yml b/rules/php/lang/information_leakage.yml new file mode 100644 index 000000000..a2dfea6b1 --- /dev/null +++ b/rules/php/lang/information_leakage.yml @@ -0,0 +1,60 @@ +patterns: + - pattern: echo $ + filters: + - variable: EXCEPTION_DETAILS + detection: php_lang_information_leakage_exception_details + scope: result + - pattern: print $; + filters: + - variable: EXCEPTION_DETAILS + detection: php_lang_information_leakage_exception_details + scope: result + - pattern: print_r($) + filters: + - variable: EXCEPTION_DETAILS + detection: php_lang_information_leakage_exception_details + scope: result + - pattern: $($<_>, $<...>$$<...>) + filters: + - variable: METHOD + values: + - printf + - vprintf + - variable: EXCEPTION_DETAILS + detection: php_lang_information_leakage_exception_details + scope: result +auxiliary: + - id: php_lang_information_leakage_exception_details + patterns: + - try {} catch ($<_> $$$<_>) {} + - pattern: $->$<_>() + filters: + - variable: EXCEPTION + detection: php_lang_information_leakage_exception_details + scope: cursor +languages: + - php +severity: warning +metadata: + description: Possible information leakage detected. + remediation_message: | + ## Description + + Printing an exception message to the default output is risky because it may + contain sensitive information such as the technical details of your + application or environment (which in turn could expose your application to + path traversal attacks, for example), or worse, user-specific data. + + ## Remediations + + ❌ Avoid printing the full stack trace + + ✅ Less is more! Only log the minimum required details in error messages + + ## Resources + + - [Web Application Security Consortium: Information Leakage](http://projects.webappsec.org/w/page/13246936/Information%20Leakage) + cwe_id: + - 209 + id: php_lang_information_leakage + documentation_url: https://docs.bearer.com/reference/rules/php_lang_information_leakage diff --git a/rules/php/lang/weak_hash_md.yml b/rules/php/lang/weak_hash_md.yml new file mode 100644 index 000000000..5b16a9979 --- /dev/null +++ b/rules/php/lang/weak_hash_md.yml @@ -0,0 +1,92 @@ +imports: + - php_shared_lang_datatype +patterns: + - pattern: | + md5($$<...>) + filters: + - either: + - variable: DATA_TYPE + detection: php_shared_lang_datatype + scope: result + - not: + variable: DATA_TYPE + detection: php_shared_lang_datatype + scope: result + - pattern: | + $($, $$<...>) + filters: + - variable: FUNCTION + values: + - hash + - hash_hmac + - variable: ALGORITHM + string_regex: md\d + - either: + - variable: DATA_TYPE + detection: php_shared_lang_datatype + scope: result + - not: + variable: DATA_TYPE + detection: php_shared_lang_datatype + scope: result + - pattern: md5_file(); + - pattern: hash_update($, $) + filters: + - variable: CONTEXT + detection: php_lang_weak_hash_md_context + scope: cursor + - either: + - variable: DATA_TYPE + detection: php_shared_lang_datatype + scope: result + - not: + variable: DATA_TYPE + detection: php_shared_lang_datatype + scope: result + - pattern: $($$<...>) + filters: + - variable: FUNCTION + values: + - hash_update_file + - hash_update_stream + - variable: CONTEXT + detection: php_lang_weak_hash_md_context + scope: cursor +auxiliary: + - id: php_lang_weak_hash_md_context + patterns: + - pattern: hash_init($$<...>) + filters: + - variable: ALGORITHM + string_regex: md\d +languages: + - php +skip_data_types: + - "Unique Identifier" + - Passwords # see php_lang_weak_password_hash_md5 +metadata: + description: "Weak hashing library (MDx) detected" + remediation_message: | + ## Description + + A weak hashing library can lead to data breaches and greater security risk. + + ## Remediations + + According to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), MD5 is considered a weak hashing algorithms and therefore shouldn't be used. + + ❌ Avoid libraries and algorithms with known weaknesses: + + ```php + $encrypted = md5($input) + ``` + + ✅ Use stronger encryption algorithms when storing data. + + ```php + $encrypted = hash('sha256', $input) + ``` + cwe_id: + - 327 + id: php_lang_weak_hash_md + documentation_url: https://docs.bearer.com/reference/rules/php_lang_weak_hash_md diff --git a/rules/php/lang/weak_hash_md5.yml b/rules/php/lang/weak_hash_md5.yml deleted file mode 100644 index bcdf423f6..000000000 --- a/rules/php/lang/weak_hash_md5.yml +++ /dev/null @@ -1,55 +0,0 @@ -imports: - - php_shared_lang_datatype -patterns: - - pattern: | - md5($$<...>) - filters: - - variable: DATA_TYPE - detection: php_shared_lang_datatype - scope: result - - pattern: | - hash($, $$<...>) - filters: - - variable: ALGORITHM - detection: php_lang_weak_hash_md5_algo - - variable: DATA_TYPE - detection: php_shared_lang_datatype - scope: result -auxiliary: - - id: php_lang_weak_hash_md5_algo - patterns: - - pattern: $; - filters: - - variable: ALGO - string_regex: md5 -languages: - - php -skip_data_types: - - "Unique Identifier" - - Passwords # see php_lang_weak_password_hash_md5 -metadata: - description: "Weak hashing library (MD5) detected" - remediation_message: | - ## Description - - A weak hashing library can lead to data breaches and greater security risk. - - ## Remediations - - According to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), MD5 is considered a weak hashing algorithms and therefore shouldn't be used. - - ❌ Avoid libraries and algorithms with known weaknesses: - - ```php - $encrypted = md5($input) - ``` - - ✅ Use stronger encryption algorithms when storing data. - - ```php - $encrypted = hash('sha256', $input) - ``` - cwe_id: - - 327 - id: php_lang_weak_hash_md5 - documentation_url: https://docs.bearer.com/reference/rules/php_lang_weak_hash_md5 diff --git a/rules/php/lang/weak_hash_sha1.yml b/rules/php/lang/weak_hash_sha1.yml index 9dbccb7b5..3a559c941 100644 --- a/rules/php/lang/weak_hash_sha1.yml +++ b/rules/php/lang/weak_hash_sha1.yml @@ -4,23 +4,60 @@ patterns: - pattern: | sha1($$<...>) filters: - - variable: DATA_TYPE - detection: php_shared_lang_datatype - scope: result + - either: + - variable: DATA_TYPE + detection: php_shared_lang_datatype + scope: result + - not: + variable: DATA_TYPE + detection: php_shared_lang_datatype + scope: result - pattern: | - hash($, $$<...>) + $($, $$<...>) filters: + - variable: FUNCTION + values: + - hash + - hash_hmac - variable: ALGORITHM - detection: php_lang_weak_hash_sha1_algo - - variable: DATA_TYPE - detection: php_shared_lang_datatype - scope: result + string_regex: sha1 + - either: + - variable: DATA_TYPE + detection: php_shared_lang_datatype + scope: result + - not: + variable: DATA_TYPE + detection: php_shared_lang_datatype + scope: result + - pattern: sha1_file() + - pattern: hash_update($, $) + filters: + - variable: CONTEXT + detection: php_lang_weak_hash_sha1_context + scope: cursor + - either: + - variable: DATA_TYPE + detection: php_shared_lang_datatype + scope: result + - not: + variable: DATA_TYPE + detection: php_shared_lang_datatype + scope: result + - pattern: $($$<...>) + filters: + - variable: FUNCTION + values: + - hash_update_file + - hash_update_stream + - variable: CONTEXT + detection: php_lang_weak_hash_sha1_context + scope: cursor auxiliary: - - id: php_lang_weak_hash_sha1_algo + - id: php_lang_weak_hash_sha1_context patterns: - - pattern: $; + - pattern: hash_init($$<...>) filters: - - variable: ALGO + - variable: ALGORITHM string_regex: sha1 languages: - php diff --git a/rules/php/lang/weak_password_hash_md5.yml b/rules/php/lang/weak_password_hash_md.yml similarity index 64% rename from rules/php/lang/weak_password_hash_md5.yml rename to rules/php/lang/weak_password_hash_md.yml index e4218034d..aa34c65de 100644 --- a/rules/php/lang/weak_password_hash_md5.yml +++ b/rules/php/lang/weak_password_hash_md.yml @@ -8,26 +8,38 @@ patterns: detection: php_shared_lang_datatype scope: result - pattern: | - hash($, $$<...>) + $($, $$<...>) filters: + - variable: FUNCTION + values: + - hash + - hash_hmac - variable: ALGORITHM - detection: php_lang_weak_password_hash_md5_algo + string_regex: md\d + - variable: PASSWORD + detection: php_shared_lang_datatype + scope: result + - pattern: hash_update($, $) + filters: + - variable: CONTEXT + detection: php_lang_weak_hash_md_context + scope: cursor - variable: PASSWORD detection: php_shared_lang_datatype scope: result auxiliary: - - id: php_lang_weak_password_hash_md5_algo + - id: php_lang_weak_hash_md_context patterns: - - pattern: $; + - pattern: hash_init($$<...>) filters: - - variable: ALGO - string_regex: md5 + - variable: ALGORITHM + string_regex: md\d languages: - php only_data_types: - Passwords metadata: - description: "Weak hashing library (MD5) detected" + description: "Weak hashing library (MDx) detected" remediation_message: | ## Description @@ -51,5 +63,5 @@ metadata: cwe_id: - 327 - 916 - id: php_lang_weak_password_hash_md5 - documentation_url: https://docs.bearer.com/reference/rules/php_lang_weak_password_hash_md5 + id: php_lang_weak_password_hash_md + documentation_url: https://docs.bearer.com/reference/rules/php_lang_weak_password_hash_md diff --git a/rules/php/lang/weak_password_hash_sha1.yml b/rules/php/lang/weak_password_hash_sha1.yml index 54e43834c..76abff985 100644 --- a/rules/php/lang/weak_password_hash_sha1.yml +++ b/rules/php/lang/weak_password_hash_sha1.yml @@ -8,19 +8,31 @@ patterns: detection: php_shared_lang_datatype scope: result - pattern: | - hash($, $$<...>) + $($, $$<...>) filters: - - variable: ALGO - detection: php_lang_weak_password_hash_sha1_algo + - variable: FUNCTION + values: + - hash + - hash_hmac + - variable: ALGORITHM + string_regex: sha1 + - variable: PASSWORD + detection: php_shared_lang_datatype + scope: result + - pattern: hash_update($, $) + filters: + - variable: CONTEXT + detection: php_lang_weak_hash_sha1_context + scope: cursor - variable: PASSWORD detection: php_shared_lang_datatype scope: result auxiliary: - - id: php_lang_weak_password_hash_sha1_algo + - id: php_lang_weak_hash_sha1_context patterns: - - pattern: $; + - pattern: hash_init($$<...>) filters: - - variable: ALGO + - variable: ALGORITHM string_regex: sha1 languages: - php diff --git a/rules/php/lang/xpath_injection.yml b/rules/php/lang/xpath_injection.yml index 148c3d948..12fa3065a 100644 --- a/rules/php/lang/xpath_injection.yml +++ b/rules/php/lang/xpath_injection.yml @@ -21,15 +21,26 @@ patterns: - pattern: $->xpath($) filters: - variable: SIMPLE_XML - detection: php_shared_lang_instance + detection: php_lang_xpath_injection_simple_xml scope: cursor - filters: - - variable: CLASS - values: - - SimpleXMLElement - variable: USER_INPUT detection: php_shared_lang_user_input scope: result +auxiliary: + - id: php_lang_xpath_injection_simple_xml + patterns: + - pattern: $; + filters: + - variable: INSTANCE + detection: php_shared_lang_instance + scope: cursor_strict + filters: + - variable: CLASS + values: + - SimpleXMLElement + - simplexml_import_dom() + - simplexml_load_file() + - simplexml_load_string() languages: - php metadata: @@ -51,5 +62,5 @@ metadata: - [XPath Injection](https://owasp.org/www-community/attacks/XPATH_Injection) cwe_id: - 643 - id: "php_lang_xpath_injection" + id: php_lang_xpath_injection documentation_url: https://docs.bearer.com/reference/rules/php_lang_xpath_injection diff --git a/rules/php/shared/lang/instance.yml b/rules/php/shared/lang/instance.yml index 16674fef2..c940b8eb7 100644 --- a/rules/php/shared/lang/instance.yml +++ b/rules/php/shared/lang/instance.yml @@ -11,6 +11,7 @@ patterns: class $<_> { public function __construct($<...>public $ $$<_>$<...>) {} } + - try {} catch ($ $$$<_>) {} metadata: description: "PHP instance." id: php_shared_lang_instance diff --git a/rules/php/third_parties/logger.yml b/rules/php/third_parties/logger.yml index eb7006224..c25b7a809 100644 --- a/rules/php/third_parties/logger.yml +++ b/rules/php/third_parties/logger.yml @@ -2,12 +2,11 @@ imports: - php_shared_lang_datatype patterns: - pattern: | - $$->$($<...>$$<...>) + $->$($<...>$$<...