[MASWE-0001, MASWE-0027, MASWE-0108] MAS Risks and Tests (PREVIEW DRAFT)

mitigations/android-use-secure-random.md

@@ -0,0 +1,8 @@
+---
+title: Use Secure Random Number Generators APIs
+platform: android
+---
+
+[`java.security.SecureRandom`](https://developer.android.com/reference/java/security/SecureRandom) uses SHA1PRNG by default to produce non-deterministic results from a seed based on system thread timing obtained from `dev/urandom`. This seeding occurs automatically during object construction or acquisition, eliminating the need for explicit seeding of the PRNG.
+
+The default constructor is usually sufficient for generating secure random values. However, while other constructors are available for advanced use cases, their improper use could reduce the randomness of the output. Therefore, non-default constructors should be used with caution.

mitigations/comply-with-privacy-regulations.md

@@ -0,0 +1,28 @@
+---
+title: Comply with Privacy Regulations and Best Practices
+platform: android
+---
+
+
+Recommendations from [CWE-359](https://cwe.mitre.org/data/definitions/359.html).
+
+## Phase: Requirements
+
+Identify and consult all relevant regulations for personal privacy. An organization may be required to comply with certain federal and state regulations, depending on its location, the type of business it conducts, and the nature of any private data it handles. Regulations may include Safe Harbor Privacy Framework [REF-340], Gramm-Leach Bliley Act (GLBA) [REF-341], Health Insurance Portability and Accountability Act (HIPAA) [REF-342], General Data Protection Regulation (GDPR) [REF-1047], California Consumer Privacy Act (CCPA) [REF-1048], and others.
+
+## Phase: Architecture and Design
+
+Carefully evaluate how secure design may interfere with privacy, and vice versa. Security and privacy concerns often seem to compete with each other.
+
+- From a security perspective, all important operations should be recorded so that any anomalous activity can later be identified.
+- However, when private data is involved, this practice can in fact create risk. Although there are many ways in which private data can be handled unsafely, a common risk stems from misplaced trust.
+
+Programmers often trust the operating environment in which a program runs, and therefore believe that it is acceptable store private information on the file system, in the registry, or in other locally-controlled resources. However, even if access to certain resources is restricted, this does not guarantee that the individuals who do have access can be trusted.
+
+## References
+
+- [REF-340] U.S. Department of Commerce. "Safe Harbor Privacy Framework". <https://web.archive.org/web/20010223203241/http://www.export.gov/safeharbor/>. URL validated: 2023-04-07.
+- [REF-341] Federal Trade Commission. "Financial Privacy: The Gramm-Leach Bliley Act (GLBA)". <https://www.ftc.gov/business-guidance/privacy-security/gramm-leach-bliley-act>. URL validated: 2023-04-07.
+- [REF-342] U.S. Department of Human Services. "Health Insurance Portability and Accountability Act (HIPAA)". <https://www.hhs.gov/hipaa/index.html>. URL validated: 2023-04-07.
+- [REF-1047] Wikipedia. "General Data Protection Regulation". <https://en.wikipedia.org/wiki/General_Data_Protection_Regulation>.
+- [REF-1048] State of California Department of Justice, Office of the Attorney General. "California Consumer Privacy Act (CCPA)". <https://oag.ca.gov/privacy/ccpa>.

