Here is the combined list of vulnerabilities from the provided lists, formatted as markdown:
This document outlines the identified security vulnerabilities in the rootcerts library. Each vulnerability is detailed with its description, impact, rank, existing and missing mitigations, preconditions, source code analysis, and a security test case.
-
Description: The
rootcertslibrary is vulnerable to path traversal. When loading CA certificates from a file path (CAFile) or a directory path (CAPath) as specified in theConfig, the library directly uses these paths without proper sanitization. If an attacker can control these paths—for example, through environment variables—they can inject traversal sequences like "../" to access files outside the intended certificate directories. This allows reading arbitrary files on the system.Step-by-step triggering scenario:
- An application using the
rootcertslibrary allows external configuration ofCAFileorCAPath. - An attacker gains control over the values of these configuration parameters, for instance, by manipulating environment variables.
- The attacker sets
CAFileorCAPathto a path containing traversal sequences (e.g.,../../../sensitive_file.txt). - When the application initializes TLS using
rootcerts, the library attempts to load certificates from the attacker-controlled path. Due to the lack of sanitization, the library reads the file specified by the path traversal.
- An application using the
-
Impact: Successful path traversal can lead to arbitrary file reading. An attacker could potentially access sensitive information such as application configuration files, source code, or other system files. This information disclosure can severely compromise the application's security and potentially the underlying system.
-
Vulnerability Rank: High
-
Currently implemented mitigations: None. The library directly uses the provided paths with
ioutil.ReadFileandfilepath.Walkwithout any input validation or sanitization. -
Missing mitigations: Input sanitization for
CAFileandCAPathin theConfigis crucial. The library should implement validation and sanitization of these paths to prevent traversal attacks. Recommended mitigations include:- Verifying that the provided paths are within an expected base directory.
- Rejecting paths that contain ".." components.
- Ensuring that resolved paths do not escape the intended base directory.
-
Preconditions:
- An application utilizes the
rootcertslibrary for TLS configuration. - The application permits external configuration of
CAFileorCAPath, possibly through environment variables or user-provided input. - An attacker is capable of controlling the values of these configuration parameters.
- An application utilizes the
-
Source code analysis:
- The vulnerability is located in
rootcerts.gowithin theLoadCAFileandLoadCAPathfunctions. - In
LoadCAFile, thecaFilepath from theConfigis directly passed toioutil.ReadFile()without any validation:func LoadCAFile(caFile string) (*x509.CertPool, error) { // ... pem, err := ioutil.ReadFile(caFile) // Vulnerable line: caFile is not sanitized // ... }
- Similarly, in
LoadCAPath, thecaPathand thepathvariable within thefilepath.Walkfunction are used directly withioutil.ReadFile()without sanitization:func LoadCAPath(caPath string) (*x509.CertPool, error) { // ... walkFn := func(path string, info os.FileInfo, err error) error { // ... pem, err := ioutil.ReadFile(path) // Vulnerable line: path is not sanitized // ... } err := filepath.Walk(caPath, walkFn) // Vulnerable line: caPath is not sanitized // ... }
- The absence of path sanitization in both functions allows an attacker to manipulate the paths to read files outside the intended certificate directories.
- The vulnerability is located in
-
Security test case:
- Setup: Create a test directory structure:
Populate
/tmp/test_rootcerts/app/ /tmp/test_rootcerts/certs/cacert.pem (Valid PEM certificate file) /tmp/test_rootcerts/sensitive_file.txt (File to be accessed via path traversal)cacert.pemwith a valid PEM certificate andsensitive_file.txtwith sensitive content. - Application: Create a Go application
test_app.goin/tmp/test_rootcerts/app/that usesrootcerts, configurable via theTEST_CAFILEenvironment variable:package main // ... (code from provided example) ...
- Compilation: Compile the application:
go build test_app.go - Baseline Test (No Traversal): Run the application with a valid certificate path:
Observe the expected x509 error, but not the content of
export TEST_CAFILE=/tmp/test_rootcerts/certs/cacert.pem cd /tmp/test_rootcerts/app/ ./test_app
sensitive_file.txt. - Path Traversal Test: Run the application with a path traversal payload:
Expected Outcome: The application will attempt to read and parse
export TEST_CAFILE='../../../sensitive_file.txt' cd /tmp/test_rootcerts/app/ ./test_app
/tmp/test_rootcerts/sensitive_file.txtas a certificate. The output will either display the content ofsensitive_file.txtifos.ReadFilesucceeds, or show an error indicating PEM parsing failure on the content ofsensitive_file.txt, confirming successful path traversal.
