CodeQL documentation
CodeQL resources

Cleartext storage of sensitive information in file

ID: cpp/cleartext-storage-file Kind: path-problem Security severity: 7.5 Severity: warning Precision: high Tags: - security - external/cwe/cwe-260 - external/cwe/cwe-313 Query suites: - cpp-code-scanning.qls - cpp-security-extended.qls - cpp-security-and-quality.qls

Click to see the query in the CodeQL repository

Sensitive information that is stored unencrypted is accessible to an attacker who gains access to the storage.

Recommendation

Ensure that sensitive information is always encrypted before being stored to a file or transmitted over the network. It may be wise to encrypt information before it is put into a buffer that may be readable in memory.

In general, decrypt sensitive information only at the point where it is necessary for it to be used in cleartext.

Example

The following example shows two ways of storing user credentials in a file. In the ‘BAD’ case, the credentials are simply stored in cleartext. In the ‘GOOD’ case, the credentials are encrypted before storing them.

#include<sodium.h>#include<stdio.h>#include<string.h>voidwriteCredentialsBad(FILE*file,constchar*cleartextCredentials){// BAD: write password to disk in cleartextfputs(cleartextCredentials,file);}intwriteCredentialsGood(FILE*file,constchar*cleartextCredentials,constunsignedchar*key,constunsignedchar*nonce){size_tcredentialsLen=strlen(cleartextCredentials);size_tciphertext_len=crypto_secretbox_MACBYTES+credentialsLen;unsignedchar*ciphertext=malloc(ciphertext_len);if(!ciphertext){logError();return-1;}// encrypt the password firstif(crypto_secretbox_easy(ciphertext,(constunsignedchar*)cleartextCredentials,credentialsLen,nonce,key)!=0){free(ciphertext);logError();return-1;}// GOOD: write encrypted password to diskfwrite(ciphertext,1,ciphertext_len,file);free(ciphertext);return0;}

Note that for the ‘GOOD’ example to work we need to link against an encryption library (in this case libsodium), initialize it with a call to sodium_init, and create the key and nonce with crypto_secretbox_keygen and randombytes_buf respectively. We also need to store those details securely so they can be used for decryption.

References

  • M. Dowd, J. McDonald and J. Schuhm, The Art of Software Security Assessment, 1st Edition, Chapter 2 - ‘Common Vulnerabilities of Encryption’, p. 43. Addison Wesley, 2006.

  • M. Howard and D. LeBlanc, Writing Secure Code, 2nd Edition, Chapter 9 - ‘Protecting Secret Data’, p. 299. Microsoft, 2002.

  • Common Weakness Enumeration: CWE-260.

  • Common Weakness Enumeration: CWE-313.

close