Seeking Bitmessage Code Reviewer

Bitmessage is a decentralized, peer-to-peer messaging network. It’s been a subject of significant interest for crypto-currency developers because its has privacy and networking properties built in that are absent from the blockchain and Bitcoin-like peer-to-peer networks.

Today, Bitmessage is often used as a more private version of email, but if only a handful of weaknesses in the project were resolved, we would probably see it integrated into a number of crypto-currency-related projects. Chief among these weaknesses:

  1. The Bitmessage network, as it is currently designed, would have difficulty scaling to many users. The messages sent around the Bitmessage network are more or less broadcast to all other participants in the network — albeit only readable by the intended recipient — creating a cacophony of unnecessary traffic. One solution is to implement streams, sending messages to a smaller number of recipients while preserving properties that come with broadcasting messages to everyone. Making streams a reality requires the participation of one or more crafty Python developers (or developers of a new Bitmessage implementation).
  2. Bitmessage’s current Python code base has not been thoroughly reviewed from a security standpoint. This weakens the trust of users and software developers who might want to integrate Bitmessage into their own projects.

Some people from the CryptOpinion website are trying to organize a crowd-funded secure code review of Bitmessage. I originally volunteered for the effort, but have another engagement that precludes me from doing so. Do you know someone with secure code reviewing skills who might be interested? Please send them to the CryptOpinion folks.

A Couple Notes for Reviewers

There are not many great tools for static analysis of Python code from a security perspective, so a line-by-line analysis is probably required on some level. Here is the “cloc” output for PyBitmessage’s src:

http://cloc.sourceforge.net v 1.53  T=0.5 s (112.0 files/s, 37088.0 lines/s)
-------------------------------------------------------------------------------
Language                     files          blank        comment           code
-------------------------------------------------------------------------------
Python                          56           1595           1773          15176
-------------------------------------------------------------------------------
SUM:                            56           1595           1773          15176
-------------------------------------------------------------------------------

A free Coverity scan might be a useful resource for any Bitmessage code reviewer.

The Bandit Python code security scanner did not return any results:

$ find PyBitmessage-master/src/ -name '*.py' | xargs bandit -n 1
56 [0.. 50.. ]
Run started:
2015-01-10 21:23:18.598899
Files in scope (56):
PyBitmessage-master/src/pyelliptic/ecc.py (score: 0)
PyBitmessage-master/src/pyelliptic/openssl.py (score: 0)
PyBitmessage-master/src/pyelliptic/__init__.py (score: 0)
PyBitmessage-master/src/pyelliptic/cipher.py (score: 0)
[...snip...]
PyBitmessage-master/src/helper_bitcoin.py (score: 0)
PyBitmessage-master/src/qidenticon.py (score: 0)
PyBitmessage-master/src/shared.py (score: 0)
Files skipped (0):
Test results:
No issues identified.

The result of running RATS:

