added qhelps, initial queries for cipher mode, symmetric, obsolete KDF alg

Author: chanel-y

powershell/ql/src/queries/security/cwe-327/ApprovedCipherMode.qhelp

@@ -0,0 +1,47 @@
+<!DOCTYPE qhelp PUBLIC "-//Semmle//qhelp//EN" "qhelp.dtd">
+<qhelp>
+  <overview>
+    <p>
+      Cipher modes determine how block ciphers process data during encryption. Some cipher modes
+      such as Electronic Codebook (ECB) and Output Feedback (OFB) are considered weak and should
+      not be used for encryption.
+    </p>
+    <p>
+      ECB mode encrypts identical plaintext blocks into identical ciphertext blocks, which can 
+      reveal patterns in the encrypted data and leak information about the plaintext. OFB mode
+      has weaknesses that can lead to security issues when the same initialization vector (IV)
+      is reused.
+    </p>
+  </overview>
+  <recommendation>
+    <p>
+      Use a secure cipher mode such as Cipher Block Chaining (CBC) with a random initialization
+      vector (IV), or an authenticated encryption mode like Galois/Counter Mode (GCM). GCM is 
+      preferred as it provides both confidentiality and integrity.
+    </p>
+  </recommendation>
+  <example>
+    <p>
+      The following example shows a weak cipher mode (ECB) being used for encryption:
+    </p>
+    <sample language="powershell">
+# BAD: Using ECB mode which reveals patterns in encrypted data
+$aes = [System.Security.Cryptography.Aes]::Create()
+$aes.Mode = [System.Security.Cryptography.CipherMode]::ECB
+    </sample>
+    <p>
+      The following example shows a recommended approach using CBC mode with a random IV:
+    </p>
+    <sample language="powershell">
+# GOOD: Using CBC mode with a random IV
+$aes = [System.Security.Cryptography.Aes]::Create()
+$aes.Mode = [System.Security.Cryptography.CipherMode]::CBC
+$aes.GenerateIV()
+    </sample>
+  </example>
+  <references>
+    <li>NIST, SP 800-38A: <a href="https://csrc.nist.gov/publications/detail/sp/800-38a/final">Recommendation for Block Cipher Modes of Operation</a>.</li>
+    <li>OWASP: <a href="https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html">Cryptographic Storage Cheat Sheet</a>.</li>
+    <li>CWE-327: <a href="https://cwe.mitre.org/data/definitions/327.html">Use of a Broken or Risky Cryptographic Algorithm</a>.</li>
+  </references>
+</qhelp>

powershell/ql/src/queries/security/cwe-327/ApprovedCipherMode.ql

@@ -1,57 +1,81 @@
 /**
- * @name Use of a weak cipher mode
- * @description Using weak cipher modes such as ECB or OFB can compromise the security of encrypted data.
- * @kind problem
- * @problem.severity error
- * @security-severity 7.5
- * @precision high
- * @id powershell/weak-cipher-mode
- * @tags security
- *       external/cwe/cwe-327
- */
+* @name Insecure Symmetric cipher mode
+* @description Use of insecure cipher mode
+* @problem.severity error
+* @kind path-problem
+* @security-severity 8.8
+* @precision high
+* @id powershell/microsoft/public/weak-cipher-mode
+* @tags correctness
+*       security
+*       external/cwe/cwe-327
+*/
 
 import powershell
-import semmle.code.powershell.ApiGraphs
-import semmle.code.powershell.dataflow.TaintTracking
 import semmle.code.powershell.dataflow.DataFlow
+import semmle.code.powershell.dataflow.TaintTracking
+import semmle.code.powershell.ApiGraphs
+import WeakEncryptionFlow::PathGraph
 