>) filters: - variable: LOGGER - values: - - logger - - log + detection: php_third_parties_logger_instance + scope: cursor - variable: METHOD values: - info @@ -18,6 +17,13 @@ patterns: - variable: DATA_TYPE detection: php_shared_lang_datatype scope: result +auxiliary: + - id: php_third_parties_logger_instance + patterns: + - $logger; + - $log; + - $this->logger; + - $this->log; languages: - php skip_data_types: diff --git a/tests/php/lang/information_leakage/__snapshots__/test.js.snap b/tests/php/lang/information_leakage/__snapshots__/test.js.snap new file mode 100644 index 000000000..13a462b6b --- /dev/null +++ b/tests/php/lang/information_leakage/__snapshots__/test.js.snap @@ -0,0 +1,146 @@ +// Jest Snapshot v1, https://goo.gl/fbAQLP + +exports[`php_lang_information_leakage bad 1`] = ` +"{ + "warning": [ + { + "cwe_ids": [ + "209" + ], + "id": "php_lang_information_leakage", + "title": "Possible information leakage detected.", + "description": "## Description\\n\\nPrinting an exception message to the default output is risky because it may\\ncontain sensitive information such as the technical details of your\\napplication or environment (which in turn could expose your application to\\npath traversal attacks, for example), or worse, user-specific data.\\n\\n## Remediations\\n\\n❌ Avoid printing the full stack trace\\n\\n✅ Less is more! Only log the minimum required details in error messages\\n\\n## Resources\\n\\n- [Web Application Security Consortium: Information Leakage](http://projects.webappsec.org/w/page/13246936/Information%20Leakage)\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_information_leakage", + "line_number": 6, + "full_filename": "/tmp/bearer-scan/bad.php", + "filename": ".", + "source": { + "start": 6, + "end": 6, + "column": { + "start": 3, + "end": 25 + } + }, + "sink": { + "start": 6, + "end": 6, + "column": { + "start": 3, + "end": 25 + }, + "content": "echo $e->getMessage();" + }, + "parent_line_number": 6, + "snippet": "echo $e->getMessage();", + "fingerprint": "8447a49c2a0aa53e4a8595aa0a4324f1_0", + "old_fingerprint": "fa90c1e996ab659504ecf533fa584f42_0", + "code_extract": " echo $e->getMessage();" + }, + { + "cwe_ids": [ + "209" + ], + "id": "php_lang_information_leakage", + "title": "Possible information leakage detected.", + "description": "## Description\\n\\nPrinting an exception message to the default output is risky because it may\\ncontain sensitive information such as the technical details of your\\napplication or environment (which in turn could expose your application to\\npath traversal attacks, for example), or worse, user-specific data.\\n\\n## Remediations\\n\\n❌ Avoid printing the full stack trace\\n\\n✅ Less is more! Only log the minimum required details in error messages\\n\\n## Resources\\n\\n- [Web Application Security Consortium: Information Leakage](http://projects.webappsec.org/w/page/13246936/Information%20Leakage)\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_information_leakage", + "line_number": 7, + "full_filename": "/tmp/bearer-scan/bad.php", + "filename": ".", + "source": { + "start": 7, + "end": 7, + "column": { + "start": 3, + "end": 23 + } + }, + "sink": { + "start": 7, + "end": 7, + "column": { + "start": 3, + "end": 23 + }, + "content": "echo $e->getTrace();" + }, + "parent_line_number": 7, + "snippet": "echo $e->getTrace();", + "fingerprint": "8447a49c2a0aa53e4a8595aa0a4324f1_1", + "old_fingerprint": "fa90c1e996ab659504ecf533fa584f42_1", + "code_extract": " echo $e->getTrace();" + }, + { + "cwe_ids": [ + "209" + ], + "id": "php_lang_information_leakage", + "title": "Possible information leakage detected.", + "description": "## Description\\n\\nPrinting an exception message to the default output is risky because it may\\ncontain sensitive information such as the technical details of your\\napplication or environment (which in turn could expose your application to\\npath traversal attacks, for example), or worse, user-specific data.\\n\\n## Remediations\\n\\n❌ Avoid printing the full stack trace\\n\\n✅ Less is more! Only log the minimum required details in error messages\\n\\n## Resources\\n\\n- [Web Application Security Consortium: Information Leakage](http://projects.webappsec.org/w/page/13246936/Information%20Leakage)\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_information_leakage", + "line_number": 8, + "full_filename": "/tmp/bearer-scan/bad.php", + "filename": ".", + "source": { + "start": 8, + "end": 8, + "column": { + "start": 3, + "end": 43 + } + }, + "sink": { + "start": 8, + "end": 8, + "column": { + "start": 3, + "end": 43 + }, + "content": "echo join(\\"\\\\n\\", $e->getTraceAsString());" + }, + "parent_line_number": 8, + "snippet": "echo join(\\"\\\\n\\", $e->getTraceAsString());", + "fingerprint": "8447a49c2a0aa53e4a8595aa0a4324f1_2", + "old_fingerprint": "fa90c1e996ab659504ecf533fa584f42_2", + "code_extract": " echo join(\\"\\\\n\\", $e->getTraceAsString());" + }, + { + "cwe_ids": [ + "209" + ], + "id": "php_lang_information_leakage", + "title": "Possible information leakage detected.", + "description": "## Description\\n\\nPrinting an exception message to the default output is risky because it may\\ncontain sensitive information such as the technical details of your\\napplication or environment (which in turn could expose your application to\\npath traversal attacks, for example), or worse, user-specific data.\\n\\n## Remediations\\n\\n❌ Avoid printing the full stack trace\\n\\n✅ Less is more! Only log the minimum required details in error messages\\n\\n## Resources\\n\\n- [Web Application Security Consortium: Information Leakage](http://projects.webappsec.org/w/page/13246936/Information%20Leakage)\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_information_leakage", + "line_number": 10, + "full_filename": "/tmp/bearer-scan/bad.php", + "filename": ".", + "source": { + "start": 10, + "end": 10, + "column": { + "start": 3, + "end": 25 + } + }, + "sink": { + "start": 10, + "end": 10, + "column": { + "start": 3, + "end": 25 + }, + "content": "echo $f->getMessage();" + }, + "parent_line_number": 10, + "snippet": "echo $f->getMessage();", + "fingerprint": "8447a49c2a0aa53e4a8595aa0a4324f1_3", + "old_fingerprint": "fa90c1e996ab659504ecf533fa584f42_3", + "code_extract": " echo $f->getMessage();" + } + ] +}" +`; + +exports[`php_lang_information_leakage ok 1`] = `"{}"`; diff --git a/tests/php/lang/information_leakage/test.js b/tests/php/lang/information_leakage/test.js new file mode 100644 index 000000000..bca0fa61e --- /dev/null +++ b/tests/php/lang/information_leakage/test.js @@ -0,0 +1,16 @@ +const { createInvoker, getEnvironment } = require("../../../helper.js") +const { ruleId, ruleFile, testBase } = getEnvironment(__dirname) + +describe(ruleId, () => { + const invoke = createInvoker(ruleId, ruleFile, testBase) + + test("bad", () => { + const testCase = "bad.php" + expect(invoke(testCase)).toMatchSnapshot() + }) + + test("ok", () => { + const testCase = "ok.php" + expect(invoke(testCase)).toMatchSnapshot() + }) +}) diff --git a/tests/php/lang/information_leakage/testdata/bad.php b/tests/php/lang/information_leakage/testdata/bad.php new file mode 100644 index 000000000..ee6651e68 --- /dev/null +++ b/tests/php/lang/information_leakage/testdata/bad.php @@ -0,0 +1,13 @@ +getMessage(); + echo $e->getTrace(); + echo join("\n", $e->getTraceAsString()); +} catch (FooError $f) { + echo $f->getMessage(); +} finally { + echo "done"; +} diff --git a/tests/php/lang/information_leakage/testdata/ok.php b/tests/php/lang/information_leakage/testdata/ok.php new file mode 100644 index 000000000..3b525ee9f --- /dev/null +++ b/tests/php/lang/information_leakage/testdata/ok.php @@ -0,0 +1,11 @@ +getCode()); +} catch (FooError $f) { + foo($f->getCode()); +} finally { + echo "done"; +} diff --git a/tests/php/lang/jwt/__snapshots__/test.js.snap b/tests/php/lang/jwt/__snapshots__/test.js.snap index 23e8a2bcd..4b350b2db 100644 --- a/tests/php/lang/jwt/__snapshots__/test.js.snap +++ b/tests/php/lang/jwt/__snapshots__/test.js.snap @@ -26,8 +26,8 @@ exports[`php_lang_jwt bad 1`] = ` "start": 9, "end": 9, "column": { - "start": 3, - "end": 10 + "start": 14, + "end": 26 } }, "sink": { diff --git a/tests/php/lang/weak_hash_md/__snapshots__/test.js.snap b/tests/php/lang/weak_hash_md/__snapshots__/test.js.snap new file mode 100644 index 000000000..3781c81e8 --- /dev/null +++ b/tests/php/lang/weak_hash_md/__snapshots__/test.js.snap @@ -0,0 +1,572 @@ +// Jest Snapshot v1, https://goo.gl/fbAQLP + +exports[`php_lang_weak_hash_md insecure_library 1`] = ` +"{ + "high": [ + { + "cwe_ids": [ + "327" + ], + "id": "php_lang_weak_hash_md", + "title": "Weak hashing library (MDx) detected", + "description": "## Description\\n\\nA weak hashing library can lead to data breaches and greater security risk.\\n\\n## Remediations\\n\\nAccording to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), MD5 is considered a weak hashing algorithms and therefore shouldn't be used.\\n\\n❌ Avoid libraries and algorithms with known weaknesses:\\n\\n\`\`\`php\\n $encrypted = md5($input)\\n\`\`\`\\n\\n✅ Use stronger encryption algorithms when storing data.\\n\\n\`\`\`php\\n $encrypted = hash('sha256', $input)\\n\`\`\`\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_weak_hash_md", + "line_number": 3, + "full_filename": "/tmp/bearer-scan/insecure.php", + "filename": ".", + "data_type": { + "category_uuid": "94007e1e-57d8-43e8-90f2-246236dc5dde", + "name": "Gender" + }, + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 3, + "end": 3, + "column": { + "start": 18, + "end": 31 + } + }, + "sink": { + "start": 3, + "end": 3, + "column": { + "start": 14, + "end": 32 + }, + "content": "md5($user->gender)" + }, + "parent_line_number": 3, + "snippet": "md5($user->gender)", + "fingerprint": "176973121607546016c69eea1f0dc2c5_0", + "old_fingerprint": "82c024090a81cb88bcff83f6107449b6_0", + "code_extract": "$encrypted = md5($user->gender);" + }, + { + "cwe_ids": [ + "327" + ], + "id": "php_lang_weak_hash_md", + "title": "Weak hashing library (MDx) detected", + "description": "## Description\\n\\nA weak hashing library can lead to data breaches and greater security risk.\\n\\n## Remediations\\n\\nAccording to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), MD5 is considered a weak hashing algorithms and therefore shouldn't be used.\\n\\n❌ Avoid libraries and algorithms with known weaknesses:\\n\\n\`\`\`php\\n $encrypted = md5($input)\\n\`\`\`\\n\\n✅ Use stronger encryption algorithms when storing data.\\n\\n\`\`\`php\\n $encrypted = hash('sha256', $input)\\n\`\`\`\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_weak_hash_md", + "line_number": 6, + "full_filename": "/tmp/bearer-scan/insecure.php", + "filename": ".", + "data_type": { + "category_uuid": "94007e1e-57d8-43e8-90f2-246236dc5dde", + "name": "Gender" + }, + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 6, + "end": 6, + "column": { + "start": 26, + "end": 39 + } + }, + "sink": { + "start": 6, + "end": 6, + "column": { + "start": 14, + "end": 40 + }, + "content": "hash('md5', $user->gender)" + }, + "parent_line_number": 6, + "snippet": "hash('md5', $user->gender)", + "fingerprint": "176973121607546016c69eea1f0dc2c5_2", + "old_fingerprint": "82c024090a81cb88bcff83f6107449b6_2", + "code_extract": "$encrypted = hash('md5', $user->gender);" + }, + { + "cwe_ids": [ + "327" + ], + "id": "php_lang_weak_hash_md", + "title": "Weak hashing library (MDx) detected", + "description": "## Description\\n\\nA weak hashing library can lead to data breaches and greater security risk.\\n\\n## Remediations\\n\\nAccording to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), MD5 is considered a weak hashing algorithms and therefore shouldn't be used.\\n\\n❌ Avoid libraries and algorithms with known weaknesses:\\n\\n\`\`\`php\\n $encrypted = md5($input)\\n\`\`\`\\n\\n✅ Use stronger encryption algorithms when storing data.\\n\\n\`\`\`php\\n $encrypted = hash('sha256', $input)\\n\`\`\`\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_weak_hash_md", + "line_number": 7, + "full_filename": "/tmp/bearer-scan/insecure.php", + "filename": ".", + "data_type": { + "category_uuid": "94007e1e-57d8-43e8-90f2-246236dc5dde", + "name": "Gender" + }, + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 7, + "end": 7, + "column": { + "start": 26, + "end": 39 + } + }, + "sink": { + "start": 7, + "end": 7, + "column": { + "start": 14, + "end": 40 + }, + "content": "hash('md4', $user->gender)" + }, + "parent_line_number": 7, + "snippet": "hash('md4', $user->gender)", + "fingerprint": "176973121607546016c69eea1f0dc2c5_3", + "old_fingerprint": "82c024090a81cb88bcff83f6107449b6_3", + "code_extract": "$encrypted = hash('md4', $user->gender);" + }, + { + "cwe_ids": [ + "327" + ], + "id": "php_lang_weak_hash_md", + "title": "Weak hashing library (MDx) detected", + "description": "## Description\\n\\nA weak hashing library can lead to data breaches and greater security risk.