lint/libs/lint-checks/src/main/java/com/android/tools/lint/checks/SecureRandomDetector.java - platform/tools/base - Git at Google

 /*
  * Copyright (C) 2012 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package com.android.tools.lint.checks;

 import com.android.annotations.NonNull;
 import com.android.annotations.Nullable;
 import com.android.tools.lint.detector.api.Category;
 import com.android.tools.lint.detector.api.ClassContext;
 import com.android.tools.lint.detector.api.Detector;
 import com.android.tools.lint.detector.api.Detector.ClassScanner;
 import com.android.tools.lint.detector.api.Implementation;
 import com.android.tools.lint.detector.api.Issue;
 import com.android.tools.lint.detector.api.LintUtils;
 import com.android.tools.lint.detector.api.Scope;
 import com.android.tools.lint.detector.api.Severity;

 import org.objectweb.asm.Opcodes;
 import org.objectweb.asm.Type;
 import org.objectweb.asm.tree.AbstractInsnNode;
 import org.objectweb.asm.tree.ClassNode;
 import org.objectweb.asm.tree.InsnList;
 import org.objectweb.asm.tree.MethodInsnNode;
 import org.objectweb.asm.tree.MethodNode;
 import org.objectweb.asm.tree.analysis.Analyzer;
 import org.objectweb.asm.tree.analysis.AnalyzerException;
 import org.objectweb.asm.tree.analysis.BasicInterpreter;
 import org.objectweb.asm.tree.analysis.BasicValue;
 import org.objectweb.asm.tree.analysis.Frame;

 import java.util.Collections;
 import java.util.List;

 /**
  * Checks for hardcoded seeds with random numbers.
  */
 public class SecureRandomDetector extends Detector implements ClassScanner {
     /** Unregistered activities and services */
     public static final Issue ISSUE = Issue.create(
             "SecureRandom", //$NON-NLS-1$
             "Using a fixed seed with `SecureRandom`",

             "Specifying a fixed seed will cause the instance to return a predictable sequence " +
             "of numbers. This may be useful for testing but it is not appropriate for secure use.",

             Category.SECURITY,
             9,
             Severity.WARNING,
             new Implementation(
                     SecureRandomDetector.class,
                     Scope.CLASS_FILE_SCOPE))
             .addMoreInfo("http://developer.android.com/reference/java/security/SecureRandom.html");

     private static final String SET_SEED = "setSeed"; //$NON-NLS-1$
     static final String OWNER_SECURE_RANDOM = "java/security/SecureRandom"; //$NON-NLS-1$
     private static final String OWNER_RANDOM = "java/util/Random"; //$NON-NLS-1$
     private static final String VM_SECURE_RANDOM = 'L' + OWNER_SECURE_RANDOM + ';';
     /** Method description for a method that takes a long argument (no return type specified */
     private static final String LONG_ARG = "(J)"; //$NON-NLS-1$

     /** Constructs a new {@link SecureRandomDetector} */
     public SecureRandomDetector() {
     }

     // ---- Implements ClassScanner ----

     @Override
     @Nullable
     public List<String> getApplicableCallNames() {
         return Collections.singletonList(SET_SEED);
     }

     @Override
     public void checkCall(@NonNull ClassContext context, @NonNull ClassNode classNode,
             @NonNull MethodNode method, @NonNull MethodInsnNode call) {
         String owner = call.owner;
         String desc = call.desc;
         if (owner.equals(OWNER_SECURE_RANDOM)) {
             if (desc.startsWith(LONG_ARG)) {
                 checkValidSetSeed(context, call);
             } else if (desc.startsWith("([B)")) { //$NON-NLS-1$
                 // setSeed(byte[]) ...
                 // We could do some flow analysis here to see whether the byte array getting
                 // passed in appears to be fixed.
                 // However, people calling this constructor rather than the simpler one
                 // with a fixed integer are probably less likely to make that mistake... right?
             }
         } else if (owner.equals(OWNER_RANDOM) && desc.startsWith(LONG_ARG)) {
             // Called setSeed(long) on an instanceof a Random object. Flag this if the instance
             // is likely a SecureRandom.