-class WeakCipherMode extends API::Node {
-    WeakCipherMode() {
-            this = API::getTopLevelMember("system").getMember("security").getMember("cryptography").getMember("ciphermode").getMember("cbc")
-    }
-}
-
-module WeakCipherModeConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { 
-    exists(WeakCipherMode wcm | source = wcm.asSource())
+class AesCreation extends ObjectCreation {
+  AesCreation() {
+    this.getAnArgument().getValue().stringMatches("System.Security.Cryptography.AesManaged")
+  }
 }
 
-  predicate isSink(DataFlow::Node sink) { any() }
-
+class AesModeProperty extends MemberExpr {
+  AesModeProperty() {
+    exists(DataFlow::ObjectCreationNode aesObjectCreation, DataFlow::Node aesObjectAccess |
+      (
+        aesObjectCreation.asExpr().getExpr().(ObjectCreation).getAnArgument().getValue().stringMatches("System.Security.Cryptography.AesManaged") or 
+        aesObjectCreation.(DataFlow::CallNode)= API::getTopLevelMember("system").getMember("security").getMember("cryptography").getMember("aes").getMember("create").asCall() 
+      )
+      and
+      aesObjectAccess.getALocalSource() = aesObjectCreation and
+      aesObjectAccess.asExpr().getExpr() = this.getQualifier() and
+      this.getLowerCaseMemberName() = "mode"
+    )
+  }
 }
 
-module CommandInjectionFlow = TaintTracking::Global<WeakCipherModeConfig>;
-
-
-
-//dataflow from WeakCipherMode to Mode property of System.Security.Cryptography.Aes object!  
-
-from DataFlow::Node mode 
-where mode = API::getTopLevelMember("system")
+class WeakAesMode extends DataFlow::Node {
+  WeakAesMode() {
+    exists(API::Node node, string modeValue |
+      node =
+        API::getTopLevelMember("system")
             .getMember("security")
             .getMember("cryptography")
-            .getMember("aes")
-            .getMember("mode")
-            .asSink()
-// select mode, "mode member of aes"
+            .getMember("ciphermode")
+            .getMember(modeValue) and
+      modeValue = ["ecb", "ofb", "cfb", "ctr", "obc"] and
+      this = node.asSource()
+    ) or 
+    exists(StringConstExpr s | 
+      s.getValueString().toLowerCase() = ["ecb", "ofb", "cfb", "ctr", "obc"] and 
+      this.asExpr().getExpr() = s
+    )
+  }
+}
+
+module Config implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { source instanceof WeakAesMode }
 
-from API::Node item 
-select item, "node"
+  predicate isSink(DataFlow::Node sink) {
+    sink.(DataFlow::PostUpdateNode).getPreUpdateNode().asExpr().getExpr() =
+      any(AesModeProperty mode).getQualifier()
+  }
 
+  predicate allowImplicitRead(DataFlow::Node n, DataFlow::ContentSet cs) {
+    isSink(n) and
+    exists(DataFlow::Content::FieldContent fc |
+      cs.isSingleton(fc) and
+      fc.getLowerCaseName() = "mode"
+    )
+  }
+}
 
-// from API::Node sink
-// where sink = API::getTopLevelMember("system").getMember("security").getMember("cryptography").getMember("ciphermode").getMember("cbc")
-// select sink, sink.asSource()
+module WeakEncryptionFlow = TaintTracking::Global<Config>;
 
-// from InvokeEncryptModeArgument a 
-// select a, "Use of weak cipher mode in encryption."
+from WeakEncryptionFlow::PathNode source, WeakEncryptionFlow::PathNode sink
+where WeakEncryptionFlow::flowPath(source, sink)
+select sink.getNode(), source, sink, ""

