Skip to content
This repository has been archived by the owner on Oct 11, 2024. It is now read-only.

Commit

Permalink
Corrected docs in 1335, note this is the 2nd 1335 going into 01 folder
Browse files Browse the repository at this point in the history 
There has been a mixup of 1335's. This one is the second one expected to be in a 01 subfolder of 1335. The main 1335 doc and code will follow shortly.
Also the text of this 1335 README.md had to be modified.

Added 1335 doc, fixed code formatting, updated main Readme, added dummy 191

Fixed some code formatting issues in the code
Added 1335 Readme.md
Added dummy 191 for link in 1335
Updated main Readme.md
  • Loading branch information
@myteron
myteron committed May 10, 2024
1 parent a541d9e commit f96ce0d
Show file tree
Hide file tree
Showing 9 changed files with 178 additions and 27 deletions.
148 changes: 148 additions & 0 deletions CWE-682/CWE-1335/01/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,148 @@
# CWE-1335: Promote readability and compatibility by using mathematical written code with arithmetic operations instead of bit-wise operations

`C` and `C++` used to have two design patterns in order to optimize resource utilization:

* Bit-wise operations for divisions or multiplication shifting the whole content of a variable to left or right for increased speed.
* Flag registers, or Boolean's stored in a single bit of an int or byte for space reduction.

`C` and `C++` no longer promote these design patterns. The use of bit-wise operations for arithmetic or flag registers can reduce readability, predictability of the code and can also cause compatibility issues. Some bit-wise operations can reduce performance. Python tries to safeguard changes between positive and negative numbers by storing the sign separately. It tries to prevent overflows by using either `32-bit unsigned integer` arrays with `30-bit` digits or `16-bit` unsigned integer arrays with `15-bit` digit [[Rusher 2017]](https://rushter.com/blog/python-integer-implementation/). In other words, Python changes and adapts on the fly.

The `example01.py` code demonstrates bit-wise operators available in Python.

*[example01.py](example01.py):*

```py
foo = 50
bar = 42
print(f"foo = {foo} = {foo:08b}") # :08b is just for pretty print
print(f"foo = {bar} = {bar:08b}\n")

# bit wise operations in Python:
print(f"foo << 2 = {(foo << 2):08b}") # binary shift left
print(f"foo >> 2 = {(foo >> 2):08b}") # binary shift right
print(f"~foo = {(~foo):08b}") # flipping bits
print(f"foo & bar = {(foo & bar):08b}") # binary AND
print(f"foo | bar = {(foo | bar):08b}") # binary OR
print(f"foo ^ bar = {(foo ^ bar):08b}") # binary XOR
```

