CodeReview/backend/app/services/agent/knowledge/vulnerabilities/crypto.py

"""
加密相关漏洞知识
"""

from ..base import KnowledgeDocument, KnowledgeCategory


WEAK_CRYPTO = KnowledgeDocument(
    id="vuln_weak_crypto",
    title="Weak Cryptography",
    category=KnowledgeCategory.VULNERABILITY,
    tags=["crypto", "encryption", "hash", "md5", "sha1"],
    severity="medium",
    cwe_ids=["CWE-327", "CWE-328"],
    owasp_ids=["A02:2021"],
    content="""
使用弱加密算法或不当的加密实现可能导致数据泄露。

## 危险模式

### 弱哈希算法
```python
# 危险 - MD5/SHA1用于密码
password_hash = hashlib.md5(password.encode()).hexdigest()
password_hash = hashlib.sha1(password.encode()).hexdigest()

# 危险 - 无盐哈希
hash = hashlib.sha256(password.encode()).hexdigest()
```

### 弱加密算法
```python
# 危险 - DES/3DES
from Crypto.Cipher import DES
cipher = DES.new(key, DES.MODE_ECB)

# 危险 - ECB模式
cipher = AES.new(key, AES.MODE_ECB)

# 危险 - 弱密钥
key = "12345678"  # 短密钥
key = password.encode()[:16]  # 从密码派生
```

### 不安全的随机数
```python
# 危险 - 使用random模块
import random
token = ''.join(random.choices(string.ascii_letters, k=32))
session_id = random.randint(0, 999999)
```

## 检测关键词
- md5, sha1, des, 3des, rc4
- MODE_ECB
- random.random, random.randint
- 硬编码的密钥/IV

## 安全实践
1. 密码使用bcrypt/argon2/scrypt
2. 加密使用AES-256-GCM
3. 使用secrets模块生成随机数
4. 使用KDF派生密钥

## 修复示例
```python
# 安全 - 密码哈希
import bcrypt
password_hash = bcrypt.hashpw(password.encode(), bcrypt.gensalt())

# 安全 - 加密
from cryptography.fernet import Fernet
key = Fernet.generate_key()
cipher = Fernet(key)

# 安全 - 随机数
import secrets
token = secrets.token_urlsafe(32)
```
""",
)


HARDCODED_SECRETS = KnowledgeDocument(
    id="vuln_hardcoded_secrets",
    title="Hardcoded Secrets",
    category=KnowledgeCategory.VULNERABILITY,
    tags=["secrets", "password", "credentials", "api-key", "token", "leak"],
    severity="high",
    cwe_ids=["CWE-798", "CWE-259"],
    owasp_ids=["A07:2021"],
    content="""
硬编码的凭证可能被攻击者从源代码、日志或配置文件中提取。

## 危险模式

### 硬编码密码
```python
# 危险
password = "admin123"
db_password = "P@ssw0rd!"
root_password = "toor"
```

### 硬编码API密钥
```python
# 危险
api_key = "sk-1234567890abcdef"
aws_access_key = "AKIAIOSFODNN7EXAMPLE"
stripe_key = "sk_live_xxxxx"
github_token = "ghp_xxxxxxxxxxxx"
```

### 硬编码连接字符串
```python
# 危险
connection_string = "mysql://root:password@localhost/db"
redis_url = "redis://:password@localhost:6379"
mongodb_uri = "mongodb://admin:pass@localhost:27017"
```

### 配置文件中的密钥
```yaml
# 危险 - config.yaml
database:
  password: "secret123"
jwt:
  secret: "my-jwt-secret"
```

## 检测正则
```regex
# API Keys
(api[_-]?key|apikey)['\"]?\\s*[:=]\\s*['\"][a-zA-Z0-9]{16,}['\"]
# AWS Keys
AKIA[0-9A-Z]{16}
# Private Keys
-----BEGIN (RSA |EC |DSA |OPENSSH )?PRIVATE KEY-----
# JWT Secrets
(jwt[_-]?secret|secret[_-]?key)['\"]?\\s*[:=]\\s*['\"][^'\"]+['\"]
```

## 安全实践
1. 使用环境变量
2. 使用密钥管理服务(AWS Secrets Manager, HashiCorp Vault)
3. 使用.gitignore排除敏感文件
4. 使用git-secrets防止提交
5. 定期轮换密钥

## 修复示例
```python
# 安全 - 环境变量
import os
password = os.environ.get("DB_PASSWORD")
api_key = os.environ.get("API_KEY")

# 安全 - 配置文件引用环境变量
# config.yaml
database:
  password: ${DB_PASSWORD}
```
""",
)
feat(agent): implement comprehensive agent architecture with knowledge base and persistence layer - Add database migrations for agent checkpoints and tree node tracking - Implement core agent execution framework with executor, state management, and message handling - Create knowledge base system with framework-specific modules (Django, FastAPI, Flask, Express, React, Supabase) - Add vulnerability knowledge modules covering authentication, cryptography, injection, XSS, XXE, SSRF, path traversal, deserialization, and race conditions - Introduce new agent tools: thinking tool, reporting tool, and agent-specific utilities - Implement LLM memory compression and prompt caching for improved performance - Add agent registry and persistence layer for checkpoint management - Refactor agent implementations (analysis, recon, verification, orchestrator) with enhanced capabilities - Remove legacy agent implementations (analysis_v2, react_agent) - Update API endpoints for agent task creation and project management - Add frontend components for agent task creation and enhanced audit UI - Consolidate agent service architecture with improved separation of concerns - This refactoring provides a scalable foundation for multi-agent collaboration with knowledge-driven decision making and state persistence 2025-12-12 15:27:12 +08:00			`"""`
			`加密相关漏洞知识`
			`"""`