powershell/ql/src/queries/security/cwe-327/ObsoleteKDFAlgorithm.qhelp

@@ -0,0 +1,45 @@
+<!DOCTYPE qhelp PUBLIC "-//Semmle//qhelp//EN" "qhelp.dtd">
+<qhelp>
+  <overview>
+    <p>
+      Key Derivation Functions (KDFs) are used to derive cryptographic keys from passwords or 
+      other secret values. Using obsolete or weak KDF algorithms can compromise password security.
+    </p>
+    <p>
+      The <code>PasswordDeriveBytes</code> class implements the PBKDF1 algorithm, which is 
+      considered obsolete and insecure. PBKDF1 has known weaknesses and is limited to producing
+      keys that are at most 160 bits in length.
+    </p>
+  </overview>
+  <recommendation>
+    <p>
+      Use the <code>Rfc2898DeriveBytes</code> class which implements the PBKDF2 algorithm with
+      a SHA-2 hash function (such as SHA-256 or SHA-512). Additionally, use a high iteration
+      count (at least 100,000) to increase resistance against brute-force attacks.
+    </p>
+  </recommendation>
+  <example>
+    <p>
+      The following example shows the use of an obsolete KDF algorithm:
+    </p>
+    <sample language="powershell">
+# BAD: Using PasswordDeriveBytes which implements PBKDF1
+$kdf = New-Object System.Security.Cryptography.PasswordDeriveBytes($password, $salt)
+$key = $kdf.CryptDeriveKey("AES", "SHA256", 256, $iv)
+    </sample>
+    <p>
+      The following example shows the recommended approach using PBKDF2:
+    </p>
+    <sample language="powershell">
+# GOOD: Using Rfc2898DeriveBytes with SHA-256 and high iteration count
+$kdf = New-Object System.Security.Cryptography.Rfc2898DeriveBytes($password, $salt, 100000, [System.Security.Cryptography.HashAlgorithmName]::SHA256)
+$key = $kdf.GetBytes(32)
+    </sample>
+  </example>
+  <references>
+    <li>NIST, SP 800-132: <a href="https://csrc.nist.gov/publications/detail/sp/800-132/final">Recommendation for Password-Based Key Derivation</a>.</li>
+    <li>OWASP: <a href="https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html">Password Storage Cheat Sheet</a>.</li>
+    <li>CWE-327: <a href="https://cwe.mitre.org/data/definitions/327.html">Use of a Broken or Risky Cryptographic Algorithm</a>.</li>
+    <li>CWE-328: <a href="https://cwe.mitre.org/data/definitions/328.html">Use of Weak Hash</a>.</li>
+  </references>
+</qhelp>

powershell/ql/src/queries/security/cwe-327/ObsoleteKDFAlgorithm.ql

@@ -1,8 +1,7 @@
 /**
  * @name Use of obsolete Key Derivation Function (KDF) algorithm
- * @description Using obsolete or weak KDF algorithms like PasswordDeriveBytes (PBKDF1) 
- *              instead of secure alternatives like Rfc2898DeriveBytes (PBKDF2) can 
- *              compromise password security.
+ * @description Do not use obsolete or weak KDF algorithms like PasswordDeriveBytes (PBKDF1) 
+ *              instead of secure alternatives like Rfc2898DeriveBytes (PBKDF2)
  * @kind problem
  * @problem.severity error
  * @security-severity 7.5
@@ -25,34 +24,21 @@ class CryptDeriveKeyCall extends DataFlow::CallNode {
         this = API::getTopLevelMember("system")
             .getMember("security")
             .getMember("cryptography")
-            .getMember("passwordderivebytes")
+            .getMember("passwordderivebytes").getInstance()
             .getMember("cryptderivekey")
             .asCall()
             or 
         this = API::getTopLevelMember("system")
             .getMember("security")
             .getMember("cryptography")
-            .getMember("rfc2898derivebytes")
+            .getMember("rfc2898derivebytes").getInstance()
             .getMember("cryptderivekey")
             .asCall()
     }
 }
 