Output from above example01.py:

```bash
foo = 50 = 00110010
foo = 42 = 00101010

foo << 2 = 11001000
foo >> 2 = 00001100
~foo = -0110011
foo & bar = 00100010
foo | bar = 00111010
foo ^ bar = 00011000
```
The `example02.py` code demonstrates how Python 2 changes an int to long to prevent an overflow condition while Python 3 is always storing an `int` as `long` [[Python 3.10.5 2022]](https://rushter.com/blog/python-integer-implementation/).
*[example02.py](example02.py):*
```py
for shift in [16, 32, 64]:
bar = 5225 << shift
print("foo << " + str(shift) + ": type " + str(type(bar)) + " " + str(bin(bar)))
```
Left shift in `example02.py` changes type to long class in Python 2:
```bash
foo << 16: type <type 'int'> 0b10100011010010000000000000000
foo << 32: type <type 'int'> 0b101000110100100000000000000000000000000000000
foo << 64: type <type 'long'> 0b10100011010010000000000000000000000000000000000000000000000000000000000000000
```
Left shift in `example02.py` stays type int class but stores as long Python 3:
```bash
foo << 16: type <class 'int'> 0b10100011010010000000000000000
foo << 32: type <class 'int'> 0b101000110100100000000000000000000000000000000
foo << 64: type <class 'int'> 0b10100011010010000000000000000000000000000000000000000000000000000000000000000
```
## Non-compliant Code Example (Left Shift)
Multiplication by `4` can be archived by a `2x` left. The `noncompliant01.py` code demonstrates an attempt to calculate `8 * 4 + 10` in one line.
*[noncompliant01.py](noncompliant01.py):*
```py
""" Non-compliant Code Example """
print(8 << 2 + 10)
```
The `noncompliaint01.py` code results in printing `32768` instead of `42`. Adding brackets `print((8 << 2) + 10)` would fix this specific issue whilst still remaining prune to other issues.
## Compliant Solution (Left Shift)
The statement in `compliant01.py` clarifies the programmer's intention.
*[compliant01.py](compliant01.py):*
```py
""" Compliant Code Example """
print(8 * 4 + 10)
```
It is recommended by *[CWE-191, Integer Underflow (Wrap or Wraparound)](../CWE-191/README.md)* to also check for under or overflow.
## Non-compliant Code Example (Right Shift)
In this non-compliant code example is using an arithmetic right shift >>= operator in an attempt to optimize performance for dividing x by 4 without floating point.
*[noncompliant02.py](noncompliant02.py):*
```py
""" Non-compliant Code Example """
foo: int
foo = -50
foo >>= 2
print(foo)
```
The expectation of the `>>= 2` right shift operator is that it fills the leftmost bits of `0011 0010` with two zeros resulting in `0000 1100` or decimal twelve. Instead a potentially expected `-12` in `foo` we have internal processing truncating the values from `-12.5` to `-13`.
## Compliant Solution (Right Shift)
The right shift is replaced by division in `compliant02.py`.
*[compliant02.py](compliant02.py):*
```py
""" Compliant Code Example """
foo: int
foo = -50
foo /= 4
print(foo)
```
## Automated Detection
unknown
## Related Guidelines
|||
|:---|:---|
|[MITRE CWE](http://cwe.mitre.org/)|Pillar [CWE-664: Improper Control of a Resource Through its Lifetime (4.13) (mitre.org)](https://cwe.mitre.org/data/definitions/664.html)|
|[MITRE CWE](http://cwe.mitre.org/)|Base [CWE-1335: Incorrect Bitwise Shift of Integer (4.12)](https://cwe.mitre.org/data/definitions/1335.html)|
|[SEI CERT Coding Standard for Java](https://wiki.sei.cmu.edu/confluence/display/java/SEI+CERT+Oracle+Coding+Standard+for+Java)|[NUM00-J. Detect or prevent integer overflow](https://wiki.sei.cmu.edu/confluence/display/java/NUM00-J.+Detect+or+prevent+integer+overflow)|
|[SEI CERT C Coding Standard](https://wiki.sei.cmu.edu/confluence/display/c/SEI+CERT+C+Coding+Standard)|[INT32-C. Ensure that operations on signed integers do not result in overflow](https://wiki.sei.cmu.edu/confluence/display/c/INT32-C.+Ensure+that+operations+on+signed+integers+do+not+result+in+overflow)|
|[ISO/IEC TR 24772:2010](http://www.aitcnet.org/isai/)|Wrap-around Error \[XYY]|
## Biblography
|||
|:---|:---|
|\[Rusher 2017]|Python internals: Arbitrary-precision integer implementation \[online]. Available from: <https://rushter.com/blog/python-integer-implementation/> \[accessed 8 May 2024]|
|[Python 3.9 2022]|Build-in Types \[online]. Available from: <https://docs.python.org/3.9/library/stdtypes.html> \[accessed 8 May 2024]|
5 changes: 2 additions & 3 deletions CWE-682/CWE-1335/compliant01.py → CWE-682/CWE-1335/01/compliant01.py
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@

""" Compliant Code Example """
print(8 * 4 + 10)

print(8 * 4 + 10)
4 changes: 2 additions & 2 deletions CWE-682/CWE-1335/compliant02.py → CWE-682/CWE-1335/01/compliant02.py
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
""" Compliant Code Example """

foo: int
foo = -50
foo /= 4
print(foo)
print(foo)
4 changes: 2 additions & 2 deletions CWE-682/CWE-1335/example01.py → CWE-682/CWE-1335/01/example01.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,11 @@
bar = 42
print(f"foo = {foo} = {foo:08b}") # :08b is just for pretty print
print(f"foo = {bar} = {bar:08b}\n")