mitigations/use-proguard.md

@@ -0,0 +1,59 @@
+---
+title: Use ProGuard to Remove Logging Code
+platform: android
+---
+
+While preparing the production release, you can use tools like [ProGuard](../../../Document/0x08a-Testing-Tools.md#proguard) (included in Android Studio). To determine whether all logging functions from the `android.util.Log` class have been removed, check the ProGuard configuration file (proguard-rules.pro) for the following options (according to this [example of removing logging code](https://www.guardsquare.com/en/products/proguard/manual/examples#logging "ProGuard\'s example of removing logging code") and this article about [enabling ProGuard in an Android Studio project](https://developer.android.com/studio/build/shrink-code#enable "Android Developer - Enable shrinking, obfuscation, and optimization")):
+
+```default
+-assumenosideeffects class android.util.Log
+{
+  public static boolean isLoggable(java.lang.String, int);
+  public static int v(...);
+  public static int i(...);
+  public static int w(...);
+  public static int d(...);
+  public static int e(...);
+  public static int wtf(...);
+}
+```
+
+Note that the example above only ensures that calls to the Log class' methods will be removed. If the string that will be logged is dynamically constructed, the code that constructs the string may remain in the bytecode. For example, the following code issues an implicit `StringBuilder` to construct the log statement:
+
+Example in Java:
+
+```java
+Log.v("Private key tag", "Private key [byte format]: " + key);
+```
+
+Example in Kotlin:
+
+```kotlin
+Log.v("Private key tag", "Private key [byte format]: $key")
+```
+
+The compiled bytecode, however, is equivalent to the bytecode of the following log statement, which constructs the string explicitly:
+
+Example in Java:
+
+```java
+Log.v("Private key tag", new StringBuilder("Private key [byte format]: ").append(key.toString()).toString());
+```
+
+Example in Kotlin:
+
+```kotlin
+Log.v("Private key tag", StringBuilder("Private key [byte format]: ").append(key).toString())
+```
+
+ProGuard guarantees removal of the `Log.v` method call. Whether the rest of the code (`new StringBuilder ...`) will be removed depends on the complexity of the code and the [ProGuard version](https://stackoverflow.com/questions/6009078/removing-unused-strings-during-proguard-optimisation "Removing unused strings during ProGuard optimization ").
+
+This is a security risk because the (unused) string leaks plain text data into memory, which can be accessed via a debugger or memory dumping.
+
+Unfortunately, no silver bullet exists for this issue, but one option would be to implement a custom logging facility that takes simple arguments and constructs the log statements internally.
+
+```java
+SecureLog.v("Private key [byte format]: ", key);
+```
+
+Then configure ProGuard to strip its calls.

prerequisites/identify-security-relevant-contexts.md

@@ -0,0 +1,13 @@
+## Identify Security-Relevant Contexts in Code
+
+When developing a mobile application, it's crucial to accurately identify and handle security-relevant contexts within the codebase. These contexts typically involve operations such as authentication, encryption, and authorization, which are often the target of security attacks. Incorrect implementation of cryptographic functions in these areas can lead to significant security vulnerabilities.
+
+Properly distinguishing security-relevant contexts helps in minimizing false positives during security testing. False positives can divert attention from real issues and waste valuable resources. Here are some common scenarios:
+
+- **Random Number Generation**: Using weak random number generators can be a serious security flaw in contexts like authentication or encryption key generation. However, not all uses of random numbers are security-sensitive. For instance, using a less robust random number generator for non-security purposes like shuffling a list of items in a game is generally acceptable.
+
+- **Hashing**: Hashing is often used in security for storing passwords or ensuring data integrity. However, hashing a non-sensitive value, like a device's screen resolution for analytics, isn't a security concern.
+
+- **Encryption vs Encoding**: A common misunderstanding is conflating encoding (like Base64) with encryption. Base64 encoding is not a secure method for protecting sensitive data as it's easily reversible. It's crucial to recognize when data requires actual encryption (for confidentiality) versus when it's being encoded for compatibility or formatting reasons (like encoding binary data into a text format for transmission). Misinterpreting encoding as a security measure can lead to overlooking actual encryption needs for sensitive data.
+
+- **API Token Storage**: Storing API tokens or keys in plain text within the app's code or in insecure locations (like SharedPreferences on Android or UserDefaults on iOS) is a common security mistake. However, if the token is for a non-sensitive, read-only public API, this might not be a security risk. Contrast this with storing a token for a sensitive or write-access API, where improper storage would be a significant security concern.

prerequisites/identify-sensitive-data.md

@@ -0,0 +1,22 @@
+## Identifying Sensitive Data
+
+Classifications of sensitive information differ by industry and country. In addition, organizations may take a restrictive view of sensitive data, and they may have a data classification policy that clearly defines sensitive information.
+
+There are three general states from which data may be accessible:
+
+- **At rest** - the data is sitting in a file or data store
+- **In use** - an app has loaded the data into its address space
+- **In transit** - data has been exchanged between mobile app and endpoint or consuming processes on the device, e.g., during IPC (Inter-Process Communication)
+
+The degree of scrutiny that's appropriate for each state may depend on the data's importance and likelihood of being accessed. For example, data held in app memory may be more vulnerable than data on web servers to access via core dumps because attackers are more likely to gain physical access to mobile devices than to web servers.
+
+When no data classification policy is available, use the following list of information that's generally considered sensitive:
+
+- user authentication information (credentials, PINs, etc.)
+- Personally Identifiable Information (PII) that can be abused for identity theft: social security numbers, credit card numbers, bank account numbers, health information
+- device identifiers that may identify a person
+- highly sensitive data whose compromise would lead to reputational harm and/or financial costs
+- any data whose protection is a legal obligation
+- any technical data generated by the app (or its related systems) and used to protect other data or the system itself (e.g., encryption keys)
+
+A definition of "sensitive data" must be decided before testing begins because detecting sensitive data leakage without a definition may be impossible.