-// from DataFlow::CallNode cn 
-// where
-//     cn instanceof CryptDeriveKeyCall
-// select cn, "Use of obsolete Crypto API. Consider using Rfc2898DeriveBytes (PBKDF2) or a more modern alternative like Argon2."
+from DataFlow::CallNode cn 
+where
+    cn instanceof CryptDeriveKeyCall
+select cn, "Use of obsolete Crypto API. Password-based key derivation should use the PBKDF2 algorithm with SHA-2 hashing"
 
-// from DataFlow::CallNode cn 
-// select cn, "cn"
-// from CryptDeriveKeyCall cn
-// select cn, "Use of obsolete KDF algorithm PasswordDeriveBytes (PBKDF1). Consider using Rfc2898DeriveBytes (PBKDF2) or a more modern alternative like Argon2."
-
-from DataFlow::CallNode apiNode
-where 
-apiNode = API::getTopLevelMember("system")
-            .getMember("security")
-            .getMember("cryptography")
-            .getMember("passwordderivebytes")
-            .getMember("cryptderivekey").asCall()
-select apiNode, "node"

powershell/ql/src/queries/security/cwe-327/WeakHashes.qhelp

@@ -0,0 +1,49 @@
+<!DOCTYPE qhelp PUBLIC "-//Semmle//qhelp//EN" "qhelp.dtd">
+<qhelp>
+  <overview>
+    <p>
+      Cryptographic hash functions are used to verify data integrity and for password storage.
+      Using weak or broken cryptographic hash algorithms can compromise security.
+    </p>
+    <p>
+      The MD5 and SHA-1 hash algorithms are considered cryptographically weak and should not
+      be used for security-sensitive purposes. MD5 has known collision vulnerabilities, and
+      SHA-1 has been demonstrated to be vulnerable to practical collision attacks.
+    </p>
+  </overview>
+  <recommendation>
+    <p>
+      Use a strong cryptographic hash algorithm from the SHA-2 family, such as SHA-256, SHA-384,
+      or SHA-512. For password hashing, consider using a specialized password hashing function
+      like PBKDF2, bcrypt, or Argon2.
+    </p>
+  </recommendation>
+  <example>
+    <p>
+      The following example shows the use of weak hash algorithms:
+    </p>
+    <sample language="powershell">
+# BAD: Using MD5 which is cryptographically broken
+$md5 = [System.Security.Cryptography.MD5]::Create()
+$hash = $md5.ComputeHash($data)
+
+# BAD: Using SHA1 which has known collision vulnerabilities
+$sha1 = [System.Security.Cryptography.SHA1]::Create()
+$hash = $sha1.ComputeHash($data)
+    </sample>
+    <p>
+      The following example shows the recommended approach using SHA-256:
+    </p>
+    <sample language="powershell">
+# GOOD: Using SHA-256 which is a strong cryptographic hash
+$sha256 = [System.Security.Cryptography.SHA256]::Create()
+$hash = $sha256.ComputeHash($data)
+    </sample>
+  </example>
+  <references>
+    <li>NIST, SP 800-131A: <a href="https://csrc.nist.gov/publications/detail/sp/800-131a/rev-2/final">Transitioning the Use of Cryptographic Algorithms and Key Lengths</a>.</li>
+    <li>OWASP: <a href="https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html">Password Storage Cheat Sheet</a>.</li>
+    <li>CWE-327: <a href="https://cwe.mitre.org/data/definitions/327.html">Use of a Broken or Risky Cryptographic Algorithm</a>.</li>
+    <li>CWE-328: <a href="https://cwe.mitre.org/data/definitions/328.html">Use of Weak Hash</a>.</li>
+  </references>
+</qhelp>

powershell/ql/src/queries/security/cwe-327/WeakHashes.ql

@@ -25,8 +25,8 @@ class WeakHashAlgorithmObjectCreation extends DataFlow::ObjectCreationNode {
   }
 }
 