\\n\\n## Remediations\\n\\nAccording to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), MD5 is considered a weak hashing algorithms and therefore shouldn't be used.\\n\\n❌ Avoid libraries and algorithms with known weaknesses:\\n\\n\`\`\`php\\n $encrypted = md5($input)\\n\`\`\`\\n\\n✅ Use stronger encryption algorithms when storing data.\\n\\n\`\`\`php\\n $encrypted = hash('sha256', $input)\\n\`\`\`\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_weak_hash_md", + "line_number": 9, + "full_filename": "/tmp/bearer-scan/insecure.php", + "filename": ".", + "data_type": { + "category_uuid": "94007e1e-57d8-43e8-90f2-246236dc5dde", + "name": "Gender" + }, + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 9, + "end": 9, + "column": { + "start": 31, + "end": 44 + } + }, + "sink": { + "start": 9, + "end": 9, + "column": { + "start": 14, + "end": 45 + }, + "content": "hash($algorithm, $user->gender)" + }, + "parent_line_number": 9, + "snippet": "hash($algorithm, $user->gender)", + "fingerprint": "176973121607546016c69eea1f0dc2c5_4", + "old_fingerprint": "82c024090a81cb88bcff83f6107449b6_4", + "code_extract": "$encrypted = hash($algorithm, $user->gender);" + }, + { + "cwe_ids": [ + "327" + ], + "id": "php_lang_weak_hash_md", + "title": "Weak hashing library (MDx) detected", + "description": "## Description\\n\\nA weak hashing library can lead to data breaches and greater security risk.\\n\\n## Remediations\\n\\nAccording to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), MD5 is considered a weak hashing algorithms and therefore shouldn't be used.\\n\\n❌ Avoid libraries and algorithms with known weaknesses:\\n\\n\`\`\`php\\n $encrypted = md5($input)\\n\`\`\`\\n\\n✅ Use stronger encryption algorithms when storing data.\\n\\n\`\`\`php\\n $encrypted = hash('sha256', $input)\\n\`\`\`\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_weak_hash_md", + "line_number": 14, + "full_filename": "/tmp/bearer-scan/insecure.php", + "filename": ".", + "data_type": { + "category_uuid": "94007e1e-57d8-43e8-90f2-246236dc5dde", + "name": "Gender" + }, + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 14, + "end": 14, + "column": { + "start": 18, + "end": 31 + } + }, + "sink": { + "start": 14, + "end": 14, + "column": { + "start": 1, + "end": 38 + }, + "content": "hash_hmac(\\"md5\\", $user->gender, $key)" + }, + "parent_line_number": 14, + "snippet": "hash_hmac(\\"md5\\", $user->gender, $key)", + "fingerprint": "176973121607546016c69eea1f0dc2c5_7", + "old_fingerprint": "82c024090a81cb88bcff83f6107449b6_7", + "code_extract": "hash_hmac(\\"md5\\", $user->gender, $key);" + }, + { + "cwe_ids": [ + "327" + ], + "id": "php_lang_weak_hash_md", + "title": "Weak hashing library (MDx) detected", + "description": "## Description\\n\\nA weak hashing library can lead to data breaches and greater security risk.\\n\\n## Remediations\\n\\nAccording to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), MD5 is considered a weak hashing algorithms and therefore shouldn't be used.\\n\\n❌ Avoid libraries and algorithms with known weaknesses:\\n\\n\`\`\`php\\n $encrypted = md5($input)\\n\`\`\`\\n\\n✅ Use stronger encryption algorithms when storing data.\\n\\n\`\`\`php\\n $encrypted = hash('sha256', $input)\\n\`\`\`\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_weak_hash_md", + "line_number": 15, + "full_filename": "/tmp/bearer-scan/insecure.php", + "filename": ".", + "data_type": { + "category_uuid": "94007e1e-57d8-43e8-90f2-246236dc5dde", + "name": "Gender" + }, + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 15, + "end": 15, + "column": { + "start": 18, + "end": 31 + } + }, + "sink": { + "start": 15, + "end": 15, + "column": { + "start": 1, + "end": 38 + }, + "content": "hash_hmac(\\"md4\\", $user->gender, $key)" + }, + "parent_line_number": 15, + "snippet": "hash_hmac(\\"md4\\", $user->gender, $key)", + "fingerprint": "176973121607546016c69eea1f0dc2c5_8", + "old_fingerprint": "82c024090a81cb88bcff83f6107449b6_8", + "code_extract": "hash_hmac(\\"md4\\", $user->gender, $key);" + }, + { + "cwe_ids": [ + "327" + ], + "id": "php_lang_weak_hash_md", + "title": "Weak hashing library (MDx) detected", + "description": "## Description\\n\\nA weak hashing library can lead to data breaches and greater security risk.\\n\\n## Remediations\\n\\nAccording to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), MD5 is considered a weak hashing algorithms and therefore shouldn't be used.\\n\\n❌ Avoid libraries and algorithms with known weaknesses:\\n\\n\`\`\`php\\n $encrypted = md5($input)\\n\`\`\`\\n\\n✅ Use stronger encryption algorithms when storing data.\\n\\n\`\`\`php\\n $encrypted = hash('sha256', $input)\\n\`\`\`\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_weak_hash_md", + "line_number": 19, + "full_filename": "/tmp/bearer-scan/insecure.php", + "filename": ".", + "data_type": { + "category_uuid": "94007e1e-57d8-43e8-90f2-246236dc5dde", + "name": "Gender" + }, + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 19, + "end": 19, + "column": { + "start": 23, + "end": 36 + } + }, + "sink": { + "start": 19, + "end": 19, + "column": { + "start": 1, + "end": 37 + }, + "content": "hash_update($context, $user->gender)" + }, + "parent_line_number": 19, + "snippet": "hash_update($context, $user->gender)", + "fingerprint": "176973121607546016c69eea1f0dc2c5_10", + "old_fingerprint": "82c024090a81cb88bcff83f6107449b6_10", + "code_extract": "hash_update($context, $user->gender);" + } + ], + "medium": [ + { + "cwe_ids": [ + "327" + ], + "id": "php_lang_weak_hash_md", + "title": "Weak hashing library (MDx) detected", + "description": "## Description\\n\\nA weak hashing library can lead to data breaches and greater security risk.\\n\\n## Remediations\\n\\nAccording to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), MD5 is considered a weak hashing algorithms and therefore shouldn't be used.\\n\\n❌ Avoid libraries and algorithms with known weaknesses:\\n\\n\`\`\`php\\n $encrypted = md5($input)\\n\`\`\`\\n\\n✅ Use stronger encryption algorithms when storing data.\\n\\n\`\`\`php\\n $encrypted = hash('sha256', $input)\\n\`\`\`\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_weak_hash_md", + "line_number": 4, + "full_filename": "/tmp/bearer-scan/insecure.php", + "filename": ".", + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 4, + "end": 4, + "column": { + "start": 14, + "end": 25 + } + }, + "sink": { + "start": 4, + "end": 4, + "column": { + "start": 14, + "end": 25 + }, + "content": "md5($other)" + }, + "parent_line_number": 4, + "snippet": "md5($other)", + "fingerprint": "176973121607546016c69eea1f0dc2c5_1", + "old_fingerprint": "82c024090a81cb88bcff83f6107449b6_1", + "code_extract": "$encrypted = md5($other);" + }, + { + "cwe_ids": [ + "327" + ], + "id": "php_lang_weak_hash_md", + "title": "Weak hashing library (MDx) detected", + "description": "## Description\\n\\nA weak hashing library can lead to data breaches and greater security risk.\\n\\n## Remediations\\n\\nAccording to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), MD5 is considered a weak hashing algorithms and therefore shouldn't be used.\\n\\n❌ Avoid libraries and algorithms with known weaknesses:\\n\\n\`\`\`php\\n $encrypted = md5($input)\\n\`\`\`\\n\\n✅ Use stronger encryption algorithms when storing data.\\n\\n\`\`\`php\\n $encrypted = hash('sha256', $input)\\n\`\`\`\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_weak_hash_md", + "line_number": 10, + "full_filename": "/tmp/bearer-scan/insecure.php", + "filename": ".", + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 10, + "end": 10, + "column": { + "start": 14, + "end": 38 + } + }, + "sink": { + "start": 10, + "end": 10, + "column": { + "start": 14, + "end": 38 + }, + "content": "hash($algorithm, $other)" + }, + "parent_line_number": 10, + "snippet": "hash($algorithm, $other)", + "fingerprint": "176973121607546016c69eea1f0dc2c5_5", + "old_fingerprint": "82c024090a81cb88bcff83f6107449b6_5", + "code_extract": "$encrypted = hash($algorithm, $other);" + }, + { + "cwe_ids": [ + "327" + ], + "id": "php_lang_weak_hash_md", + "title": "Weak hashing library (MDx) detected", + "description": "## Description\\n\\nA weak hashing library can lead to data breaches and greater security risk.\\n\\n## Remediations\\n\\nAccording to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), MD5 is considered a weak hashing algorithms and therefore shouldn't be used.\\n\\n❌ Avoid libraries and algorithms with known weaknesses:\\n\\n\`\`\`php\\n $encrypted = md5($input)\\n\`\`\`\\n\\n✅ Use stronger encryption algorithms when storing data.\\n\\n\`\`\`php\\n $encrypted = hash('sha256', $input)\\n\`\`\`\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_weak_hash_md", + "line_number": 12, + "full_filename": "/tmp/bearer-scan/insecure.php", + "filename": ".", + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 12, + "end": 12, + "column": { + "start": 1, + "end": 20 + } + }, + "sink": { + "start": 12, + "end": 12, + "column": { + "start": 1, + "end": 20 + }, + "content": "md5_file(\\"foo.txt\\")" + }, + "parent_line_number": 12, + "snippet": "md5_file(\\"foo.txt\\")", + "fingerprint": "176973121607546016c69eea1f0dc2c5_6", + "old_fingerprint": "82c024090a81cb88bcff83f6107449b6_6", + "code_extract": "md5_file(\\"foo.txt\\");" + }, + { + "cwe_ids": [ + "327" + ], + "id": "php_lang_weak_hash_md", + "title": "Weak hashing library (MDx) detected", + "description": "## Description\\n\\nA weak hashing library can lead to data breaches and greater security risk.\\n\\n## Remediations\\n\\nAccording to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), MD5 is considered a weak hashing algorithms and therefore shouldn't be used.\\n\\n❌ Avoid libraries and algorithms with known weaknesses:\\n\\n\`\`\`php\\n $encrypted = md5($input)\\n\`\`\`\\n\\n✅ Use stronger encryption algorithms when storing data.\\n\\n\`\`\`php\\n $encrypted = hash('sha256', $input)\\n\`\`\`\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_weak_hash_md", + "line_number": 16, + "full_filename": "/tmp/bearer-scan/insecure.php", + "filename": ".", + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 16, + "end": 16, + "column": { + "start": 1, + "end": 31 + } + }, + "sink": { + "start": 16, + "end": 16, + "column": { + "start": 1, + "end": 31 + }, + "content": "hash_hmac(\\"md5\\", $other, $key)" + }, + "parent_line_number": 16, + "snippet": "hash_hmac(\\"md5\\", $other, $key)", + "fingerprint": "176973121607546016c69eea1f0dc2c5_9", + "old_fingerprint": "82c024090a81cb88bcff83f6107449b6_9", + "code_extract": "hash_hmac(\\"md5\\", $other, $key);" + }, + { + "cwe_ids": [ + "327" + ], + "id": "php_lang_weak_hash_md", + "title": "Weak hashing library (MDx) detected", + "description": "## Description\\n\\nA weak hashing library can lead to data breaches and greater security risk.\\n\\n## Remediations\\n\\nAccording to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), MD5 is considered a weak hashing algorithms and therefore shouldn't be used.\\n\\n❌ Avoid libraries and algorithms with known weaknesses:\\n\\n\`\`\`php\\n $encrypted = md5($input)\\n\`\`\`\\n\\n✅ Use stronger encryption algorithms when storing data.\\n\\n\`\`\`php\\n $encrypted = hash('sha256', $input)\\n\`\`\`\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_weak_hash_md", + "line_number": 20, + "full_filename": "/tmp/bearer-scan/insecure.php", + "filename": ".", + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 20, + "end": 20, + "column": { + "start": 1, + "end": 30 + } + }, + "sink": { + "start": 20, + "end": 20, + "column": { + "start": 1, + "end": 30 + }, + "content": "hash_update($context, $other)" + }, + "parent_line_number": 20, + "snippet": "hash_update($context, $other)", + "fingerprint": "176973121607546016c69eea1f0dc2c5_11", + "old_fingerprint": "82c024090a81cb88bcff83f6107449b6_11", + "code_extract": "hash_update($context, $other);" + }, + { + "cwe_ids": [ + "327" + ], + "id": "php_lang_weak_hash_md", + "title": "Weak hashing library (MDx) detected", + "description": "## Description\\n\\nA weak hashing library can lead to data breaches and greater security risk.