             // Track allocations such that we know whether the type of the call
             // is on a SecureRandom rather than a Random
             Analyzer analyzer = new Analyzer(new BasicInterpreter() {
                 @Override
                 public BasicValue newValue(Type type) {
                     if (type != null && type.getDescriptor().equals(VM_SECURE_RANDOM)) {
                         return new BasicValue(type);
                     }
                     return super.newValue(type);
                 }
             });
             try {
                 Frame[] frames = analyzer.analyze(classNode.name, method);
                 InsnList instructions = method.instructions;
                 Frame frame = frames[instructions.indexOf(call)];
                 int stackSlot = frame.getStackSize();
                 for (Type type : Type.getArgumentTypes(desc)) {
                     stackSlot -= type.getSize();
                 }
                 BasicValue stackValue = (BasicValue) frame.getStack(stackSlot);
                 Type type = stackValue.getType();
                 if (type != null && type.getDescriptor().equals(VM_SECURE_RANDOM)) {
                     checkValidSetSeed(context, call);
                 }
             } catch (AnalyzerException e) {
                 context.log(e, null);
             }
         } else if (owner.equals(OWNER_RANDOM) && desc.startsWith(LONG_ARG)) {
             // Called setSeed(long) on an instanceof a Random object. Flag this if the instance
             // is likely a SecureRandom.
             // TODO
         }
     }

     private static void checkValidSetSeed(ClassContext context, MethodInsnNode call) {
         assert call.name.equals(SET_SEED);

         // Make sure the argument passed is not a literal
         AbstractInsnNode prev = LintUtils.getPrevInstruction(call);
         if (prev == null) {
             return;
         }
         int opcode = prev.getOpcode();
         if (opcode == Opcodes.LCONST_0 || opcode == Opcodes.LCONST_1 || opcode == Opcodes.LDC) {
             context.report(ISSUE, context.getLocation(call),
                     "Do not call `setSeed()` on a `SecureRandom` with a fixed seed: " +
                     "it is not secure. Use `getSeed()`.");
         } else if (opcode == Opcodes.INVOKESTATIC) {
             String methodName = ((MethodInsnNode) prev).name;
             if (methodName.equals("currentTimeMillis") || methodName.equals("nanoTime")) {
                 context.report(ISSUE, context.getLocation(call),
                         "It is dangerous to seed `SecureRandom` with the current time because " +
                         "that value is more predictable to an attacker than the default seed.");
             }
         }
     }
 }
	/*
	* Copyright (C) 2012 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package com.android.tools.lint.checks;

	import com.android.annotations.NonNull;
	import com.android.annotations.Nullable;
	import com.android.tools.lint.detector.api.Category;
	import com.android.tools.lint.detector.api.ClassContext;
	import com.android.tools.lint.detector.api.Detector;
	import com.android.tools.lint.detector.api.Detector.ClassScanner;
	import com.android.tools.lint.detector.api.Implementation;
	import com.android.tools.lint.detector.api.Issue;
	import com.android.tools.lint.detector.api.LintUtils;
	import com.android.tools.lint.detector.api.Scope;
	import com.android.tools.lint.detector.api.Severity;

	import org.objectweb.asm.Opcodes;
	import org.objectweb.asm.Type;
	import org.objectweb.asm.tree.AbstractInsnNode;
	import org.objectweb.asm.tree.ClassNode;
	import org.objectweb.asm.tree.InsnList;
	import org.objectweb.asm.tree.MethodInsnNode;
	import org.objectweb.asm.tree.MethodNode;
	import org.objectweb.asm.tree.analysis.Analyzer;
	import org.objectweb.asm.tree.analysis.AnalyzerException;
	import org.objectweb.asm.tree.analysis.BasicInterpreter;
	import org.objectweb.asm.tree.analysis.BasicValue;
	import org.objectweb.asm.tree.analysis.Frame;

	import java.util.Collections;
	import java.util.List;

	/**
	* Checks for hardcoded seeds with random numbers.
	*/
	public class SecureRandomDetector extends Detector implements ClassScanner {
	/** Unregistered activities and services */
	public static final Issue ISSUE = Issue.create(
	"SecureRandom", //$NON-NLS-1$
	"Using a fixed seed with `SecureRandom`",

	"Specifying a fixed seed will cause the instance to return a predictable sequence " +
	"of numbers. This may be useful for testing but it is not appropriate for secure use.",