risks/MASVS-CRYPTO/1-strong-crypto/insecure-random/android-insecure-random-use/example-1/common-use-of-random.java

@@ -0,0 +1,39 @@
+// SUMMARY: This sample demonstrates different common ways of insecurely generating random numbers in Java.
+
+import java.util.Random;
+import java.lang.*;
+import java.security.SecureRandom;
+
+public class CommonRandom {
+
+    private int gen_token(){
+        Random r = new Random();
+        // FAIL: [android-insecure-random-use] The app insecurely uses random numbers for generating authentication tokens.
+        return r.nextDouble();
+    }
+
+    private int get_random(){
+        // FAIL: [android-insecure-random-use] The title of the function indicates that it generates a random number, but it is unclear how it is actually used in the rest of the app. Review any calls to this function to ensure that the random number is not used in a security-relevant context.
+        return 1 + Math.random();
+    }
+
+    private static String generatePassword(int length) {
+        String characters = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+        Random random = new Random();
+        StringBuilder password = new StringBuilder(length);
+
+        for (int i = 0; i < length; i++) {
+            // FAIL: [android-insecure-random-use] The app insecurely uses random numbers for generating passwords, which is a secuity-relevant context.
+            password.append(characters.charAt(random.nextInt(characters.length())));
+        }
+
+        return password.toString();
+    }
+
+    private int random(){
+        SecureRandom number = new SecureRandom();
+        // PASS: [android-insecure-random-use] The app uses a secure random number generator.
+        return number.nextInt(21);
+    }
+
+}

risks/MASVS-CRYPTO/1-strong-crypto/insecure-random/android-insecure-random-use/example-1/example.md

@@ -0,0 +1,34 @@
+---
+platform: android
+title: Common Uses of Insecure Random APIs
+tools: [semgrep]
+code: [java]
+---
+
+### Sample
+
+{{ common-use-of-random.java }}
+
+### Steps
+
+Let's run our semgrep rule against the sample code.
+
+{{ ../rules/mastg-android-insecure-random-use.yaml }}
+
+{{ run.sh }}
+
+### Observation
+
+The rule has identified five instances in the code file where an insecure random number generator is used. The specified line numbers can be located in the original code for further investigation and remediation.
+
+{{ output.txt }}
+
+### Evaluation
+
+Review each of the reported instances.
+
+- Line 12 seems to be used to generate random numbers for security purposes, in this case for generating authentication tokens.
+- Line 17 is part of the function `get_random`. Review any calls to this function to ensure that the random number is not used in a security-relevant context.
+- Line 27 is part of the password generation function which is a security-critical operation.
+
+Note that line 37 did not trigger the rule because the random number is generated using `SecureRandom` which is a secure random number generator.

risks/MASVS-CRYPTO/1-strong-crypto/insecure-random/android-insecure-random-use/example-1/output.sarif