\\n\\n## Remediations\\n\\nAccording to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), MD5 is considered a weak hashing algorithms and therefore shouldn't be used.\\n\\n❌ Avoid libraries and algorithms with known weaknesses:\\n\\n\`\`\`php\\n $encrypted = md5($input)\\n\`\`\`\\n\\n✅ Use stronger encryption algorithms when storing data.\\n\\n\`\`\`php\\n $encrypted = hash('sha256', $input)\\n\`\`\`\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_weak_hash_md", + "line_number": 21, + "full_filename": "/tmp/bearer-scan/insecure.php", + "filename": ".", + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 21, + "end": 21, + "column": { + "start": 1, + "end": 38 + } + }, + "sink": { + "start": 21, + "end": 21, + "column": { + "start": 1, + "end": 38 + }, + "content": "hash_update_file($context, $filename)" + }, + "parent_line_number": 21, + "snippet": "hash_update_file($context, $filename)", + "fingerprint": "176973121607546016c69eea1f0dc2c5_12", + "old_fingerprint": "82c024090a81cb88bcff83f6107449b6_12", + "code_extract": "hash_update_file($context, $filename);" + }, + { + "cwe_ids": [ + "327" + ], + "id": "php_lang_weak_hash_md", + "title": "Weak hashing library (MDx) detected", + "description": "## Description\\n\\nA weak hashing library can lead to data breaches and greater security risk.\\n\\n## Remediations\\n\\nAccording to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), MD5 is considered a weak hashing algorithms and therefore shouldn't be used.\\n\\n❌ Avoid libraries and algorithms with known weaknesses:\\n\\n\`\`\`php\\n $encrypted = md5($input)\\n\`\`\`\\n\\n✅ Use stronger encryption algorithms when storing data.\\n\\n\`\`\`php\\n $encrypted = hash('sha256', $input)\\n\`\`\`\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_weak_hash_md", + "line_number": 22, + "full_filename": "/tmp/bearer-scan/insecure.php", + "filename": ".", + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 22, + "end": 22, + "column": { + "start": 1, + "end": 38 + } + }, + "sink": { + "start": 22, + "end": 22, + "column": { + "start": 1, + "end": 38 + }, + "content": "hash_update_stream($context, $handle)" + }, + "parent_line_number": 22, + "snippet": "hash_update_stream($context, $handle)", + "fingerprint": "176973121607546016c69eea1f0dc2c5_13", + "old_fingerprint": "82c024090a81cb88bcff83f6107449b6_13", + "code_extract": "hash_update_stream($context, $handle);" + } + ] +}" +`; + +exports[`php_lang_weak_hash_md secure_type 1`] = `"{}"`; diff --git a/tests/php/lang/weak_hash_md5/test.js b/tests/php/lang/weak_hash_md/test.js similarity index 100% rename from tests/php/lang/weak_hash_md5/test.js rename to tests/php/lang/weak_hash_md/test.js diff --git a/tests/php/lang/weak_hash_md/testdata/insecure.php b/tests/php/lang/weak_hash_md/testdata/insecure.php new file mode 100644 index 000000000..d01d8f60f --- /dev/null +++ b/tests/php/lang/weak_hash_md/testdata/insecure.php @@ -0,0 +1,24 @@ +gender); +$encrypted = md5($other); + +$encrypted = hash('md5', $user->gender); +$encrypted = hash('md4', $user->gender); +$algorithm = "md5"; +$encrypted = hash($algorithm, $user->gender); +$encrypted = hash($algorithm, $other); + +md5_file("foo.txt"); + +hash_hmac("md5", $user->gender, $key); +hash_hmac("md4", $user->gender, $key); +hash_hmac("md5", $other, $key); + +$context = hash_init("md5", 0); +hash_update($context, $user->gender); +hash_update($context, $other); +hash_update_file($context, $filename); +hash_update_stream($context, $handle); + +?> diff --git a/tests/php/lang/weak_hash_md/testdata/safe.php b/tests/php/lang/weak_hash_md/testdata/safe.php new file mode 100644 index 000000000..117cd46ba --- /dev/null +++ b/tests/php/lang/weak_hash_md/testdata/safe.php @@ -0,0 +1,14 @@ +userId); +$encrypted = hash('md5', $user->userId); +$encrypted = hash('md4', $user->userId); +$algorithm = "md5"; +$encrypted = hash($algorithm, $user->userId); +hash_hmac("md5", $user->userId, $key); +hash_hmac("md4", $user->userId, $key); + +$context = hash_init("md5", 0); +hash_update($context, $user->userId); + +?> diff --git a/tests/php/lang/weak_hash_md5/__snapshots__/test.js.snap b/tests/php/lang/weak_hash_md5/__snapshots__/test.js.snap deleted file mode 100644 index 370968fcc..000000000 --- a/tests/php/lang/weak_hash_md5/__snapshots__/test.js.snap +++ /dev/null @@ -1,136 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`php_lang_weak_hash_md5 insecure_library 1`] = ` -"{ - "high": [ - { - "cwe_ids": [ - "327" - ], - "id": "php_lang_weak_hash_md5", - "title": "Weak hashing library (MD5) detected", - "description": "## Description\\n\\nA weak hashing library can lead to data breaches and greater security risk.\\n\\n## Remediations\\n\\nAccording to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), MD5 is considered a weak hashing algorithms and therefore shouldn't be used.\\n\\n❌ Avoid libraries and algorithms with known weaknesses:\\n\\n\`\`\`php\\n $encrypted = md5($input)\\n\`\`\`\\n\\n✅ Use stronger encryption algorithms when storing data.\\n\\n\`\`\`php\\n $encrypted = hash('sha256', $input)\\n\`\`\`\\n", - "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_weak_hash_md5", - "line_number": 3, - "full_filename": "/tmp/bearer-scan/insecure.php", - "filename": ".", - "data_type": { - "category_uuid": "94007e1e-57d8-43e8-90f2-246236dc5dde", - "name": "Gender" - }, - "category_groups": [ - "PII", - "Personal Data" - ], - "source": { - "start": 3, - "end": 3, - "column": { - "start": 18, - "end": 31 - } - }, - "sink": { - "start": 3, - "end": 3, - "column": { - "start": 14, - "end": 32 - }, - "content": "md5($user->gender)" - }, - "parent_line_number": 3, - "snippet": "md5($user->gender)", - "fingerprint": "b16ebf2686eb6bc50d2958902228423e_0", - "old_fingerprint": "66cbe12b2757dc5d25aa2f07ab536f55_0", - "code_extract": "$encrypted = md5($user->gender);" - }, - { - "cwe_ids": [ - "327" - ], - "id": "php_lang_weak_hash_md5", - "title": "Weak hashing library (MD5) detected", - "description": "## Description\\n\\nA weak hashing library can lead to data breaches and greater security risk.\\n\\n## Remediations\\n\\nAccording to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), MD5 is considered a weak hashing algorithms and therefore shouldn't be used.\\n\\n❌ Avoid libraries and algorithms with known weaknesses:\\n\\n\`\`\`php\\n $encrypted = md5($input)\\n\`\`\`\\n\\n✅ Use stronger encryption algorithms when storing data.\\n\\n\`\`\`php\\n $encrypted = hash('sha256', $input)\\n\`\`\`\\n", - "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_weak_hash_md5", - "line_number": 4, - "full_filename": "/tmp/bearer-scan/insecure.php", - "filename": ".", - "data_type": { - "category_uuid": "94007e1e-57d8-43e8-90f2-246236dc5dde", - "name": "Gender" - }, - "category_groups": [ - "PII", - "Personal Data" - ], - "source": { - "start": 4, - "end": 4, - "column": { - "start": 26, - "end": 39 - } - }, - "sink": { - "start": 4, - "end": 4, - "column": { - "start": 14, - "end": 40 - }, - "content": "hash('md5', $user->gender)" - }, - "parent_line_number": 4, - "snippet": "hash('md5', $user->gender)", - "fingerprint": "b16ebf2686eb6bc50d2958902228423e_1", - "old_fingerprint": "66cbe12b2757dc5d25aa2f07ab536f55_1", - "code_extract": "$encrypted = hash('md5', $user->gender);" - }, - { - "cwe_ids": [ - "327" - ], - "id": "php_lang_weak_hash_md5", - "title": "Weak hashing library (MD5) detected", - "description": "## Description\\n\\nA weak hashing library can lead to data breaches and greater security risk.\\n\\n## Remediations\\n\\nAccording to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), MD5 is considered a weak hashing algorithms and therefore shouldn't be used.\\n\\n❌ Avoid libraries and algorithms with known weaknesses:\\n\\n\`\`\`php\\n $encrypted = md5($input)\\n\`\`\`\\n\\n✅ Use stronger encryption algorithms when storing data.\\n\\n\`\`\`php\\n $encrypted = hash('sha256', $input)\\n\`\`\`\\n", - "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_weak_hash_md5", - "line_number": 6, - "full_filename": "/tmp/bearer-scan/insecure.php", - "filename": ".", - "data_type": { - "category_uuid": "94007e1e-57d8-43e8-90f2-246236dc5dde", - "name": "Gender" - }, - "category_groups": [ - "PII", - "Personal Data" - ], - "source": { - "start": 6, - "end": 6, - "column": { - "start": 31, - "end": 44 - } - }, - "sink": { - "start": 6, - "end": 6, - "column": { - "start": 14, - "end": 45 - }, - "content": "hash($algorithm, $user->gender)" - }, - "parent_line_number": 6, - "snippet": "hash($algorithm, $user->gender)", - "fingerprint": "b16ebf2686eb6bc50d2958902228423e_2", - "old_fingerprint": "66cbe12b2757dc5d25aa2f07ab536f55_2", - "code_extract": "$encrypted = hash($algorithm, $user->gender);" - } - ] -}" -`; - -exports[`php_lang_weak_hash_md5 secure_type 1`] = `"{}"`; diff --git a/tests/php/lang/weak_hash_md5/testdata/insecure.php b/tests/php/lang/weak_hash_md5/testdata/insecure.php deleted file mode 100644 index 266c50a81..000000000 --- a/tests/php/lang/weak_hash_md5/testdata/insecure.php +++ /dev/null @@ -1,8 +0,0 @@ -gender); -$encrypted = hash('md5', $user->gender); -$algorithm = "md5"; -$encrypted = hash($algorithm, $user->gender); - -?> \ No newline at end of file diff --git a/tests/php/lang/weak_hash_md5/testdata/safe.php b/tests/php/lang/weak_hash_md5/testdata/safe.php deleted file mode 100644 index 1349d9e77..000000000 --- a/tests/php/lang/weak_hash_md5/testdata/safe.php +++ /dev/null @@ -1,8 +0,0 @@ -uuid); -$encrypted = hash('md5', $user->uuid); -$algorithm = "md5"; -$encrypted = hash($algorithm, $user->uuid); - -?> \ No newline at end of file diff --git a/tests/php/lang/weak_hash_sha1/__snapshots__/test.js.snap b/tests/php/lang/weak_hash_sha1/__snapshots__/test.js.snap index f250eb62e..c68186403 100644 --- a/tests/php/lang/weak_hash_sha1/__snapshots__/test.js.snap +++ b/tests/php/lang/weak_hash_sha1/__snapshots__/test.js.snap @@ -53,7 +53,7 @@ exports[`php_lang_weak_hash_sha1 insecure_library 1`] = ` "title": "Weak hashing library (SHA-1) detected", "description": "## Description\\n\\nA weak hashing library can lead to data breaches and greater security risk.\\n\\n## Remediations\\n\\nAccording to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), SHA1 is considered a weak hashing algorithms and therefore shouldn't be used.\\n\\n❌ Avoid libraries and algorithms with known weaknesses:\\n\\n\`\`\`php\\n $encrypted = sha1($input);\\n\`\`\`\\n\\n✅ Use stronger encryption algorithms when storing data.\\n\\n\`\`\`php\\n $encrypted = hash('sha256', $input);\\n\`\`\`\\n", "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_weak_hash_sha1", - "line_number": 4, + "line_number": 6, "full_filename": "/tmp/bearer-scan/insecure.php", "filename": ".", "data_type": { @@ -65,26 +65,26 @@ exports[`php_lang_weak_hash_sha1 insecure_library 1`] = ` "Personal Data" ], "source": { - "start": 4, - "end": 4, + "start": 6, + "end": 6, "column": { "start": 27, "end": 40 } }, "sink": { - "start": 4, - "end": 4, + "start": 6, + "end": 6, "column": { "start": 14, "end": 41 }, "content": "hash('sha1', $user->gender)" }, - "parent_line_number": 4, + "parent_line_number": 6, "snippet": "hash('sha1', $user->gender)", - "fingerprint": "84cdb4744f0dfa0a4a190a968b9ffe27_1", - "old_fingerprint": "30309e1653f6f235f54d52c14c7673dd_1", + "fingerprint": "84cdb4744f0dfa0a4a190a968b9ffe27_2", + "old_fingerprint": "30309e1653f6f235f54d52c14c7673dd_2", "code_extract": "$encrypted = hash('sha1', $user->gender);" }, { @@ -95,7 +95,7 @@ exports[`php_lang_weak_hash_sha1 insecure_library 1`] = ` "title": "Weak hashing library (SHA-1) detected", "description": "## Description\\n\\nA weak hashing library can lead to data breaches and greater security risk.\\n\\n## Remediations\\n\\nAccording to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), SHA1 is considered a weak hashing algorithms and therefore shouldn't be used.\\n\\n❌ Avoid libraries and algorithms with known weaknesses:\\n\\n\`\`\`php\\n $encrypted = sha1($input);\\n\`\`\`\\n\\n✅ Use stronger encryption algorithms when storing data.