mirror of
https://github.com/securego/gosec.git
synced 2024-12-30 21:19:46 +02:00
Reset the state of TLS rule after each version check (#570)
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
This commit is contained in:
parent
6c57ae1628
commit
897c203e62
1
go.sum
1
go.sum
@ -369,6 +369,7 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 h1:ObdrDkeb4kJdCP557AjRjq
|
|||||||
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
|
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
|
||||||
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI=
|
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI=
|
||||||
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
||||||
|
golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad h1:DN0cp81fZ3njFcrLCytUHRSUkqBjfTo4Tx9RJTWs0EY=
|
||||||
golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
|
golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
|
||||||
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
|
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
|
||||||
golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
|
golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
|
||||||
|
@ -146,6 +146,11 @@ func (t *insecureConfigTLS) checkVersion(n ast.Node, c *gosec.Context) *gosec.Is
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (t *insecureConfigTLS) resetVersion() {
|
||||||
|
t.actualMaxVersion = 0
|
||||||
|
t.actualMinVersion = 0
|
||||||
|
}
|
||||||
|
|
||||||
func (t *insecureConfigTLS) Match(n ast.Node, c *gosec.Context) (*gosec.Issue, error) {
|
func (t *insecureConfigTLS) Match(n ast.Node, c *gosec.Context) (*gosec.Issue, error) {
|
||||||
if complit, ok := n.(*ast.CompositeLit); ok && complit.Type != nil {
|
if complit, ok := n.(*ast.CompositeLit); ok && complit.Type != nil {
|
||||||
actualType := c.Info.TypeOf(complit.Type)
|
actualType := c.Info.TypeOf(complit.Type)
|
||||||
@ -158,7 +163,9 @@ func (t *insecureConfigTLS) Match(n ast.Node, c *gosec.Context) (*gosec.Issue, e
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return t.checkVersion(complit, c), nil
|
issue := t.checkVersion(complit, c)
|
||||||
|
t.resetVersion()
|
||||||
|
return issue, nil
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return nil, nil
|
return nil, nil
|
||||||
|
@ -2057,7 +2057,24 @@ func main() {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
fmt.Println(err)
|
fmt.Println(err)
|
||||||
}
|
}
|
||||||
}`}, 0, gosec.NewConfig()}}
|
}`}, 0, gosec.NewConfig()}, {[]string{`
|
||||||
|
package p0
|
||||||
|
|
||||||
|
import "crypto/tls"
|
||||||
|
|
||||||
|
func TlsConfig0() *tls.Config {
|
||||||
|
var v uint16 = 0
|
||||||
|
return &tls.Config{MinVersion: v}
|
||||||
|
}
|
||||||
|
`, `
|
||||||
|
package p0
|
||||||
|
|
||||||
|
import "crypto/tls"
|
||||||
|
|
||||||
|
func TlsConfig1() *tls.Config {
|
||||||
|
return &tls.Config{MinVersion: 0x0304}
|
||||||
|
}
|
||||||
|
`}, 1, gosec.NewConfig()}}
|
||||||
|
|
||||||
// SampleCodeG403 - weak key strength
|
// SampleCodeG403 - weak key strength
|
||||||
SampleCodeG403 = []CodeSample{
|
SampleCodeG403 = []CodeSample{
|
||||||
|
Loading…
Reference in New Issue
Block a user