# bit wise operations in Python:
print(f"foo << 2 = {(foo << 2):08b}") # binary shift left
print(f"foo >> 2 = {(foo >> 2):08b}") # binary shift right
print(f"~foo = {(~foo):08b}") # flipping bits
print(f"foo & bar = {(foo & bar):08b}") # binary AND
print(f"foo | bar = {(foo | bar):08b}") # binary OR
print(f"foo ^ bar = {(foo ^ bar):08b}") # binary XOR
print(f"foo ^ bar = {(foo ^ bar):08b}") # binary XOR
0 CWE-682/CWE-1335/example02.py → CWE-682/CWE-1335/01/example02.py
View file
File renamed without changes.
4 changes: 2 additions & 2 deletions CWE-682/CWE-1335/noncompliant01.py → CWE-682/CWE-1335/01/noncompliant01.py
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
""" Non-compliant Code Example """
print(8 << 2 + 10)

print(8 << 2 + 10)
4 changes: 2 additions & 2 deletions CWE-682/CWE-1335/noncompliant02.py → CWE-682/CWE-1335/01/noncompliant02.py
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
""" Non-compliant Code Example """

foo: int
foo = -50
foo >>= 2
print(foo)
print(foo)
4 changes: 4 additions & 0 deletions CWE-682/CWE-191/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
# CWE-191, Integer Underflow (Wrap or Wraparound)

PLACEHOLDER for # CWE-1335: Promote readability and compatibility by using mathematical written code with arithmetic operations instead of bit-wise operations link

32 changes: 16 additions & 16 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,32 +1,35 @@
# Secure Coding One Stop Shop for Python

Promote secure products by knowing the difference between secure compliant
and non-compliant code with `CPython >= 3.9` using modules listed on
[Python Module Index](https://docs.python.org/3.9/py-modindex.html)[Python 2023].
Promote secure products by knowing the difference between secure compliant
and non-compliant code with `CPython >= 3.9` using modules listed on
[Python Module Index](https://docs.python.org/3.9/py-modindex.html)[Python 2023].

This page is in initiative by Ericsson to improve secure coding in Python by providing a location for study. Its structure is based on
Common Weakness Enamurator (CWE) [Pillar Weakness](https://cwe.mitre.org/documents/glossary/#Pillar%20Weakness) [mitre.org 2023].
This page is in initiative by Ericsson to improve secure coding in Python by providing a location for study. Its structure is based on
Common Weakness Enamurator (CWE) [Pillar Weakness](https://cwe.mitre.org/documents/glossary/#Pillar%20Weakness) [mitre.org 2023].
It currently contains *only* the code examples, documentation will follow.

# Disclaimer
## Disclaimer

Content comes WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, as stated in the license text [CC-BY-4.0](LICENSE/CC-BY-4.0.txt) for documentation and [MIT](LICENSE/MIT.txt).
Following or using the documentation and or code is at your own risk. Code examples are intended purely for educational use and not for products in parts or in full.
Code examples are NOT to be used to cause harm of any kind to anyone or anything.

## Introduction

# Introduction
Every person writing code shall study the following:

* OWASP Secure Coding [Practices-Quick Reference Guide](https://owasp.org/www-project-secure-coding-practices-quick-reference-guide/) [OWASP 2022]
* OWASP Top 10 Report [OWASP 2022](https://owasp.org/www-project-top-ten/) [OWASP 2022]
* CWE Top 25 2022 [CWE 2022](https://cwe.mitre.org/top25/archive/2022/2022_cwe_top25.html) [MITRE 2023]

# Secure Coding Standard for Python
## Secure Coding Standard for Python

Code examples are written to explain security design with as little code as possible demonstrating the issue in the `noncompliantXX.py` titled Python file.
The `compliantXX.py` file demonstrates only the mitigation or removal of the described risk.
None of the code examples are intendet to be used 'as is' for production. Using the code is at your own risk.