\\n\\n\`\`\`php\\n $encrypted = hash('sha256', $input);\\n\`\`\`\\n", "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_weak_hash_sha1", - "line_number": 6, + "line_number": 8, "full_filename": "/tmp/bearer-scan/insecure.php", "filename": ".", "data_type": { @@ -107,27 +107,379 @@ exports[`php_lang_weak_hash_sha1 insecure_library 1`] = ` "Personal Data" ], "source": { - "start": 6, - "end": 6, + "start": 8, + "end": 8, "column": { "start": 31, "end": 44 } }, "sink": { - "start": 6, - "end": 6, + "start": 8, + "end": 8, "column": { "start": 14, "end": 45 }, "content": "hash($algorithm, $user->gender)" }, - "parent_line_number": 6, + "parent_line_number": 8, "snippet": "hash($algorithm, $user->gender)", - "fingerprint": "84cdb4744f0dfa0a4a190a968b9ffe27_2", - "old_fingerprint": "30309e1653f6f235f54d52c14c7673dd_2", + "fingerprint": "84cdb4744f0dfa0a4a190a968b9ffe27_3", + "old_fingerprint": "30309e1653f6f235f54d52c14c7673dd_3", "code_extract": "$encrypted = hash($algorithm, $user->gender);" + }, + { + "cwe_ids": [ + "327" + ], + "id": "php_lang_weak_hash_sha1", + "title": "Weak hashing library (SHA-1) detected", + "description": "## Description\\n\\nA weak hashing library can lead to data breaches and greater security risk.\\n\\n## Remediations\\n\\nAccording to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), SHA1 is considered a weak hashing algorithms and therefore shouldn't be used.\\n\\n❌ Avoid libraries and algorithms with known weaknesses:\\n\\n\`\`\`php\\n $encrypted = sha1($input);\\n\`\`\`\\n\\n✅ Use stronger encryption algorithms when storing data.\\n\\n\`\`\`php\\n $encrypted = hash('sha256', $input);\\n\`\`\`\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_weak_hash_sha1", + "line_number": 13, + "full_filename": "/tmp/bearer-scan/insecure.php", + "filename": ".", + "data_type": { + "category_uuid": "94007e1e-57d8-43e8-90f2-246236dc5dde", + "name": "Gender" + }, + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 13, + "end": 13, + "column": { + "start": 19, + "end": 32 + } + }, + "sink": { + "start": 13, + "end": 13, + "column": { + "start": 1, + "end": 39 + }, + "content": "hash_hmac(\\"sha1\\", $user->gender, $key)" + }, + "parent_line_number": 13, + "snippet": "hash_hmac(\\"sha1\\", $user->gender, $key)", + "fingerprint": "84cdb4744f0dfa0a4a190a968b9ffe27_6", + "old_fingerprint": "30309e1653f6f235f54d52c14c7673dd_6", + "code_extract": "hash_hmac(\\"sha1\\", $user->gender, $key);" + }, + { + "cwe_ids": [ + "327" + ], + "id": "php_lang_weak_hash_sha1", + "title": "Weak hashing library (SHA-1) detected", + "description": "## Description\\n\\nA weak hashing library can lead to data breaches and greater security risk.\\n\\n## Remediations\\n\\nAccording to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), SHA1 is considered a weak hashing algorithms and therefore shouldn't be used.\\n\\n❌ Avoid libraries and algorithms with known weaknesses:\\n\\n\`\`\`php\\n $encrypted = sha1($input);\\n\`\`\`\\n\\n✅ Use stronger encryption algorithms when storing data.\\n\\n\`\`\`php\\n $encrypted = hash('sha256', $input);\\n\`\`\`\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_weak_hash_sha1", + "line_number": 17, + "full_filename": "/tmp/bearer-scan/insecure.php", + "filename": ".", + "data_type": { + "category_uuid": "94007e1e-57d8-43e8-90f2-246236dc5dde", + "name": "Gender" + }, + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 17, + "end": 17, + "column": { + "start": 23, + "end": 36 + } + }, + "sink": { + "start": 17, + "end": 17, + "column": { + "start": 1, + "end": 37 + }, + "content": "hash_update($context, $user->gender)" + }, + "parent_line_number": 17, + "snippet": "hash_update($context, $user->gender)", + "fingerprint": "84cdb4744f0dfa0a4a190a968b9ffe27_8", + "old_fingerprint": "30309e1653f6f235f54d52c14c7673dd_8", + "code_extract": "hash_update($context, $user->gender);" + } + ], + "medium": [ + { + "cwe_ids": [ + "327" + ], + "id": "php_lang_weak_hash_sha1", + "title": "Weak hashing library (SHA-1) detected", + "description": "## Description\\n\\nA weak hashing library can lead to data breaches and greater security risk.\\n\\n## Remediations\\n\\nAccording to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), SHA1 is considered a weak hashing algorithms and therefore shouldn't be used.\\n\\n❌ Avoid libraries and algorithms with known weaknesses:\\n\\n\`\`\`php\\n $encrypted = sha1($input);\\n\`\`\`\\n\\n✅ Use stronger encryption algorithms when storing data.\\n\\n\`\`\`php\\n $encrypted = hash('sha256', $input);\\n\`\`\`\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_weak_hash_sha1", + "line_number": 4, + "full_filename": "/tmp/bearer-scan/insecure.php", + "filename": ".", + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 4, + "end": 4, + "column": { + "start": 14, + "end": 26 + } + }, + "sink": { + "start": 4, + "end": 4, + "column": { + "start": 14, + "end": 26 + }, + "content": "sha1($other)" + }, + "parent_line_number": 4, + "snippet": "sha1($other)", + "fingerprint": "84cdb4744f0dfa0a4a190a968b9ffe27_1", + "old_fingerprint": "30309e1653f6f235f54d52c14c7673dd_1", + "code_extract": "$encrypted = sha1($other);" + }, + { + "cwe_ids": [ + "327" + ], + "id": "php_lang_weak_hash_sha1", + "title": "Weak hashing library (SHA-1) detected", + "description": "## Description\\n\\nA weak hashing library can lead to data breaches and greater security risk.\\n\\n## Remediations\\n\\nAccording to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), SHA1 is considered a weak hashing algorithms and therefore shouldn't be used.\\n\\n❌ Avoid libraries and algorithms with known weaknesses:\\n\\n\`\`\`php\\n $encrypted = sha1($input);\\n\`\`\`\\n\\n✅ Use stronger encryption algorithms when storing data.\\n\\n\`\`\`php\\n $encrypted = hash('sha256', $input);\\n\`\`\`\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_weak_hash_sha1", + "line_number": 9, + "full_filename": "/tmp/bearer-scan/insecure.php", + "filename": ".", + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 9, + "end": 9, + "column": { + "start": 14, + "end": 38 + } + }, + "sink": { + "start": 9, + "end": 9, + "column": { + "start": 14, + "end": 38 + }, + "content": "hash($algorithm, $other)" + }, + "parent_line_number": 9, + "snippet": "hash($algorithm, $other)", + "fingerprint": "84cdb4744f0dfa0a4a190a968b9ffe27_4", + "old_fingerprint": "30309e1653f6f235f54d52c14c7673dd_4", + "code_extract": "$encrypted = hash($algorithm, $other);" + }, + { + "cwe_ids": [ + "327" + ], + "id": "php_lang_weak_hash_sha1", + "title": "Weak hashing library (SHA-1) detected", + "description": "## Description\\n\\nA weak hashing library can lead to data breaches and greater security risk.\\n\\n## Remediations\\n\\nAccording to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), SHA1 is considered a weak hashing algorithms and therefore shouldn't be used.\\n\\n❌ Avoid libraries and algorithms with known weaknesses:\\n\\n\`\`\`php\\n $encrypted = sha1($input);\\n\`\`\`\\n\\n✅ Use stronger encryption algorithms when storing data.\\n\\n\`\`\`php\\n $encrypted = hash('sha256', $input);\\n\`\`\`\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_weak_hash_sha1", + "line_number": 11, + "full_filename": "/tmp/bearer-scan/insecure.php", + "filename": ".", + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 11, + "end": 11, + "column": { + "start": 1, + "end": 21 + } + }, + "sink": { + "start": 11, + "end": 11, + "column": { + "start": 1, + "end": 21 + }, + "content": "sha1_file(\\"foo.txt\\")" + }, + "parent_line_number": 11, + "snippet": "sha1_file(\\"foo.txt\\")", + "fingerprint": "84cdb4744f0dfa0a4a190a968b9ffe27_5", + "old_fingerprint": "30309e1653f6f235f54d52c14c7673dd_5", + "code_extract": "sha1_file(\\"foo.txt\\");" + }, + { + "cwe_ids": [ + "327" + ], + "id": "php_lang_weak_hash_sha1", + "title": "Weak hashing library (SHA-1) detected", + "description": "## Description\\n\\nA weak hashing library can lead to data breaches and greater security risk.\\n\\n## Remediations\\n\\nAccording to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), SHA1 is considered a weak hashing algorithms and therefore shouldn't be used.\\n\\n❌ Avoid libraries and algorithms with known weaknesses:\\n\\n\`\`\`php\\n $encrypted = sha1($input);\\n\`\`\`\\n\\n✅ Use stronger encryption algorithms when storing data.\\n\\n\`\`\`php\\n $encrypted = hash('sha256', $input);\\n\`\`\`\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_weak_hash_sha1", + "line_number": 14, + "full_filename": "/tmp/bearer-scan/insecure.php", + "filename": ".", + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 14, + "end": 14, + "column": { + "start": 1, + "end": 32 + } + }, + "sink": { + "start": 14, + "end": 14, + "column": { + "start": 1, + "end": 32 + }, + "content": "hash_hmac(\\"sha1\\", $other, $key)" + }, + "parent_line_number": 14, + "snippet": "hash_hmac(\\"sha1\\", $other, $key)", + "fingerprint": "84cdb4744f0dfa0a4a190a968b9ffe27_7", + "old_fingerprint": "30309e1653f6f235f54d52c14c7673dd_7", + "code_extract": "hash_hmac(\\"sha1\\", $other, $key);" + }, + { + "cwe_ids": [ + "327" + ], + "id": "php_lang_weak_hash_sha1", + "title": "Weak hashing library (SHA-1) detected", + "description": "## Description\\n\\nA weak hashing library can lead to data breaches and greater security risk.\\n\\n## Remediations\\n\\nAccording to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), SHA1 is considered a weak hashing algorithms and therefore shouldn't be used.\\n\\n❌ Avoid libraries and algorithms with known weaknesses:\\n\\n\`\`\`php\\n $encrypted = sha1($input);\\n\`\`\`\\n\\n✅ Use stronger encryption algorithms when storing data.\\n\\n\`\`\`php\\n $encrypted = hash('sha256', $input);\\n\`\`\`\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_weak_hash_sha1", + "line_number": 18, + "full_filename": "/tmp/bearer-scan/insecure.php", + "filename": ".", + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 18, + "end": 18, + "column": { + "start": 1, + "end": 30 + } + }, + "sink": { + "start": 18, + "end": 18, + "column": { + "start": 1, + "end": 30 + }, + "content": "hash_update($context, $other)" + }, + "parent_line_number": 18, + "snippet": "hash_update($context, $other)", + "fingerprint": "84cdb4744f0dfa0a4a190a968b9ffe27_9", + "old_fingerprint": "30309e1653f6f235f54d52c14c7673dd_9", + "code_extract": "hash_update($context, $other);" + }, + { + "cwe_ids": [ + "327" + ], + "id": "php_lang_weak_hash_sha1", + "title": "Weak hashing library (SHA-1) detected", + "description": "## Description\\n\\nA weak hashing library can lead to data breaches and greater security risk.\\n\\n## Remediations\\n\\nAccording to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), SHA1 is considered a weak hashing algorithms and therefore shouldn't be used.\\n\\n❌ Avoid libraries and algorithms with known weaknesses:\\n\\n\`\`\`php\\n $encrypted = sha1($input);\\n\`\`\`\\n\\n✅ Use stronger encryption algorithms when storing data.\\n\\n\`\`\`php\\n $encrypted = hash('sha256', $input);\\n\`\`\`\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_weak_hash_sha1", + "line_number": 19, + "full_filename": "/tmp/bearer-scan/insecure.php", + "filename": ".", + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 19, + "end": 19, + "column": { + "start": 1, + "end": 38 + } + }, + "sink": { + "start": 19, + "end": 19, + "column": { + "start": 1, + "end": 38 + }, + "content": "hash_update_file($context, $filename)" + }, + "parent_line_number": 19, + "snippet": "hash_update_file($context, $filename)", + "fingerprint": "84cdb4744f0dfa0a4a190a968b9ffe27_10", + "old_fingerprint": "30309e1653f6f235f54d52c14c7673dd_10", + "code_extract": "hash_update_file($context, $filename);" + }, + { + "cwe_ids": [ + "327" + ], + "id": "php_lang_weak_hash_sha1", + "title": "Weak hashing library (SHA-1) detected", + "description": "## Description\\n\\nA weak hashing library can lead to data breaches and greater security risk.\\n\\n## Remediations\\n\\nAccording to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), SHA1 is considered a weak hashing algorithms and therefore shouldn't be used.\\n\\n❌ Avoid libraries and algorithms with known weaknesses:\\n\\n\`\`\`php\\n $encrypted = sha1($input);\\n\`\`\`\\n\\n✅ Use stronger encryption algorithms when storing data.