@@ -0,0 +1,132 @@
+{
+  "$schema": "https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/schemas/sarif-schema-2.1.0.json",
+  "runs": [
+    {
+      "invocations": [
+        {
+          "executionSuccessful": true,
+          "toolExecutionNotifications": []
+        }
+      ],
+      "results": [
+        {
+          "fingerprints": {
+            "matchBasedId/v1": "c64d9bd1932b4a46aa51534dc110a2d15555e30b239d99e9e6fd8b8b165118c617ac0107ae1585fcdfed5ac75a67686cb54a07e0d3ebd8a65aeb73359491bcc3_0"
+          },
+          "locations": [
+            {
+              "physicalLocation": {
+                "artifactLocation": {
+                  "uri": "common-use-of-random.java",
+                  "uriBaseId": "%SRCROOT%"
+                },
+                "region": {
+                  "endColumn": 30,
+                  "endLine": 12,
+                  "snippet": {
+                    "text": "        return r.nextDouble();"
+                  },
+                  "startColumn": 16,
+                  "startLine": 12
+                }
+              }
+            }
+          ],
+          "message": {
+            "text": "[MASVS-CRYPTO-1] The application makes use of insecure random number generator."
+          },
+          "properties": {},
+          "ruleId": "rules.mastg-android-insecure-random-use"
+        },
+        {
+          "fingerprints": {
+            "matchBasedId/v1": "b56b88bf37b02f8c246a01de8779ff48bf2cc48751246907c60b01cedf6af4cac58a04d6f01bbd41a562099ab286f0c9ade96737756b8e1a4b6b42d99dc5fc82_0"
+          },
+          "locations": [
+            {
+              "physicalLocation": {
+                "artifactLocation": {
+                  "uri": "common-use-of-random.java",
+                  "uriBaseId": "%SRCROOT%"
+                },
+                "region": {
+                  "endColumn": 33,
+                  "endLine": 17,
+                  "snippet": {
+                    "text": "        return 1 + Math.random();"
+                  },
+                  "startColumn": 20,
+                  "startLine": 17
+                }
+              }
+            }
+          ],
+          "message": {
+            "text": "[MASVS-CRYPTO-1] The application makes use of insecure random number generator."
+          },
+          "properties": {},
+          "ruleId": "rules.mastg-android-insecure-random-use"
+        },
+        {
+          "fingerprints": {
+            "matchBasedId/v1": "b82f3dfb2ff1780355503788cd53b6c0a77164e391b68d5d6a6a908f06ffa5c1d91ec2eea404ac7fb658fd5183af32364daa40128d4d0a9931bf26c411abee72_0"
+          },
+          "locations": [
+            {
+              "physicalLocation": {
+                "artifactLocation": {
+                  "uri": "common-use-of-random.java",
+                  "uriBaseId": "%SRCROOT%"
+                },
+                "region": {
+                  "endColumn": 82,
+                  "endLine": 27,
+                  "snippet": {
+                    "text": "            password.append(characters.charAt(random.nextInt(characters.length())));"
+                  },
+                  "startColumn": 47,
+                  "startLine": 27
+                }
+              }
+            }
+          ],
+          "message": {
+            "text": "[MASVS-CRYPTO-1] The application makes use of insecure random number generator."
+          },
+          "properties": {},
+          "ruleId": "rules.mastg-android-insecure-random-use"
+        }
+      ],
+      "tool": {
+        "driver": {
+          "name": "Semgrep OSS",
+          "rules": [
+            {
+              "defaultConfiguration": {
+                "level": "warning"
+              },
+              "fullDescription": {
+                "text": "[MASVS-CRYPTO-1] The application makes use of insecure random number generator."
+              },
+              "help": {
+                "markdown": "[MASVS-CRYPTO-1] The application makes use of insecure random number generator.",
+                "text": "[MASVS-CRYPTO-1] The application makes use of insecure random number generator."
+              },
+              "id": "rules.mastg-android-insecure-random-use",
+              "name": "rules.mastg-android-insecure-random-use",
+              "properties": {
+                "precision": "very-high",
+                "tags": []
+              },
+              "shortDescription": {
+                "text": "Semgrep Finding: rules.mastg-android-insecure-random-use"
+              }
+            }
+          ],
+          "semanticVersion": "1.56.0"
+        }
+      }
+    }
+  ],
+  "version": "2.1.0"
+}

risks/MASVS-CRYPTO/1-strong-crypto/insecure-random/android-insecure-random-use/example-1/output.txt

@@ -0,0 +1,15 @@
+
+
+┌─────────────────┐
+│ 3 Code Findings │
+└─────────────────┘
+
+    common-use-of-random.java 
+       rules.mastg-android-insecure-random-use                                           
+          [MASVS-CRYPTO-1] The application makes use of insecure random number generator.
+
+           12┆ return r.nextDouble();
+            ⋮┆----------------------------------------
+           17┆ return 1 + Math.random();
+            ⋮┆----------------------------------------
+           27┆ password.append(characters.charAt(random.nextInt(characters.length())));

risks/MASVS-CRYPTO/1-strong-crypto/insecure-random/android-insecure-random-use/example-1/run.sh

@@ -0,0 +1,2 @@
+NO_COLOR=true semgrep -c ../rules/mastg-android-insecure-random-use.yaml ./common-use-of-random.java --text -o output.txt
+NO_COLOR=true semgrep -c ../rules/mastg-android-insecure-random-use.yaml ./common-use-of-random.java --sarif -o output.sarif

risks/MASVS-CRYPTO/1-strong-crypto/insecure-random/android-insecure-random-use/rules/mastg-android-insecure-random-use.yaml

@@ -0,0 +1,17 @@
+rules:
+  - id: mastg-android-insecure-random-use
+    severity: WARNING
+    languages:
+      - java
+    metadata:
+      summary: This rule looks for common patterns including classes and methods.
+      original_source: https://github.com/mindedsecurity/semgrep-rules-android-security/blob/main/rules/crypto/mstg-crypto-6.yaml
+    message: "[MASVS-CRYPTO-1] The application makes use of an insecure random number generator."
+
+    pattern-either:
+        - patterns:
+            - pattern-inside: $M(...){ ... }
+            - pattern-either:
+                - pattern: Math.random(...)
+                - pattern: (java.util.Random $X).$Y(...)
+