gosec/rules/tls.go

// (c) Copyright 2016 Hewlett Packard Enterprise Development LP
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package rules

import (
	"fmt"
	"go/ast"

	"github.com/GoASTScanner/gas"
)

type insecureConfigTLS struct {
	MinVersion   int16
	MaxVersion   int16
	requiredType string
	goodCiphers  []string
}

func stringInSlice(a string, list []string) bool {
	for _, b := range list {
		if b == a {
			return true
		}
	}
	return false
}

func (t *insecureConfigTLS) processTLSCipherSuites(n ast.Node, c *gas.Context) *gas.Issue {

	if ciphers, ok := n.(*ast.CompositeLit); ok {
		for _, cipher := range ciphers.Elts {
			if ident, ok := cipher.(*ast.SelectorExpr); ok {
				if !stringInSlice(ident.Sel.Name, t.goodCiphers) {
					err := fmt.Sprintf("TLS Bad Cipher Suite: %s", ident.Sel.Name)
					return gas.NewIssue(c, ident, err, gas.High, gas.High)
				}
			}
		}
	}
	return nil
}

func (t *insecureConfigTLS) processTLSConfVal(n *ast.KeyValueExpr, c *gas.Context) *gas.Issue {
	if ident, ok := n.Key.(*ast.Ident); ok {
		switch ident.Name {

		case "InsecureSkipVerify":
			if node, ok := n.Value.(*ast.Ident); ok {
				if node.Name != "false" {
					return gas.NewIssue(c, n, "TLS InsecureSkipVerify set true.", gas.High, gas.High)
				}
			} else {
				// TODO(tk): symbol tab look up to get the actual value
				return gas.NewIssue(c, n, "TLS InsecureSkipVerify may be true.", gas.High, gas.Low)
			}

		case "PreferServerCipherSuites":
			if node, ok := n.Value.(*ast.Ident); ok {
				if node.Name == "false" {
					return gas.NewIssue(c, n, "TLS PreferServerCipherSuites set false.", gas.Medium, gas.High)
				}
			} else {
				// TODO(tk): symbol tab look up to get the actual value
				return gas.NewIssue(c, n, "TLS PreferServerCipherSuites may be false.", gas.Medium, gas.Low)
			}

		case "MinVersion":
			if ival, ierr := gas.GetInt(n.Value); ierr == nil {
				if (int16)(ival) < t.MinVersion {
					return gas.NewIssue(c, n, "TLS MinVersion too low.", gas.High, gas.High)
				}
				// TODO(tk): symbol tab look up to get the actual value
				return gas.NewIssue(c, n, "TLS MinVersion may be too low.", gas.High, gas.Low)
			}

		case "MaxVersion":
			if ival, ierr := gas.GetInt(n.Value); ierr == nil {
				if (int16)(ival) < t.MaxVersion {
					return gas.NewIssue(c, n, "TLS MaxVersion too low.", gas.High, gas.High)
				}
				// TODO(tk): symbol tab look up to get the actual value
				return gas.NewIssue(c, n, "TLS MaxVersion may be too low.", gas.High, gas.Low)
			}

		case "CipherSuites":
			if ret := t.processTLSCipherSuites(n.Value, c); ret != nil {
				return ret
			}

		}

	}
	return nil
}

func (t *insecureConfigTLS) Match(n ast.Node, c *gas.Context) (*gas.Issue, error) {
	if complit, ok := n.(*ast.CompositeLit); ok && c.Info.TypeOf(complit.Type).String() == t.requiredType {
		for _, elt := range complit.Elts {
			if kve, ok := elt.(*ast.KeyValueExpr); ok {
				issue := t.processTLSConfVal(kve, c)
				if issue != nil {
					return issue, nil
				}
			}
		}
	}
	return nil, nil
}

// NewModernTLSCheck see: https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
func NewModernTLSCheck(conf gas.Config) (gas.Rule, []ast.Node) {
	return &insecureConfigTLS{
		requiredType: "crypto/tls.Config",
		MinVersion:   0x0303, // TLS 1.2 only
		MaxVersion:   0x0303,
		goodCiphers: []string{
			"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
			"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
			"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
			"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
			"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
			"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
		},
	}, []ast.Node{(*ast.CompositeLit)(nil)}
}

// NewIntermediateTLSCheck see: https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29
func NewIntermediateTLSCheck(conf gas.Config) (gas.Rule, []ast.Node) {
	return &insecureConfigTLS{
		requiredType: "crypto/tls.Config",
		MinVersion:   0x0301, // TLS 1.2, 1.1, 1.0
		MaxVersion:   0x0303,
		goodCiphers: []string{
			"TLS_RSA_WITH_AES_128_CBC_SHA",
			"TLS_RSA_WITH_AES_256_CBC_SHA",
			"TLS_RSA_WITH_AES_128_GCM_SHA256",
			"TLS_RSA_WITH_AES_256_GCM_SHA384",
			"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
			"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
			"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
			"TLS_ECDHE_RSA_WITH_RC4_128_SHA",
			"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
			"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
			"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
			"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
			"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
			"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
			"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
		},
	}, []ast.Node{(*ast.CompositeLit)(nil)}
}

