Add a test for tls min version defined in a different file

2024-12-28 21:08:22 +02:00 · 2022-01-26 18:13:53 +01:00 · 2022-01-26 18:13:53 +01:00 · 1fbcf10e18
commit 1fbcf10e18
parent b12c0f6e4e
2 changed files with 22 additions and 1 deletions
--- a/rules/tls.go
+++ b/rules/tls.go
@ -87,7 +87,7 @@ func (t *insecureConfigTLS) processTLSConfVal(n *ast.KeyValueExpr, c *gosec.Cont
 			}

 		case "MinVersion":
-			if d, ok := n.Value.(*ast.Ident); ok {
+			if d, ok := n.Value.(*ast.Ident); ok && d.Obj != nil {
 				if vs, ok := d.Obj.Decl.(*ast.ValueSpec); ok && len(vs.Values) > 0 {
 					if s, ok := vs.Values[0].(*ast.SelectorExpr); ok {
 						x := s.X.(*ast.Ident).Name
--- a/testutils/source.go
+++ b/testutils/source.go
@ -2838,6 +2838,27 @@ func TlsConfig1() *tls.Config {
   return &tls.Config{MinVersion: 0x0304}
 }
 `}, 1, gosec.NewConfig()},
+		{[]string{`
+package main
+
+import (
+	"crypto/tls"
+	"fmt"
+)
+
+func main() {
+	cfg := tls.Config{
+		MinVersion: MinVer,
+	}
+	fmt.Println("tls min version", cfg.MinVersion)
+}
+`, `
+package main
+
+import "crypto/tls"
+
+const MinVer = tls.VersionTLS13
+`}, 0, gosec.NewConfig()},
 	}

 	// SampleCodeG403 - weak key strength