- Setup: Create a test directory structure:
-
Description: This vulnerability is specific to Darwin (macOS) systems. The
rootcertslibrary, in its Darwin-specific implementation, retrieves certificates from system and user keychains. While system keychain paths are hardcoded, the path to the user's login keychain is dynamically constructed using the user's home directory, obtained viahomedir.Dir(). This function typically relies on theHOMEenvironment variable without validation. If an attacker can control theHOMEenvironment variable (e.g., in containerized environments or through misconfiguration), they can manipulate the login keychain path. By placing a crafted keychain file at this attacker-controlled path, they can inject malicious CA certificates into the TLS certificate pool whenLoadSystemCAs()is called.Step-by-step triggering scenario:
- An attacker gains control over the
HOMEenvironment variable of the process running the application. - The attacker sets
HOMEto a malicious directory, for example,/tmp/malicious_home. - When
certKeychains()is executed on a Darwin system, it uses the manipulatedHOMEvalue to construct the login keychain path, such as/tmp/malicious_home/Library/Keychains/login.keychain. - The attacker creates the directory structure
/tmp/malicious_home/Library/Keychains/and places a craftedlogin.keychainfile containing attacker-controlled PEM certificates within it. - During TLS configuration,
LoadSystemCAs()iterates over keychain paths, including the manipulated login keychain path, and executes/usr/bin/security find-certificate -a -p <malicious_keychain_path>. - The output from the
securitycommand, now including certificates from the attacker's keychain, is incorporated into the TLS certificate pool.
- An attacker gains control over the
-
Impact: Successfully injecting malicious CA certificates allows an attacker to perform man-in-the-middle attacks on TLS connections. The attacker can issue fraudulent certificates for any domain, compromising session confidentiality and data integrity. This can lead to complete compromise of TLS-protected communications.
-
Vulnerability Rank: High (potentially Critical in vulnerable deployments)
-
Currently implemented mitigations:
- The library uses the macOS
securitytool (/usr/bin/security) to extract certificates from keychains, which is a trusted system utility. - Two of the three keychain paths are hardcoded, pointing to system-level keychains.
However, there is no validation of the
HOMEenvironment variable or the path returned byhomedir.Dir(), making it vulnerable to manipulation.
- The library uses the macOS
-
Missing mitigations:
- HOME environment variable validation: The library should validate the directory obtained from
homedir.Dir()to ensure it aligns with expected patterns or is within a trusted location. - Configurable login keychain path: Provide an option to explicitly configure the login keychain path, overriding the derivation from
HOME, allowing for secure deployments whereHOMEmight be untrusted. - Path whitelisting/sandboxing: Before using a keychain file, the library should verify that the file resides within a set of predefined, trusted directories.
- HOME environment variable validation: The library should validate the directory obtained from
-
Preconditions:
- The application is running on a Darwin (macOS) system, triggering the Darwin-specific code path in
rootcerts. - An attacker can influence the environment in which the application is launched, such as through container misconfiguration, insecure orchestration, or manipulated startup scripts.
- The attacker can create a crafted keychain file at the location derived from the manipulated
HOMEenvironment variable.
- The application is running on a Darwin (macOS) system, triggering the Darwin-specific code path in
-
Source code analysis:
- In
/code/rootcerts_darwin.go, thecertKeychains()function constructs the keychain paths:Thefunc certKeychains() []string { keychains := []string{ "/System/Library/Keychains/SystemRootCertificates.keychain", "/Library/Keychains/System.keychain", } home, err := homedir.Dir() if err == nil { loginKeychain := path.Join(home, "Library", "Keychains", "login.keychain") keychains = append(keychains, loginKeychain) } return keychains }
loginKeychainpath is derived directly from the output ofhomedir.Dir(), which is typically theHOMEenvironment variable, without any validation. LoadSystemCAs()iterates through these keychain paths and executes thesecuritycommand:func LoadSystemCAs() (*x509.CertPool, error) { // ... for _, keychain := range certKeychains() { cmd := exec.Command("/usr/bin/security", "find-certificate", "-a", "-p", keychain) data, err := cmd.Output() // ... } // ... }
- The lack of validation on the
loginKeychainpath allows an attacker to control the input to thesecuritycommand by manipulating theHOMEenvironment variable and placing a malicious keychain file at the derived path.
- In
-
Security test case:
- Environment Setup: Execute the test on a Darwin system or a simulated Darwin environment. Set the
HOMEenvironment variable to a temporary directory, e.g.,/tmp/malicious_home, before running the test. - Malicious Keychain Creation:
- Create the directory structure:
/tmp/malicious_home/Library/Keychains/. - Create a crafted
login.keychainfile within this directory. This keychain should include a self-signed certificate with a known fingerprint that is not part of the system's trusted certificates.
- Create the directory structure:
LoadSystemCAs()Execution: Invoke theLoadSystemCAs()function within the test environment whereHOMEis set to/tmp/malicious_home.- Validation: Examine the returned certificate pool. Verify that it contains the certificate from the crafted malicious keychain. This can be done by checking the SHA-256 fingerprint of the certificates in the pool against the known fingerprint of the injected certificate.
- Control Test: Repeat the test with
HOMEset to a trusted user directory. Confirm that the malicious certificate is not loaded in this scenario. - Expected Result: When
HOMEis manipulated,LoadSystemCAs()should load certificates from the attacker-controlled keychain, demonstrating the vulnerability. WhenHOMEis set to a trusted path, the malicious certificate should not be loaded.
- Environment Setup: Execute the test on a Darwin system or a simulated Darwin environment. Set the