← 返回首页
Cleartext transmission of sensitive information — CodeQL query help documentation CodeQL docs
CodeQL documentation
CodeQL resources

Cleartext transmission of sensitive information

ID: cpp/cleartext-transmission Kind: path-problem Security severity: 7.5 Severity: warning Precision: high Tags: - security - external/cwe/cwe-319 - external/cwe/cwe-359 Query suites: - cpp-code-scanning.qls - cpp-security-extended.qls - cpp-security-and-quality.qls

Click to see the query in the CodeQL repository

Sensitive information that is stored unencrypted is accessible to an attacker who gains access to the storage.

Recommendation

Ensure that sensitive information is always encrypted before being stored to a file or transmitted over the network. It may be wise to encrypt information before it is put into a buffer that may be readable in memory.

In general, decrypt sensitive information only at the point where it is necessary for it to be used in cleartext.

Example

The following example shows two ways of storing user credentials in a file. In the ‘BAD’ case, the credentials are simply stored in cleartext. In the ‘GOOD’ case, the credentials are encrypted before storing them.

#include <sodium.h> #include <stdio.h> #include <string.h> void writeCredentialsBad(FILE *file, const char *cleartextCredentials) { // BAD: write password to disk in cleartext fputs(cleartextCredentials, file); } int writeCredentialsGood(FILE *file, const char *cleartextCredentials, const unsigned char *key, const unsigned char *nonce) { size_t credentialsLen = strlen(cleartextCredentials); size_t ciphertext_len = crypto_secretbox_MACBYTES + credentialsLen; unsigned char *ciphertext = malloc(ciphertext_len); if (!ciphertext) { logError(); return -1; } // encrypt the password first if (crypto_secretbox_easy(ciphertext, (const unsigned char *)cleartextCredentials, credentialsLen, nonce, key) != 0) { free(ciphertext); logError(); return -1; } // GOOD: write encrypted password to disk fwrite(ciphertext, 1, ciphertext_len, file); free(ciphertext); return 0; }

Note that for the ‘GOOD’ example to work we need to link against an encryption library (in this case libsodium), initialize it with a call to sodium_init, and create the key and nonce with crypto_secretbox_keygen and randombytes_buf respectively. We also need to store those details securely so they can be used for decryption.

References