\\n\\n\`\`\`php\\n $encrypted = hash('sha256', $input);\\n\`\`\`\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_weak_hash_sha1", + "line_number": 20, + "full_filename": "/tmp/bearer-scan/insecure.php", + "filename": ".", + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 20, + "end": 20, + "column": { + "start": 1, + "end": 38 + } + }, + "sink": { + "start": 20, + "end": 20, + "column": { + "start": 1, + "end": 38 + }, + "content": "hash_update_stream($context, $handle)" + }, + "parent_line_number": 20, + "snippet": "hash_update_stream($context, $handle)", + "fingerprint": "84cdb4744f0dfa0a4a190a968b9ffe27_11", + "old_fingerprint": "30309e1653f6f235f54d52c14c7673dd_11", + "code_extract": "hash_update_stream($context, $handle);" } ] }" diff --git a/tests/php/lang/weak_hash_sha1/testdata/insecure.php b/tests/php/lang/weak_hash_sha1/testdata/insecure.php index 01a7ab54d..d2d73ee8b 100644 --- a/tests/php/lang/weak_hash_sha1/testdata/insecure.php +++ b/tests/php/lang/weak_hash_sha1/testdata/insecure.php @@ -1,8 +1,22 @@ gender); +$encrypted = sha1($other); + $encrypted = hash('sha1', $user->gender); $algorithm = "sha1"; $encrypted = hash($algorithm, $user->gender); +$encrypted = hash($algorithm, $other); + +sha1_file("foo.txt"); + +hash_hmac("sha1", $user->gender, $key); +hash_hmac("sha1", $other, $key); + +$context = hash_init("sha1", 0); +hash_update($context, $user->gender); +hash_update($context, $other); +hash_update_file($context, $filename); +hash_update_stream($context, $handle); -?> \ No newline at end of file +?> diff --git a/tests/php/lang/weak_hash_sha1/testdata/safe.php b/tests/php/lang/weak_hash_sha1/testdata/safe.php index 76636cd70..121053c78 100644 --- a/tests/php/lang/weak_hash_sha1/testdata/safe.php +++ b/tests/php/lang/weak_hash_sha1/testdata/safe.php @@ -1,8 +1,12 @@ uuid); -$encrypted = hash('sha1', $user->uuid); +$encrypted = sha1($user->userId); +$encrypted = hash('sha1', $user->userId); $algorithm = 'sha1'; -$encrypted = hash($algorithm, $user->uuid); +$encrypted = hash($algorithm, $user->userId); +hash_hmac("sha1", $user->userId, $key); -?> \ No newline at end of file +$context = hash_init("sha1", 0); +hash_update($context, $user->userId); + +?> diff --git a/tests/php/lang/weak_password_hash_md/__snapshots__/test.js.snap b/tests/php/lang/weak_password_hash_md/__snapshots__/test.js.snap new file mode 100644 index 000000000..e57df31b8 --- /dev/null +++ b/tests/php/lang/weak_password_hash_md/__snapshots__/test.js.snap @@ -0,0 +1,311 @@ +// Jest Snapshot v1, https://goo.gl/fbAQLP + +exports[`php_lang_weak_password_hash_md insecure_password 1`] = ` +"{ + "high": [ + { + "cwe_ids": [ + "327", + "916" + ], + "id": "php_lang_weak_password_hash_md", + "title": "Weak hashing library (MDx) detected", + "description": "## Description\\n\\nA weak hashing library can lead to data breaches and greater security risk.\\n\\n## Remediations\\n\\nAccording to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), MD5 is considered a weak hashing algorithms and therefore shouldn't be used.\\n\\n❌ Avoid libraries and algorithms with known weaknesses:\\n\\n\`\`\`php\\n $encrypted_password = md5($user->password);\\n\`\`\`\\n\\n✅ Use stronger encryption algorithms when storing data.\\n\\n\`\`\`php\\n $encrypted_password = password_hash($user->password);\\n\`\`\`\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_weak_password_hash_md", + "line_number": 3, + "full_filename": "/tmp/bearer-scan/insecure.php", + "filename": ".", + "data_type": { + "category_uuid": "dd88aee5-9d40-4ad2-8983-0c791ddec47c", + "name": "Passwords" + }, + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 3, + "end": 3, + "column": { + "start": 27, + "end": 42 + } + }, + "sink": { + "start": 3, + "end": 3, + "column": { + "start": 23, + "end": 43 + }, + "content": "md5($user->password)" + }, + "parent_line_number": 3, + "snippet": "md5($user->password)", + "fingerprint": "c6b00b8435351b1d8bc473333480c28a_0", + "old_fingerprint": "c2359e9439eb43b71febb1452b309e4c_0", + "code_extract": "$encrypted_password = md5($user->password);" + }, + { + "cwe_ids": [ + "327", + "916" + ], + "id": "php_lang_weak_password_hash_md", + "title": "Weak hashing library (MDx) detected", + "description": "## Description\\n\\nA weak hashing library can lead to data breaches and greater security risk.\\n\\n## Remediations\\n\\nAccording to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), MD5 is considered a weak hashing algorithms and therefore shouldn't be used.\\n\\n❌ Avoid libraries and algorithms with known weaknesses:\\n\\n\`\`\`php\\n $encrypted_password = md5($user->password);\\n\`\`\`\\n\\n✅ Use stronger encryption algorithms when storing data.\\n\\n\`\`\`php\\n $encrypted_password = password_hash($user->password);\\n\`\`\`\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_weak_password_hash_md", + "line_number": 4, + "full_filename": "/tmp/bearer-scan/insecure.php", + "filename": ".", + "data_type": { + "category_uuid": "dd88aee5-9d40-4ad2-8983-0c791ddec47c", + "name": "Passwords" + }, + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 4, + "end": 4, + "column": { + "start": 35, + "end": 50 + } + }, + "sink": { + "start": 4, + "end": 4, + "column": { + "start": 23, + "end": 51 + }, + "content": "hash('md5', $user->password)" + }, + "parent_line_number": 4, + "snippet": "hash('md5', $user->password)", + "fingerprint": "c6b00b8435351b1d8bc473333480c28a_1", + "old_fingerprint": "c2359e9439eb43b71febb1452b309e4c_1", + "code_extract": "$encrypted_password = hash('md5', $user->password);" + }, + { + "cwe_ids": [ + "327", + "916" + ], + "id": "php_lang_weak_password_hash_md", + "title": "Weak hashing library (MDx) detected", + "description": "## Description\\n\\nA weak hashing library can lead to data breaches and greater security risk.\\n\\n## Remediations\\n\\nAccording to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), MD5 is considered a weak hashing algorithms and therefore shouldn't be used.\\n\\n❌ Avoid libraries and algorithms with known weaknesses:\\n\\n\`\`\`php\\n $encrypted_password = md5($user->password);\\n\`\`\`\\n\\n✅ Use stronger encryption algorithms when storing data.\\n\\n\`\`\`php\\n $encrypted_password = password_hash($user->password);\\n\`\`\`\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_weak_password_hash_md", + "line_number": 5, + "full_filename": "/tmp/bearer-scan/insecure.php", + "filename": ".", + "data_type": { + "category_uuid": "dd88aee5-9d40-4ad2-8983-0c791ddec47c", + "name": "Passwords" + }, + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 5, + "end": 5, + "column": { + "start": 35, + "end": 50 + } + }, + "sink": { + "start": 5, + "end": 5, + "column": { + "start": 23, + "end": 51 + }, + "content": "hash('md4', $user->password)" + }, + "parent_line_number": 5, + "snippet": "hash('md4', $user->password)", + "fingerprint": "c6b00b8435351b1d8bc473333480c28a_2", + "old_fingerprint": "c2359e9439eb43b71febb1452b309e4c_2", + "code_extract": "$encrypted_password = hash('md4', $user->password);" + }, + { + "cwe_ids": [ + "327", + "916" + ], + "id": "php_lang_weak_password_hash_md", + "title": "Weak hashing library (MDx) detected", + "description": "## Description\\n\\nA weak hashing library can lead to data breaches and greater security risk.\\n\\n## Remediations\\n\\nAccording to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), MD5 is considered a weak hashing algorithms and therefore shouldn't be used.\\n\\n❌ Avoid libraries and algorithms with known weaknesses:\\n\\n\`\`\`php\\n $encrypted_password = md5($user->password);\\n\`\`\`\\n\\n✅ Use stronger encryption algorithms when storing data.\\n\\n\`\`\`php\\n $encrypted_password = password_hash($user->password);\\n\`\`\`\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_weak_password_hash_md", + "line_number": 7, + "full_filename": "/tmp/bearer-scan/insecure.php", + "filename": ".", + "data_type": { + "category_uuid": "dd88aee5-9d40-4ad2-8983-0c791ddec47c", + "name": "Passwords" + }, + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 7, + "end": 7, + "column": { + "start": 40, + "end": 55 + } + }, + "sink": { + "start": 7, + "end": 7, + "column": { + "start": 23, + "end": 56 + }, + "content": "hash($algorithm, $user->password)" + }, + "parent_line_number": 7, + "snippet": "hash($algorithm, $user->password)", + "fingerprint": "c6b00b8435351b1d8bc473333480c28a_3", + "old_fingerprint": "c2359e9439eb43b71febb1452b309e4c_3", + "code_extract": "$encrypted_password = hash($algorithm, $user->password);" + }, + { + "cwe_ids": [ + "327", + "916" + ], + "id": "php_lang_weak_password_hash_md", + "title": "Weak hashing library (MDx) detected", + "description": "## Description\\n\\nA weak hashing library can lead to data breaches and greater security risk.\\n\\n## Remediations\\n\\nAccording to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), MD5 is considered a weak hashing algorithms and therefore shouldn't be used.\\n\\n❌ Avoid libraries and algorithms with known weaknesses:\\n\\n\`\`\`php\\n $encrypted_password = md5($user->password);\\n\`\`\`\\n\\n✅ Use stronger encryption algorithms when storing data.\\n\\n\`\`\`php\\n $encrypted_password = password_hash($user->password);\\n\`\`\`\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_weak_password_hash_md", + "line_number": 8, + "full_filename": "/tmp/bearer-scan/insecure.php", + "filename": ".", + "data_type": { + "category_uuid": "dd88aee5-9d40-4ad2-8983-0c791ddec47c", + "name": "Passwords" + }, + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 8, + "end": 8, + "column": { + "start": 45, + "end": 60 + } + }, + "sink": { + "start": 8, + "end": 8, + "column": { + "start": 23, + "end": 67 + }, + "content": "hash_hmac($algorithm, $user->password, $key)" + }, + "parent_line_number": 8, + "snippet": "hash_hmac($algorithm, $user->password, $key)", + "fingerprint": "c6b00b8435351b1d8bc473333480c28a_4", + "old_fingerprint": "c2359e9439eb43b71febb1452b309e4c_4", + "code_extract": "$encrypted_password = hash_hmac($algorithm, $user->password, $key);" + }, + { + "cwe_ids": [ + "327", + "916" + ], + "id": "php_lang_weak_password_hash_md", + "title": "Weak hashing library (MDx) detected", + "description": "## Description\\n\\nA weak hashing library can lead to data breaches and greater security risk.\\n\\n## Remediations\\n\\nAccording to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), MD5 is considered a weak hashing algorithms and therefore shouldn't be used.\\n\\n❌ Avoid libraries and algorithms with known weaknesses:\\n\\n\`\`\`php\\n $encrypted_password = md5($user->password);\\n\`\`\`\\n\\n✅ Use stronger encryption algorithms when storing data.\\n\\n\`\`\`php\\n $encrypted_password = password_hash($user->password);\\n\`\`\`\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_weak_password_hash_md", + "line_number": 9, + "full_filename": "/tmp/bearer-scan/insecure.php", + "filename": ".", + "data_type": { + "category_uuid": "dd88aee5-9d40-4ad2-8983-0c791ddec47c", + "name": "Passwords" + }, + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 9, + "end": 9, + "column": { + "start": 40, + "end": 55 + } + }, + "sink": { + "start": 9, + "end": 9, + "column": { + "start": 23, + "end": 62 + }, + "content": "hash_hmac(\\"md4\\", $user->password, $key)" + }, + "parent_line_number": 9, + "snippet": "hash_hmac(\\"md4\\", $user->password, $key)", + "fingerprint": "c6b00b8435351b1d8bc473333480c28a_5", + "old_fingerprint": "c2359e9439eb43b71febb1452b309e4c_5", + "code_extract": "$encrypted_password = hash_hmac(\\"md4\\", $user->password, $key);" + }, + { + "cwe_ids": [ + "327", + "916" + ], + "id": "php_lang_weak_password_hash_md", + "title": "Weak hashing library (MDx) detected", + "description": "## Description\\n\\nA weak hashing library can lead to data breaches and greater security risk.\\n\\n## Remediations\\n\\nAccording to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), MD5 is considered a weak hashing algorithms and therefore shouldn't be used.\\n\\n❌ Avoid libraries and algorithms with known weaknesses:\\n\\n\`\`\`php\\n $encrypted_password = md5($user->password);\\n\`\`\`\\n\\n✅ Use stronger encryption algorithms when storing data.