-class WeakHashAlgorithmObjectCreate extends DataFlow::CallNode {
-    WeakHashAlgorithmObjectCreate() {
+class WeakHashAlgorithmCreateCall extends DataFlow::CallNode {
+    WeakHashAlgorithmCreateCall() {
         this = API::getTopLevelMember("system").getMember("security").getMember("cryptography").getMember("md5").getMember("create").asCall() or
         this = API::getTopLevelMember("system").getMember("security").getMember("cryptography").getMember("sha1").getMember("create").asCall() 
   }
@@ -58,6 +58,6 @@ class CreateFromNameSink extends DataFlow::CallNode {
 from DataFlow::Node sink 
 where sink instanceof ComputeHashSink or 
 sink instanceof WeakHashAlgorithmObjectCreation or 
-sink instanceof WeakHashAlgorithmObjectCreate or 
+sink instanceof WeakHashAlgorithmCreateCall or 
 sink instanceof CreateFromNameSink
-select sink, "Use of weak cryptographic hash algorithm."
+select sink, "Use of weak cryptographic hash algorithm."

powershell/ql/src/queries/security/cwe-327/WeakSymmetricAlgorithm.qhelp

@@ -0,0 +1,55 @@
+<!DOCTYPE qhelp PUBLIC "-//Semmle//qhelp//EN" "qhelp.dtd">
+<qhelp>
+  <overview>
+    <p>
+      Symmetric encryption algorithms are used to protect data confidentiality. Using broken
+      or weak cryptographic algorithms can compromise the security of encrypted data.
+    </p>
+    <p>
+      The DES, Triple DES (3DES), RC2, and Rijndael algorithms are considered weak or deprecated:
+    </p>
+    <ul>
+      <li>DES has a 56-bit key which is too short and can be broken with modern hardware.</li>
+      <li>Triple DES (3DES) is deprecated due to its small block size (64 bits) which makes it vulnerable to birthday attacks.</li>
+      <li>RC2 has known weaknesses and uses variable key sizes that may not provide adequate security.</li>
+      <li>Rijndael is the original name for AES but should be accessed through the AES class for standardized behavior.</li>
+    </ul>
+  </overview>
+  <recommendation>
+    <p>
+      Use the AES (Advanced Encryption Standard) algorithm with a key size of 128, 192, or 256 bits.
+      AES is the current standard for symmetric encryption and is considered secure when used correctly.
+    </p>
+  </recommendation>
+  <example>
+    <p>
+      The following examples show the use of weak symmetric algorithms:
+    </p>
+    <sample language="powershell">
+# BAD: Using DES which has a 56-bit key
+$des = [System.Security.Cryptography.DES]::Create()
+
+# BAD: Using Triple DES which is deprecated
+$tdes = [System.Security.Cryptography.TripleDES]::Create()
+
+# BAD: Using RC2 which has known weaknesses
+$rc2 = [System.Security.Cryptography.RC2]::Create()
+    </sample>
+    <p>
+      The following example shows the recommended approach using AES:
+    </p>
+    <sample language="powershell">
+# GOOD: Using AES which is the current standard
+$aes = [System.Security.Cryptography.Aes]::Create()
+$aes.KeySize = 256
+$aes.GenerateKey()
+$aes.GenerateIV()
+    </sample>
+  </example>
+  <references>
+    <li>NIST, FIPS 197: <a href="https://csrc.nist.gov/publications/detail/fips/197/final">Advanced Encryption Standard (AES)</a>.</li>
+    <li>NIST, SP 800-131A: <a href="https://csrc.nist.gov/publications/detail/sp/800-131a/rev-2/final">Transitioning the Use of Cryptographic Algorithms and Key Lengths</a>.</li>
+    <li>OWASP: <a href="https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html#rule---use-strong-approved-authenticated-encryption">Rule - Use strong approved cryptographic algorithms</a>.</li>
+    <li>CWE-327: <a href="https://cwe.mitre.org/data/definitions/327.html">Use of a Broken or Risky Cryptographic Algorithm</a>.</li>
+  </references>
+</qhelp>