It is **not production code** and requires code-style or python best practices to be added such as:

* Inline documentation
* Custom exceptions
* Full descriptive variable names
Expand All @@ -36,7 +39,7 @@ It is **not production code** and requires code-style or python best practices t

|[CWE-664: Improper Control of a Resource Through its Lifetime](https://cwe.mitre.org/data/definitions/664.html)|Prominent CVE|
|:-----------------------------------------------------------------------------------------------------------------------------------------------|:----|
|[CWE-134: Use of Externally-Controlled Format String](CWE-664/CWE-134/.)|[CVE-2022-27177](https://www.cvedetails.com/cve/CVE-2022-27177/),<br />CVSSv3.1: **9.8**,<br />EPSS:**00.37**(01.12.2023)|
|[CWE-134: Use of Externally-Controlled Format String](CWE-664/CWE-134/.)|[CVE-2022-27177](https://www.cvedetails.com/cve/CVE-2022-27177/),<br/>CVSSv3.1: **9.8**,<br/>EPSS:**00.37**(01.12.2023)|
|[CWE-197: Numeric Truncation Error](CWE-664/CWE-197/.)||
|[CWE-400: Uncontrolled Resource Consumption](CWE-664/CWE-400/.)||
|[CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)](CWE-664/CWE-409/.)||
Expand All @@ -48,10 +51,9 @@ It is **not production code** and requires code-style or python best practices t
|[XXX-005: Consider hash-based integrity verification of byte code files against their source code files](CWE-664/XXX-005/.)||
|<img width=680>|<img width=140>|


|[CWE-682: Incorrect Calculation](https://cwe.mitre.org/data/definitions/682.html)|Prominent CVE|
|:---------------------------------------------------------------------------------------------------------------|:----|
|[CWE-1335: Promote readability and compatibility by using mathematical written code with arithmetic operations instead of bit-wise operations](CWE-682/CWE-1335/.)||
|[CWE-1335: Promote readability and compatibility by using mathematical written code with arithmetic operations instead of bit-wise operations](CWE-682/CWE-1335/01/README.md)||
|[CWE-1339: Insufficient Precision or Accuracy of a Real Number](CWE-682/CWE-1339/.) ||
|<img width=680>|<img width=140>|

Expand All @@ -71,7 +73,7 @@ It is **not production code** and requires code-style or python best practices t

|[CWE-707: Improper Neutralization](https://cwe.mitre.org/data/definitions/707.html)|Prominent CVE|
|:----------------------------------------------------------------|:----|
|[CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')](CWE-707/CWE-89/.)|[CVE-2019-8600](https://www.cvedetails.com/cve/CVE-2019-8600/),<br />CVSSv3.1: **9.8**,<br />EPSS:**01.43**(18.02.2024)|
|[CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')](CWE-707/CWE-89/.)|[CVE-2019-8600](https://www.cvedetails.com/cve/CVE-2019-8600/),<br/>CVSSv3.1: **9.8**,<br/>EPSS:**01.43**(18.02.2024)|
|[CWE-117: Improper Output Neutralization for Logs](CWE-707/CWE-117/.)||
|[CWE-180: Incorrect behavior order: Validate before Canonicalize](CWE-707/CWE-180/.)||
|<img width=680>|<img width=140>|
Expand All @@ -82,9 +84,7 @@ It is **not production code** and requires code-style or python best practices t
|[CWE-1109: Use of Same Variable for Multiple Purposes](CWE-710/CWE-1109/.)||
|<img width=680>|<img width=140>|



# Biblography
## Biblography

|Ref|Detail|
|-----|-----|
Expand All @@ -94,7 +94,7 @@ It is **not production code** and requires code-style or python best practices t
|[OWASP 2022]|[OWASP Top 10 Report 2022](https://owasp.org/www-project-top-ten/)|
|[MITRE 2023]|[CWE Top 25 2022](https://cwe.mitre.org/top25/archive/2022/2022_cwe_top25.html)|

## License

# License
* [CC-BY 4.0](LICENSE/CC-BY-4.0.txt) for documentation
* [MIT](LICENSE/MIT.txt) for code snippets

0 comments on commit f96ce0d

Please sign in to comment.