\\n\\n\`\`\`php\\n $encrypted_password = password_hash($user->password);\\n\`\`\`\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_weak_password_hash_md", + "line_number": 12, + "full_filename": "/tmp/bearer-scan/insecure.php", + "filename": ".", + "data_type": { + "category_uuid": "dd88aee5-9d40-4ad2-8983-0c791ddec47c", + "name": "Passwords" + }, + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 12, + "end": 12, + "column": { + "start": 23, + "end": 38 + } + }, + "sink": { + "start": 12, + "end": 12, + "column": { + "start": 1, + "end": 39 + }, + "content": "hash_update($context, $user->password)" + }, + "parent_line_number": 12, + "snippet": "hash_update($context, $user->password)", + "fingerprint": "c6b00b8435351b1d8bc473333480c28a_6", + "old_fingerprint": "c2359e9439eb43b71febb1452b309e4c_6", + "code_extract": "hash_update($context, $user->password);" + } + ] +}" +`; + +exports[`php_lang_weak_password_hash_md safe 1`] = `"{}"`; diff --git a/tests/php/lang/weak_password_hash_md5/test.js b/tests/php/lang/weak_password_hash_md/test.js similarity index 100% rename from tests/php/lang/weak_password_hash_md5/test.js rename to tests/php/lang/weak_password_hash_md/test.js diff --git a/tests/php/lang/weak_password_hash_md/testdata/insecure.php b/tests/php/lang/weak_password_hash_md/testdata/insecure.php new file mode 100644 index 000000000..6925235e3 --- /dev/null +++ b/tests/php/lang/weak_password_hash_md/testdata/insecure.php @@ -0,0 +1,14 @@ +password); +$encrypted_password = hash('md5', $user->password); +$encrypted_password = hash('md4', $user->password); +$algorithm = "md5"; +$encrypted_password = hash($algorithm, $user->password); +$encrypted_password = hash_hmac($algorithm, $user->password, $key); +$encrypted_password = hash_hmac("md4", $user->password, $key); + +$context = hash_init("md5", 0); +hash_update($context, $user->password); + +?> diff --git a/tests/php/lang/weak_password_hash_md5/testdata/safe.php b/tests/php/lang/weak_password_hash_md/testdata/safe.php similarity index 97% rename from tests/php/lang/weak_password_hash_md5/testdata/safe.php rename to tests/php/lang/weak_password_hash_md/testdata/safe.php index 8dae40b53..b224f7ced 100644 --- a/tests/php/lang/weak_password_hash_md5/testdata/safe.php +++ b/tests/php/lang/weak_password_hash_md/testdata/safe.php @@ -4,4 +4,4 @@ $encrypted_password = password_hash($user->password); $encrypted_password2 = md5($file_name); -?> \ No newline at end of file +?> diff --git a/tests/php/lang/weak_password_hash_md5/__snapshots__/test.js.snap b/tests/php/lang/weak_password_hash_md5/__snapshots__/test.js.snap deleted file mode 100644 index 975f1fc6d..000000000 --- a/tests/php/lang/weak_password_hash_md5/__snapshots__/test.js.snap +++ /dev/null @@ -1,139 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`php_lang_weak_password_hash_md5 insecure_password 1`] = ` -"{ - "high": [ - { - "cwe_ids": [ - "327", - "916" - ], - "id": "php_lang_weak_password_hash_md5", - "title": "Weak hashing library (MD5) detected", - "description": "## Description\\n\\nA weak hashing library can lead to data breaches and greater security risk.\\n\\n## Remediations\\n\\nAccording to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), MD5 is considered a weak hashing algorithms and therefore shouldn't be used.\\n\\n❌ Avoid libraries and algorithms with known weaknesses:\\n\\n\`\`\`php\\n $encrypted_password = md5($user->password);\\n\`\`\`\\n\\n✅ Use stronger encryption algorithms when storing data.\\n\\n\`\`\`php\\n $encrypted_password = password_hash($user->password);\\n\`\`\`\\n", - "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_weak_password_hash_md5", - "line_number": 3, - "full_filename": "/tmp/bearer-scan/insecure.php", - "filename": ".", - "data_type": { - "category_uuid": "dd88aee5-9d40-4ad2-8983-0c791ddec47c", - "name": "Passwords" - }, - "category_groups": [ - "PII", - "Personal Data" - ], - "source": { - "start": 3, - "end": 3, - "column": { - "start": 27, - "end": 42 - } - }, - "sink": { - "start": 3, - "end": 3, - "column": { - "start": 23, - "end": 43 - }, - "content": "md5($user->password)" - }, - "parent_line_number": 3, - "snippet": "md5($user->password)", - "fingerprint": "bf6a0a05d5bb774059b60c77ba70195d_0", - "old_fingerprint": "e7fcef6c2ad41ac6efeec9dbf618bf37_0", - "code_extract": "$encrypted_password = md5($user->password);" - }, - { - "cwe_ids": [ - "327", - "916" - ], - "id": "php_lang_weak_password_hash_md5", - "title": "Weak hashing library (MD5) detected", - "description": "## Description\\n\\nA weak hashing library can lead to data breaches and greater security risk.\\n\\n## Remediations\\n\\nAccording to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), MD5 is considered a weak hashing algorithms and therefore shouldn't be used.\\n\\n❌ Avoid libraries and algorithms with known weaknesses:\\n\\n\`\`\`php\\n $encrypted_password = md5($user->password);\\n\`\`\`\\n\\n✅ Use stronger encryption algorithms when storing data.\\n\\n\`\`\`php\\n $encrypted_password = password_hash($user->password);\\n\`\`\`\\n", - "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_weak_password_hash_md5", - "line_number": 4, - "full_filename": "/tmp/bearer-scan/insecure.php", - "filename": ".", - "data_type": { - "category_uuid": "dd88aee5-9d40-4ad2-8983-0c791ddec47c", - "name": "Passwords" - }, - "category_groups": [ - "PII", - "Personal Data" - ], - "source": { - "start": 4, - "end": 4, - "column": { - "start": 35, - "end": 50 - } - }, - "sink": { - "start": 4, - "end": 4, - "column": { - "start": 23, - "end": 51 - }, - "content": "hash('md5', $user->password)" - }, - "parent_line_number": 4, - "snippet": "hash('md5', $user->password)", - "fingerprint": "bf6a0a05d5bb774059b60c77ba70195d_1", - "old_fingerprint": "e7fcef6c2ad41ac6efeec9dbf618bf37_1", - "code_extract": "$encrypted_password = hash('md5', $user->password);" - }, - { - "cwe_ids": [ - "327", - "916" - ], - "id": "php_lang_weak_password_hash_md5", - "title": "Weak hashing library (MD5) detected", - "description": "## Description\\n\\nA weak hashing library can lead to data breaches and greater security risk.\\n\\n## Remediations\\n\\nAccording to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), MD5 is considered a weak hashing algorithms and therefore shouldn't be used.\\n\\n❌ Avoid libraries and algorithms with known weaknesses:\\n\\n\`\`\`php\\n $encrypted_password = md5($user->password);\\n\`\`\`\\n\\n✅ Use stronger encryption algorithms when storing data.\\n\\n\`\`\`php\\n $encrypted_password = password_hash($user->password);\\n\`\`\`\\n", - "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_weak_password_hash_md5", - "line_number": 6, - "full_filename": "/tmp/bearer-scan/insecure.php", - "filename": ".", - "data_type": { - "category_uuid": "dd88aee5-9d40-4ad2-8983-0c791ddec47c", - "name": "Passwords" - }, - "category_groups": [ - "PII", - "Personal Data" - ], - "source": { - "start": 6, - "end": 6, - "column": { - "start": 40, - "end": 55 - } - }, - "sink": { - "start": 6, - "end": 6, - "column": { - "start": 23, - "end": 56 - }, - "content": "hash($algorithm, $user->password)" - }, - "parent_line_number": 6, - "snippet": "hash($algorithm, $user->password)", - "fingerprint": "bf6a0a05d5bb774059b60c77ba70195d_2", - "old_fingerprint": "e7fcef6c2ad41ac6efeec9dbf618bf37_2", - "code_extract": "$encrypted_password = hash($algorithm, $user->password);" - } - ] -}" -`; - -exports[`php_lang_weak_password_hash_md5 safe 1`] = `"{}"`; diff --git a/tests/php/lang/weak_password_hash_md5/testdata/insecure.php b/tests/php/lang/weak_password_hash_md5/testdata/insecure.php deleted file mode 100644 index b6701bc93..000000000 --- a/tests/php/lang/weak_password_hash_md5/testdata/insecure.php +++ /dev/null @@ -1,8 +0,0 @@ -password); -$encrypted_password = hash('md5', $user->password); -$algorithm = "md5"; -$encrypted_password = hash($algorithm, $user->password); - -?> \ No newline at end of file diff --git a/tests/php/lang/weak_password_hash_sha1/__snapshots__/test.js.snap b/tests/php/lang/weak_password_hash_sha1/__snapshots__/test.js.snap index 0998938e6..07b598a2a 100644 --- a/tests/php/lang/weak_password_hash_sha1/__snapshots__/test.js.snap +++ b/tests/php/lang/weak_password_hash_sha1/__snapshots__/test.js.snap @@ -131,6 +131,92 @@ exports[`php_lang_weak_password_hash_sha1 insecure_password 1`] = ` "fingerprint": "93faf6416d8eb395af51cd70032af821_2", "old_fingerprint": "756d593428d986d3bc4c072751f89e3a_2", "code_extract": "$encrypted_password = hash($algorithm, $user->password);" + }, + { + "cwe_ids": [ + "327", + "916" + ], + "id": "php_lang_weak_password_hash_sha1", + "title": "Weak hashing library (SHA-1) detected", + "description": "## Description\\n\\nA weak hashing library can lead to data breaches and greater security risk.\\n\\n## Remediations\\n\\nAccording to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), SHA1 is considered a weak hashing algorithms and therefore shouldn't be used.\\n\\n❌ Avoid libraries and algorithms with known weaknesses:\\n\\n\`\`\`php\\n $encrypted_password = sha1($user->password);\\n\`\`\`\\n\\n✅ Use stronger encryption algorithms when storing data.\\n\\n\`\`\`php\\n $encrypted_password = password_hash($user->password);\\n\`\`\`\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_weak_password_hash_sha1", + "line_number": 7, + "full_filename": "/tmp/bearer-scan/insecure.php", + "filename": ".", + "data_type": { + "category_uuid": "dd88aee5-9d40-4ad2-8983-0c791ddec47c", + "name": "Passwords" + }, + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 7, + "end": 7, + "column": { + "start": 45, + "end": 60 + } + }, + "sink": { + "start": 7, + "end": 7, + "column": { + "start": 23, + "end": 67 + }, + "content": "hash_hmac($algorithm, $user->password, $key)" + }, + "parent_line_number": 7, + "snippet": "hash_hmac($algorithm, $user->password, $key)", + "fingerprint": "93faf6416d8eb395af51cd70032af821_3", + "old_fingerprint": "756d593428d986d3bc4c072751f89e3a_3", + "code_extract": "$encrypted_password = hash_hmac($algorithm, $user->password, $key);" + }, + { + "cwe_ids": [ + "327", + "916" + ], + "id": "php_lang_weak_password_hash_sha1", + "title": "Weak hashing library (SHA-1) detected", + "description": "## Description\\n\\nA weak hashing library can lead to data breaches and greater security risk.\\n\\n## Remediations\\n\\nAccording to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), SHA1 is considered a weak hashing algorithms and therefore shouldn't be used.\\n\\n❌ Avoid libraries and algorithms with known weaknesses:\\n\\n\`\`\`php\\n $encrypted_password = sha1($user->password);\\n\`\`\`\\n\\n✅ Use stronger encryption algorithms when storing data.\\n\\n\`\`\`php\\n $encrypted_password = password_hash($user->password);\\n\`\`\`\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_weak_password_hash_sha1", + "line_number": 10, + "full_filename": "/tmp/bearer-scan/insecure.php", + "filename": ".", + "data_type": { + "category_uuid": "dd88aee5-9d40-4ad2-8983-0c791ddec47c", + "name": "Passwords" + }, + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 10, + "end": 10, + "column": { + "start": 23, + "end": 38 + } + }, + "sink": { + "start": 10, + "end": 10, + "column": { + "start": 1, + "end": 39 + }, + "content": "hash_update($context, $user->password)" + }, + "parent_line_number": 10, + "snippet": "hash_update($context, $user->password)", + "fingerprint": "93faf6416d8eb395af51cd70032af821_4", + "old_fingerprint": "756d593428d986d3bc4c072751f89e3a_4", + "code_extract": "hash_update($context, $user->password);" } ] }" diff --git a/tests/php/lang/weak_password_hash_sha1/testdata/insecure.php b/tests/php/lang/weak_password_hash_sha1/testdata/insecure.php index 791f12c27..29d32bb28 100644 --- a/tests/php/lang/weak_password_hash_sha1/testdata/insecure.php +++ b/tests/php/lang/weak_password_hash_sha1/testdata/insecure.php @@ -4,5 +4,9 @@ $encrypted_password = hash('sha1', $user->password); $algorithm = 'sha1'; $encrypted_password = hash($algorithm, $user->password); +$encrypted_password = hash_hmac($algorithm, $user->password, $key); -?> \ No newline at end of file +$context = hash_init("sha1", 0); +hash_update($context, $user->password); + +?