			`from ..base import KnowledgeDocument, KnowledgeCategory`


			`WEAK_CRYPTO = KnowledgeDocument(`
			`id="vuln_weak_crypto",`
			`title="Weak Cryptography",`
			`category=KnowledgeCategory.VULNERABILITY,`
			`tags=["crypto", "encryption", "hash", "md5", "sha1"],`
			`severity="medium",`
			`cwe_ids=["CWE-327", "CWE-328"],`
			`owasp_ids=["A02:2021"],`
			`content="""`
			`使用弱加密算法或不当的加密实现可能导致数据泄露。`

			`## 危险模式`

			`### 弱哈希算法`
			```python
			`# 危险 - MD5/SHA1用于密码`
			`password_hash = hashlib.md5(password.encode()).hexdigest()`
			`password_hash = hashlib.sha1(password.encode()).hexdigest()`

			`# 危险 - 无盐哈希`
			`hash = hashlib.sha256(password.encode()).hexdigest()`
			```

			`### 弱加密算法`
			```python
			`# 危险 - DES/3DES`
			`from Crypto.Cipher import DES`
			`cipher = DES.new(key, DES.MODE_ECB)`

			`# 危险 - ECB模式`
			`cipher = AES.new(key, AES.MODE_ECB)`

			`# 危险 - 弱密钥`
			`key = "12345678" # 短密钥`
			`key = password.encode()[:16] # 从密码派生`
			```

			`### 不安全的随机数`
			```python
			`# 危险 - 使用random模块`
			`import random`
			`token = ''.join(random.choices(string.ascii_letters, k=32))`
			`session_id = random.randint(0, 999999)`
			```

			`## 检测关键词`
			`- md5, sha1, des, 3des, rc4`
			`- MODE_ECB`
			`- random.random, random.randint`
			`- 硬编码的密钥/IV`

			`## 安全实践`
			`1. 密码使用bcrypt/argon2/scrypt`
			`2. 加密使用AES-256-GCM`
			`3. 使用secrets模块生成随机数`
			`4. 使用KDF派生密钥`

			`## 修复示例`
			```python
			`# 安全 - 密码哈希`
			`import bcrypt`
			`password_hash = bcrypt.hashpw(password.encode(), bcrypt.gensalt())`

			`# 安全 - 加密`
			`from cryptography.fernet import Fernet`
			`key = Fernet.generate_key()`
			`cipher = Fernet(key)`

			`# 安全 - 随机数`
			`import secrets`
			`token = secrets.token_urlsafe(32)`
			```
			`""",`
			`)`


			`HARDCODED_SECRETS = KnowledgeDocument(`
			`id="vuln_hardcoded_secrets",`
			`title="Hardcoded Secrets",`
			`category=KnowledgeCategory.VULNERABILITY,`
			`tags=["secrets", "password", "credentials", "api-key", "token", "leak"],`
			`severity="high",`
			`cwe_ids=["CWE-798", "CWE-259"],`
			`owasp_ids=["A07:2021"],`
			`content="""`
			`硬编码的凭证可能被攻击者从源代码、日志或配置文件中提取。`

			`## 危险模式`

			`### 硬编码密码`
			```python
			`# 危险`
			`password = "admin123"`
			`db_password = "P@ssw0rd!"`
			`root_password = "toor"`
			```

			`### 硬编码API密钥`
			```python
			`# 危险`
			`api_key = "sk-1234567890abcdef"`
			`aws_access_key = "AKIAIOSFODNN7EXAMPLE"`
			`stripe_key = "sk_live_xxxxx"`
			`github_token = "ghp_xxxxxxxxxxxx"`
			```

			`### 硬编码连接字符串`
			```python
			`# 危险`
			`connection_string = "mysql://root:password@localhost/db"`
			`redis_url = "redis://:password@localhost:6379"`
			`mongodb_uri = "mongodb://admin:pass@localhost:27017"`
			```

			`### 配置文件中的密钥`
			```yaml
			`# 危险 - config.yaml`
			`database:`
			`password: "secret123"`
			`jwt:`
			`secret: "my-jwt-secret"`
			```

			`## 检测正则`
			```regex
			`# API Keys`
			`(api[_-]?key\|apikey)['\"]?\\s[:=]\\s['\"][a-zA-Z0-9]{16,}['\"]`
			`# AWS Keys`
			`AKIA[0-9A-Z]{16}`
			`# Private Keys`
			`-----BEGIN (RSA \|EC \|DSA \|OPENSSH )?PRIVATE KEY-----`
			`# JWT Secrets`
			`(jwt[_-]?secret\|secret[_-]?key)['\"]?\\s[:=]\\s['\"][^'\"]+['\"]`
			```

			`## 安全实践`
			`1. 使用环境变量`
			`2. 使用密钥管理服务(AWS Secrets Manager, HashiCorp Vault)`
			`3. 使用.gitignore排除敏感文件`
			`4. 使用git-secrets防止提交`
			`5. 定期轮换密钥`

			`## 修复示例`
			```python
			`# 安全 - 环境变量`
			`import os`
			`password = os.environ.get("DB_PASSWORD")`
			`api_key = os.environ.get("API_KEY")`

			`# 安全 - 配置文件引用环境变量`
			`# config.yaml`
			`database:`
			`password: ${DB_PASSWORD}`
			```
			`""",`
			`)`