$ rats PyBitmessage-master/src/
Entries in perl database: 33
Entries in ruby database: 46
Entries in python database: 62
Entries in c database: 334
Entries in php database: 55
Analyzing PyBitmessage-master/src//pyelliptic/ecc.py
PyBitmessage-master/src//pyelliptic/ecc.py:78: warning: bad token `@'
PyBitmessage-master/src//pyelliptic/ecc.py:113: warning: bad token `@'
PyBitmessage-master/src//pyelliptic/ecc.py:128: warning: bad token `@'
PyBitmessage-master/src//pyelliptic/ecc.py:419: warning: bad token `@'
PyBitmessage-master/src//pyelliptic/ecc.py:428: warning: bad token `@'
Analyzing PyBitmessage-master/src//pyelliptic/openssl.py
Analyzing PyBitmessage-master/src//pyelliptic/__init__.py
Analyzing PyBitmessage-master/src//pyelliptic/cipher.py
PyBitmessage-master/src//pyelliptic/cipher.py:38: warning: bad token `@'
PyBitmessage-master/src//pyelliptic/cipher.py:45: warning: bad token `@'
PyBitmessage-master/src//pyelliptic/cipher.py:50: warning: bad token `@'
Analyzing PyBitmessage-master/src//pyelliptic/hash.py
Analyzing PyBitmessage-master/src//pyelliptic/arithmetic.py
Analyzing PyBitmessage-master/src//api_client.py
Analyzing PyBitmessage-master/src//helper_sent.py
Analyzing PyBitmessage-master/src//class_sqlThread.py
Analyzing PyBitmessage-master/src//class_objectProcessor.py
Analyzing PyBitmessage-master/src//class_singleCleaner.py
Analyzing PyBitmessage-master/src//socks/__init__.py
Analyzing PyBitmessage-master/src//helper_bootstrap.py
Analyzing PyBitmessage-master/src//helper_inbox.py
Analyzing PyBitmessage-master/src//class_receiveDataThread.py
Analyzing PyBitmessage-master/src//highlevelcrypto.py
Analyzing PyBitmessage-master/src//helper_generic.py
Analyzing PyBitmessage-master/src//tr.py
Analyzing PyBitmessage-master/src//class_singleListener.py
Analyzing PyBitmessage-master/src//bitmessagecurses/__init__.py
Analyzing PyBitmessage-master/src//bitmessageqt/iconglossary.py
Analyzing PyBitmessage-master/src//bitmessageqt/specialaddressbehavior.py
Analyzing PyBitmessage-master/src//bitmessageqt/addaddressdialog.py
Analyzing PyBitmessage-master/src//bitmessageqt/help.py
Analyzing PyBitmessage-master/src//bitmessageqt/connect.py
Analyzing PyBitmessage-master/src//bitmessageqt/about.py
Analyzing PyBitmessage-master/src//bitmessageqt/regenerateaddresses.py
Analyzing PyBitmessage-master/src//bitmessageqt/bitmessage_icons_rc.py
Analyzing PyBitmessage-master/src//bitmessageqt/__init__.py
Analyzing PyBitmessage-master/src//bitmessageqt/bitmessageui.py
Analyzing PyBitmessage-master/src//bitmessageqt/settings.py
Analyzing PyBitmessage-master/src//bitmessageqt/newaddressdialog.py
Analyzing PyBitmessage-master/src//bitmessageqt/newsubscriptiondialog.py
Analyzing PyBitmessage-master/src//bitmessageqt/newchandialog.py
Analyzing PyBitmessage-master/src//debug.py
Analyzing PyBitmessage-master/src//message_data_reader.py
Analyzing PyBitmessage-master/src//class_outgoingSynSender.py
Analyzing PyBitmessage-master/src//namecoin.py
Analyzing PyBitmessage-master/src//class_sendDataThread.py
Analyzing PyBitmessage-master/src//bitmessagemain.py
Analyzing PyBitmessage-master/src//class_objectHashHolder.py
Analyzing PyBitmessage-master/src//depends.py
Analyzing PyBitmessage-master/src//api.py
Analyzing PyBitmessage-master/src//l10n.py
Analyzing PyBitmessage-master/src//helper_startup.py
Analyzing PyBitmessage-master/src//addresses.py
Analyzing PyBitmessage-master/src//helper_sql.py
Analyzing PyBitmessage-master/src//proofofwork.py
Analyzing PyBitmessage-master/src//singleton.py
Analyzing PyBitmessage-master/src//class_addressGenerator.py
Analyzing PyBitmessage-master/src//class_singleWorker.py
Analyzing PyBitmessage-master/src//defaultKnownNodes.py
Analyzing PyBitmessage-master/src//build_osx.py
Analyzing PyBitmessage-master/src//helper_bitcoin.py
Analyzing PyBitmessage-master/src//qidenticon.py
Analyzing PyBitmessage-master/src//shared.py
PyBitmessage-master/src//socks/__init__.py:218: High: gethostbyname
PyBitmessage-master/src//socks/__init__.py:283: High: gethostbyname
PyBitmessage-master/src//socks/__init__.py:323: High: gethostbyname
DNS results can easily be forged by an attacker (or arbitrarily set to large values, etc), and should not be trusted.
PyBitmessage-master/src//class_singleListener.py:75: High: compile
PyBitmessage-master/src//depends.py:112: High: compile
Argument 1 to this function call should be checked to ensure that it does not
come from an untrusted source without first verifying that it contains nothing
PyBitmessage-master/src//class_sqlThread.py:273: Medium: choice
PyBitmessage-master/src//helper_startup.py:103: Medium: choice
Standard random number generators should not be used to
generate randomness used for security reasons.  For security sensitive randomness a crytographic randomness generator that provides sufficient entropy should be used.
PyBitmessage-master/src//class_outgoingSynSender.py:48: Medium: seed
PyBitmessage-master/src//class_outgoingSynSender.py:54: Medium: seed
PyBitmessage-master/src//shared.py:159: Medium: seed
Standard random number generators should not be used to
generate randomness used for security reasons.  For security sensitive randomness a crytographic randomness generator that provides sufficient entropy should be used.
PyBitmessage-master/src//bitmessagemain.py:158: Medium: signal
When setting signal handlers, do not use the same function to handle multiple signals. There exists the possibility a race condition will result if 2 or more different signals are sent to the process at nearly the same time. Also, when writing signal handlers, it is best to do as little as possible in them. The best strategy is to use the signal handler to set a flag, that another part of the program tests and performs the appropriate action(s) when it is set.
See also: http://razor.bindview.com/publish/papers/signals.txt
PyBitmessage-master/src//class_objectHashHolder.py:39: Medium: randrange
PyBitmessage-master/src//class_objectHashHolder.py:42: Medium: randrange
PyBitmessage-master/src//class_singleWorker.py:99: Medium: randrange
PyBitmessage-master/src//class_singleWorker.py:176: Medium: randrange
PyBitmessage-master/src//class_singleWorker.py:269: Medium: randrange
PyBitmessage-master/src//class_singleWorker.py:384: Medium: randrange
PyBitmessage-master/src//class_singleWorker.py:587: Medium: randrange
PyBitmessage-master/src//class_singleWorker.py:861: Medium: randrange
PyBitmessage-master/src//class_singleWorker.py:907: Medium: randrange
PyBitmessage-master/src//shared.py:64: Medium: randrange
Standard random number generators should not be used to
generate randomness used for security reasons.  For security sensitive randomness a crytographic randomness generator that provides sufficient entropy should be used.
PyBitmessage-master/src//shared.py:426: Medium: stat
A potential TOCTOU (Time Of Check, Time Of Use) vulnerability exists.  This is
the first line where a check has occured.
The following line(s) contain uses that may match up with this check:
460 (chmod)
Total lines analyzed: 16932
Total time 0.083209 seconds
203487 lines per second