> diff --git a/tests/php/lang/xml_external_entity_vulnerability/__snapshots__/test.js.snap b/tests/php/lang/xml_external_entity_vulnerability/__snapshots__/test.js.snap index 894fd8f8a..27fe1dc94 100644 --- a/tests/php/lang/xml_external_entity_vulnerability/__snapshots__/test.js.snap +++ b/tests/php/lang/xml_external_entity_vulnerability/__snapshots__/test.js.snap @@ -212,3 +212,44 @@ exports[`php_lang_xml_external_entity_vulnerability bad 1`] = ` `; exports[`php_lang_xml_external_entity_vulnerability ok 1`] = `"{}"`; + +exports[`php_lang_xml_external_entity_vulnerability shared_instance 1`] = ` +"{ + "high": [ + { + "cwe_ids": [ + "611" + ], + "id": "php_lang_xml_external_entity_vulnerability", + "title": "XML External Entity vulnerability detected.", + "description": "## Description\\nAvoid parsing untrusted data as XML. Such data could include URIs that resolve to resources that are outside of the current context, leading to XML External Entity (XXE) injection.\\n\\n## Remediations\\n❌ Do not enable parsing of external entities.\\n\\nFor LibXML, for example, do not set the \`LIBXML_NOENT\` flag.\\n\\n## Resources\\n- [OWASP XML External Entity (XXE) prevention cheat sheet](https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html)\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_xml_external_entity_vulnerability", + "line_number": 11, + "full_filename": "/tmp/bearer-scan/shared_instance.php", + "filename": ".", + "source": { + "start": 11, + "end": 11, + "column": { + "start": 3, + "end": 41 + } + }, + "sink": { + "start": 11, + "end": 11, + "column": { + "start": 3, + "end": 41 + }, + "content": "$e->XML($userInput, $encoding, $flags)" + }, + "parent_line_number": 11, + "snippet": "$e->XML($userInput, $encoding, $flags)", + "fingerprint": "2e1892d145b5cb527043784fa089ab30_0", + "old_fingerprint": "703fd38928edc4cdf709b1a6d219fdc1_0", + "code_extract": " $e->XML($userInput, $encoding, $flags);" + } + ] +}" +`; diff --git a/tests/php/lang/xml_external_entity_vulnerability/test.js b/tests/php/lang/xml_external_entity_vulnerability/test.js index de4ba2b05..cc4796923 100644 --- a/tests/php/lang/xml_external_entity_vulnerability/test.js +++ b/tests/php/lang/xml_external_entity_vulnerability/test.js @@ -13,4 +13,9 @@ describe(ruleId, () => { const testCase = "bad.php" expect(invoke(testCase)).toMatchSnapshot() }) + + test("shared_instance", () => { + const testCase = "shared_instance.php" + expect(invoke(testCase)).toMatchSnapshot() + }) }) diff --git a/tests/php/lang/xml_external_entity_vulnerability/testdata/shared_instance.php b/tests/php/lang/xml_external_entity_vulnerability/testdata/shared_instance.php new file mode 100644 index 000000000..8e77dfd94 --- /dev/null +++ b/tests/php/lang/xml_external_entity_vulnerability/testdata/shared_instance.php @@ -0,0 +1,14 @@ +XML($userInput, $encoding, $flags); +} catch (FooError $f) { +} finally { +} diff --git a/tests/php/lang/xpath_injection/__snapshots__/test.js.snap b/tests/php/lang/xpath_injection/__snapshots__/test.js.snap index efa61cb7f..73e64161b 100644 --- a/tests/php/lang/xpath_injection/__snapshots__/test.js.snap +++ b/tests/php/lang/xpath_injection/__snapshots__/test.js.snap @@ -104,6 +104,108 @@ exports[`php_lang_xpath_injection bad 1`] = ` "fingerprint": "3360b4377c8a48469d71170bd2ce5298_2", "old_fingerprint": "5255abb1744b9d28b92453ab72fcf603_2", "code_extract": "$element->xpath($userInput);" + }, + { + "cwe_ids": [ + "643" + ], + "id": "php_lang_xpath_injection", + "title": "XPath injection threat detected", + "description": "## Description\\nUsing unsanitized input in an XPath expression could lead to XPath injection\\nif variables are not properly sanitized. XPath injection could lead to\\nunauthorized access to sensitive information in XML documents.\\n\\n## Remediations\\n\\n❌ Avoid using user input in XPath expressions\\n\\n✅ Sanitize user input when it must be included\\n\`\`\`\\n\\n## References\\n- [XPath Injection](https://owasp.org/www-community/attacks/XPATH_Injection)\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_xpath_injection", + "line_number": 12, + "full_filename": "/tmp/bearer-scan/bad.php", + "filename": ".", + "source": { + "start": 12, + "end": 12, + "column": { + "start": 1, + "end": 29 + } + }, + "sink": { + "start": 12, + "end": 12, + "column": { + "start": 1, + "end": 29 + }, + "content": "$element2->xpath($userInput)" + }, + "parent_line_number": 12, + "snippet": "$element2->xpath($userInput)", + "fingerprint": "3360b4377c8a48469d71170bd2ce5298_3", + "old_fingerprint": "5255abb1744b9d28b92453ab72fcf603_3", + "code_extract": "$element2->xpath($userInput);" + }, + { + "cwe_ids": [ + "643" + ], + "id": "php_lang_xpath_injection", + "title": "XPath injection threat detected", + "description": "## Description\\nUsing unsanitized input in an XPath expression could lead to XPath injection\\nif variables are not properly sanitized. XPath injection could lead to\\nunauthorized access to sensitive information in XML documents.\\n\\n## Remediations\\n\\n❌ Avoid using user input in XPath expressions\\n\\n✅ Sanitize user input when it must be included\\n\`\`\`\\n\\n## References\\n- [XPath Injection](https://owasp.org/www-community/attacks/XPATH_Injection)\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_xpath_injection", + "line_number": 14, + "full_filename": "/tmp/bearer-scan/bad.php", + "filename": ".", + "source": { + "start": 14, + "end": 14, + "column": { + "start": 1, + "end": 29 + } + }, + "sink": { + "start": 14, + "end": 14, + "column": { + "start": 1, + "end": 29 + }, + "content": "$element3->xpath($userInput)" + }, + "parent_line_number": 14, + "snippet": "$element3->xpath($userInput)", + "fingerprint": "3360b4377c8a48469d71170bd2ce5298_4", + "old_fingerprint": "5255abb1744b9d28b92453ab72fcf603_4", + "code_extract": "$element3->xpath($userInput);" + }, + { + "cwe_ids": [ + "643" + ], + "id": "php_lang_xpath_injection", + "title": "XPath injection threat detected", + "description": "## Description\\nUsing unsanitized input in an XPath expression could lead to XPath injection\\nif variables are not properly sanitized. XPath injection could lead to\\nunauthorized access to sensitive information in XML documents.\\n\\n## Remediations\\n\\n❌ Avoid using user input in XPath expressions\\n\\n✅ Sanitize user input when it must be included\\n\`\`\`\\n\\n## References\\n- [XPath Injection](https://owasp.org/www-community/attacks/XPATH_Injection)\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_xpath_injection", + "line_number": 16, + "full_filename": "/tmp/bearer-scan/bad.php", + "filename": ".", + "source": { + "start": 16, + "end": 16, + "column": { + "start": 1, + "end": 29 + } + }, + "sink": { + "start": 16, + "end": 16, + "column": { + "start": 1, + "end": 29 + }, + "content": "$element4->xpath($userInput)" + }, + "parent_line_number": 16, + "snippet": "$element4->xpath($userInput)", + "fingerprint": "3360b4377c8a48469d71170bd2ce5298_5", + "old_fingerprint": "5255abb1744b9d28b92453ab72fcf603_5", + "code_extract": "$element4->xpath($userInput);" } ] }" diff --git a/tests/php/lang/xpath_injection/testdata/bad.php b/tests/php/lang/xpath_injection/testdata/bad.php index af0cb42b4..5ca74237f 100644 --- a/tests/php/lang/xpath_injection/testdata/bad.php +++ b/tests/php/lang/xpath_injection/testdata/bad.php @@ -8,3 +8,9 @@ $element = new SimpleXMLElement(""); $element->xpath($userInput); +$element2 = simplexml_import_dom($node); +$element2->xpath($userInput); +$element3 = simplexml_load_file($filename); +$element3->xpath($userInput); +$element4 = simplexml_load_string($data); +$element4->xpath($userInput); diff --git a/tests/php/third_parties/logger/__snapshots__/test.js.snap b/tests/php/third_parties/logger/__snapshots__/test.js.snap index 363df3554..a5f723811 100644 --- a/tests/php/third_parties/logger/__snapshots__/test.js.snap +++ b/tests/php/third_parties/logger/__snapshots__/test.js.snap @@ -174,6 +174,92 @@ exports[`php_third_parties_logger datatype_in_third_party_logger 1`] = ` "fingerprint": "2caf338f3e456f982a7fdc371f8426a0_3", "old_fingerprint": "4f74b3cca38aee472340475cd0e9c736_3", "code_extract": "$log->info('Adding a new user', $user);" + }, + { + "cwe_ids": [ + "209", + "532" + ], + "id": "php_third_parties_logger", + "title": "Sensitive data in a logger message detected.", + "description": "## Description\\n\\nLeaking sensitive data to loggers is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to loggers.\\n\\n## Remediations\\n\\n❌ Avoid using sensitive data in logger messages:\\n\\n\`\`\`php\\n$log->info('User is: ' . $user.email)\\n\`\`\`\\n\\n✅ If you need to identify a user, ensure to use their unique identifier instead of their personal identifiable information:\\n\\n\`\`\`php\\nlog->info('User is: ' . $user.uuid)\\n\`\`\`\\n\\n## Resources\\n- [OWASP logging cheat sheet](https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html)\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_third_parties_logger", + "line_number": 9, + "full_filename": "/tmp/bearer-scan/insecure.php", + "filename": ".", + "data_type": { + "category_uuid": "cef587dd-76db-430b-9e18-7b031e1a193b", + "name": "Email Address" + }, + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 3, + "end": 3, + "column": { + "start": 15, + "end": 22 + } + }, + "sink": { + "start": 9, + "end": 9, + "column": { + "start": 1, + "end": 48 + }, + "content": "$this->logger->info('Adding a new user', $user)" + }, + "parent_line_number": 9, + "snippet": "$this->logger->info('Adding a new user', $user)", + "fingerprint": "2caf338f3e456f982a7fdc371f8426a0_4", + "old_fingerprint": "4f74b3cca38aee472340475cd0e9c736_4", + "code_extract": "$this->logger->info('Adding a new user', $user);" + }, + { + "cwe_ids": [ + "209", + "532" + ], + "id": "php_third_parties_logger", + "title": "Sensitive data in a logger message detected.", + "description": "## Description\\n\\nLeaking sensitive data to loggers is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to loggers.\\n\\n## Remediations\\n\\n❌ Avoid using sensitive data in logger messages:\\n\\n\`\`\`php\\n$log->info('User is: ' . $user.email)\\n\`\`\`\\n\\n✅ If you need to identify a user, ensure to use their unique identifier instead of their personal identifiable information:\\n\\n\`\`\`php\\nlog->info('User is: ' . $user.uuid)\\n\`\`\`\\n\\n## Resources\\n- [OWASP logging cheat sheet](https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html)\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/php_third_parties_logger", + "line_number": 10, + "full_filename": "/tmp/bearer-scan/insecure.php", + "filename": ".", + "data_type": { + "category_uuid": "cef587dd-76db-430b-9e18-7b031e1a193b", + "name": "Email Address" + }, + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 3, + "end": 3, + "column": { + "start": 15, + "end": 22 + } + }, + "sink": { + "start": 10, + "end": 10, + "column": { + "start": 1, + "end": 45 + }, + "content": "$this->log->info('Adding a new user', $user)" + }, + "parent_line_number": 10, + "snippet": "$this->log->info('Adding a new user', $user)", + "fingerprint": "2caf338f3e456f982a7fdc371f8426a0_5", + "old_fingerprint": "4f74b3cca38aee472340475cd0e9c736_5", + "code_extract": "$this->log->info('Adding a new user', $user);" } ] }" diff --git a/tests/php/third_parties/logger/testdata/insecure.php b/tests/php/third_parties/logger/testdata/insecure.php index 30cd543c0..fb65a6d31 100644 --- a/tests/php/third_parties/logger/testdata/insecure.php +++ b/tests/php/third_parties/logger/testdata/insecure.php @@ -5,3 +5,6 @@ $log->info('Adding a new user', $user->email); $log->info('Adding a new user', $user["email"]); $log->info('Adding a new user', $user); + +$this->logger->info('Adding a new user', $user); +$this->log->info('Adding a new user', $user); diff --git a/tests/php/third_parties/logger/testdata/ok.php b/tests/php/third_parties/logger/testdata/ok.php index 2d13fba6e..a5ffb21d1 100644 --- a/tests/php/third_parties/logger/testdata/ok.php +++ b/tests/php/third_parties/logger/testdata/ok.php @@ -4,3 +4,6 @@ $log->info('Adding a new user', $user->uuid()); $log->info('Adding a new user', $user->uuid); $log->info('Adding a new user', $user["uuid"]); + +$this->logger->info('Adding a new user', $user->userId); +$this->log->info('Adding a new user', $user->userId);