Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rust: Query for cleartext logging of sensitive information #18582

Open
wants to merge 20 commits into
base: main
Choose a base branch
from
Open

Rust: Query for cleartext logging of sensitive information #18582

wants to merge 20 commits into from
+822 −30

Conversation

geoffw0
Copy link
Contributor

@geoffw0 geoffw0 commented Jan 23, 2025

New query for cleartext logging of sensitive information in Rust. There are plans to add more sinks in future, but what's here should give us fairly good coverage.

@geoffw0 geoffw0 added no-change-note-required This PR does not need a change note Rust Pull requests that update Rust code labels Jan 23, 2025
@Copilot Copilot bot review requested due to automatic review settings January 23, 2025 18:04
Copilot
Copilot AI reviewed Jan 23, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot reviewed 13 out of 13 changed files in this pull request and generated 1 comment.

Tip: If you use Visual Studio Code, you can request a review from Copilot before you push from the "Source Control" tab. Learn more

rust/ql/src/queries/security/CWE-312/CleartextLoggingBad.rs Outdated Show resolved Hide resolved
geoffw0
geoffw0 commented Jan 23, 2025
View reviewed changes
rust/ql/src/queries/security/CWE-312/CleartextLogging.ql

predicate isAdditionalFlowStep(Node node1, Node node2) {
// flow from `a` to `&a`
node2.asExpr().getExpr().(RefExpr).getExpr() = node1.asExpr().getExpr()
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We possibly want something like this as a general flow step. It matters for basically all the test cases that mention &password in the source I think. @paldepind what do you think?

geoffw0
geoffw0 commented Jan 23, 2025
View reviewed changes
rust/ql/src/queries/security/CWE-312/CleartextLogging.ql
predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) {
// flow out from tuple content at sinks.
isSink(node) and
c.getAReadContent() instanceof TuplePositionContent
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I couldn't get tuple content to work in the models-as-data sink itself, so this might have to do for now.

@github-actions GitHub Actions
Copy link
Contributor

QHelp previews:

rust/ql/src/queries/security/CWE-312/CleartextLogging.qhelp

Cleartext logging of sensitive information

Sensitive user data and system information that is logged could be seen by an attacker when it is displayed. Also, external processes often store the standard output and standard error streams of an application, which will include logged sensitive information.

Recommendation

Do not log sensitive data. If it is necessary to log sensitive data, encrypt it before logging.

Example

The following example code logs user credentials (in this case, their password) in plaintext:

let password = "P@ssw0rd";
info!("User password changed to {password}");

Instead, you should encrypt the credentials, or better still omit them entirely:

let password = "P@ssw0rd";
info!("User password changed");

References

  • M. Dowd, J. McDonald and J. Schuhm, The Art of Software Security Assessment, 1st Edition, Chapter 2 - 'Common Vulnerabilities of Encryption', p. 43. Addison Wesley, 2006.
  • M. Howard and D. LeBlanc, Writing Secure Code, 2nd Edition, Chapter 9 - 'Protecting Secret Data', p. 299. Microsoft, 2002.
  • OWASP: Logging Cheat Sheet - Data to exclude.
  • Common Weakness Enumeration: CWE-312.
  • Common Weakness Enumeration: CWE-359.
  • Common Weakness Enumeration: CWE-532.

@geoffw0 geoffw0 added the ready-for-doc-review This PR requires and is ready for review from the GitHub docs team. label Jan 23, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
documentation no-change-note-required This PR does not need a change note ready-for-doc-review This PR requires and is ready for review from the GitHub docs team. Rust Pull requests that update Rust code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@geoffw0