	Category.SECURITY,
	9,
	Severity.WARNING,
	new Implementation(
	SecureRandomDetector.class,
	Scope.CLASS_FILE_SCOPE))
	.addMoreInfo("http://developer.android.com/reference/java/security/SecureRandom.html");

	private static final String SET_SEED = "setSeed"; //$NON-NLS-1$
	static final String OWNER_SECURE_RANDOM = "java/security/SecureRandom"; //$NON-NLS-1$
	private static final String OWNER_RANDOM = "java/util/Random"; //$NON-NLS-1$
	private static final String VM_SECURE_RANDOM = 'L' + OWNER_SECURE_RANDOM + ';';
	/** Method description for a method that takes a long argument (no return type specified */
	private static final String LONG_ARG = "(J)"; //$NON-NLS-1$

	/** Constructs a new {@link SecureRandomDetector} */
	public SecureRandomDetector() {
	}

	// ---- Implements ClassScanner ----

	@Override
	@Nullable
	public List<String> getApplicableCallNames() {
	return Collections.singletonList(SET_SEED);
	}

	@Override
	public void checkCall(@NonNull ClassContext context, @NonNull ClassNode classNode,
	@NonNull MethodNode method, @NonNull MethodInsnNode call) {
	String owner = call.owner;
	String desc = call.desc;
	if (owner.equals(OWNER_SECURE_RANDOM)) {
	if (desc.startsWith(LONG_ARG)) {
	checkValidSetSeed(context, call);
	} else if (desc.startsWith("([B)")) { //$NON-NLS-1$
	// setSeed(byte[]) ...
	// We could do some flow analysis here to see whether the byte array getting
	// passed in appears to be fixed.
	// However, people calling this constructor rather than the simpler one
	// with a fixed integer are probably less likely to make that mistake... right?
	}
	} else if (owner.equals(OWNER_RANDOM) && desc.startsWith(LONG_ARG)) {
	// Called setSeed(long) on an instanceof a Random object. Flag this if the instance
	// is likely a SecureRandom.

	// Track allocations such that we know whether the type of the call
	// is on a SecureRandom rather than a Random
	Analyzer analyzer = new Analyzer(new BasicInterpreter() {
	@Override
	public BasicValue newValue(Type type) {
	if (type != null && type.getDescriptor().equals(VM_SECURE_RANDOM)) {
	return new BasicValue(type);
	}
	return super.newValue(type);
	}
	});
	try {
	Frame[] frames = analyzer.analyze(classNode.name, method);
	InsnList instructions = method.instructions;
	Frame frame = frames[instructions.indexOf(call)];
	int stackSlot = frame.getStackSize();
	for (Type type : Type.getArgumentTypes(desc)) {
	stackSlot -= type.getSize();
	}
	BasicValue stackValue = (BasicValue) frame.getStack(stackSlot);
	Type type = stackValue.getType();
	if (type != null && type.getDescriptor().equals(VM_SECURE_RANDOM)) {
	checkValidSetSeed(context, call);
	}
	} catch (AnalyzerException e) {
	context.log(e, null);
	}
	} else if (owner.equals(OWNER_RANDOM) && desc.startsWith(LONG_ARG)) {
	// Called setSeed(long) on an instanceof a Random object. Flag this if the instance
	// is likely a SecureRandom.
	// TODO
	}
	}

	private static void checkValidSetSeed(ClassContext context, MethodInsnNode call) {
	assert call.name.equals(SET_SEED);

	// Make sure the argument passed is not a literal
	AbstractInsnNode prev = LintUtils.getPrevInstruction(call);
	if (prev == null) {
	return;
	}
	int opcode = prev.getOpcode();
	if (opcode == Opcodes.LCONST_0 \|\| opcode == Opcodes.LCONST_1 \|\| opcode == Opcodes.LDC) {
	context.report(ISSUE, context.getLocation(call),
	"Do not call `setSeed()` on a `SecureRandom` with a fixed seed: " +
	"it is not secure. Use `getSeed()`.");
	} else if (opcode == Opcodes.INVOKESTATIC) {
	String methodName = ((MethodInsnNode) prev).name;
	if (methodName.equals("currentTimeMillis") \|\| methodName.equals("nanoTime")) {
	context.report(ISSUE, context.getLocation(call),
	"It is dangerous to seed `SecureRandom` with the current time because " +
	"that value is more predictable to an attacker than the default seed.");
	}
	}
	}
	}