// NewCompatTLSCheck see: https://wiki.mozilla.org/Security/Server_Side_TLS#Old_compatibility_.28default.29
func NewCompatTLSCheck(conf gas.Config) (gas.Rule, []ast.Node) {
	return &insecureConfigTLS{
		requiredType: "crypto/tls.Config",
		MinVersion:   0x0301, // TLS 1.2, 1.1, 1.0
		MaxVersion:   0x0303,
		goodCiphers: []string{
			"TLS_RSA_WITH_RC4_128_SHA",
			"TLS_RSA_WITH_3DES_EDE_CBC_SHA",
			"TLS_RSA_WITH_AES_128_CBC_SHA",
			"TLS_RSA_WITH_AES_256_CBC_SHA",
			"TLS_RSA_WITH_AES_128_GCM_SHA256",
			"TLS_RSA_WITH_AES_256_GCM_SHA384",
			"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
			"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
			"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
			"TLS_ECDHE_RSA_WITH_RC4_128_SHA",
			"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
			"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
			"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
			"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
			"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
			"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
			"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
		},
	}, []ast.Node{(*ast.CompositeLit)(nil)}
}
Initial public release 2016-07-20 11:02:01 +01:00			`// (c) Copyright 2016 Hewlett Packard Enterprise Development LP`
			`//`
			`// Licensed under the Apache License, Version 2.0 (the "License");`
			`// you may not use this file except in compliance with the License.`
			`// You may obtain a copy of the License at`
			`//`
			`// http://www.apache.org/licenses/LICENSE-2.0`
			`//`
			`// Unless required by applicable law or agreed to in writing, software`
			`// distributed under the License is distributed on an "AS IS" BASIS,`
			`// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`// See the License for the specific language governing permissions and`
			`// limitations under the License.`

			`package rules`

			`import (`
			`"fmt"`
			`"go/ast"`

Restructure to focus on lib rather than cli 2017-04-26 16:08:46 +01:00			`"github.com/GoASTScanner/gas"`
Initial public release 2016-07-20 11:02:01 +01:00			`)`

fix hound-ci errors 2017-12-13 07:39:00 +00:00			`type insecureConfigTLS struct {`
Major rework of codebase - Get rid of 'core' and move CLI to cmd/gas directory - Migrate (most) tests to use Ginkgo and testutils framework - GAS now expects package to reside in $GOPATH - GAS now can resolve dependencies for better type checking (if package on GOPATH) - Simplified public API 2017-07-19 22:17:00 +01:00			`MinVersion int16`
			`MaxVersion int16`
			`requiredType string`
			`goodCiphers []string`
Initial public release 2016-07-20 11:02:01 +01:00			`}`

			`func stringInSlice(a string, list []string) bool {`
			`for _, b := range list {`
			`if b == a {`
			`return true`
			`}`
			`}`
			`return false`
			`}`

fix hound-ci errors 2017-12-13 07:39:00 +00:00			`func (t insecureConfigTLS) processTLSCipherSuites(n ast.Node, c gas.Context) *gas.Issue {`
Major rework of codebase - Get rid of 'core' and move CLI to cmd/gas directory - Migrate (most) tests to use Ginkgo and testutils framework - GAS now expects package to reside in $GOPATH - GAS now can resolve dependencies for better type checking (if package on GOPATH) - Simplified public API 2017-07-19 22:17:00 +01:00
Migrated old test cases. 2017-12-28 06:54:10 +00:00			`if ciphers, ok := n.(*ast.CompositeLit); ok {`
			`for _, cipher := range ciphers.Elts {`
			`if ident, ok := cipher.(*ast.SelectorExpr); ok {`
Initial public release 2016-07-20 11:02:01 +01:00			`if !stringInSlice(ident.Sel.Name, t.goodCiphers) {`
Migrated old test cases. 2017-12-28 06:54:10 +00:00			`err := fmt.Sprintf("TLS Bad Cipher Suite: %s", ident.Sel.Name)`
			`return gas.NewIssue(c, ident, err, gas.High, gas.High)`
Initial public release 2016-07-20 11:02:01 +01:00			`}`
			`}`
			`}`
			`}`
			`return nil`
			`}`

fix golint errors picked up by hound-ci 2017-12-13 12:35:47 +00:00			`func (t insecureConfigTLS) processTLSConfVal(n ast.KeyValueExpr, c gas.Context) gas.Issue {`
Initial public release 2016-07-20 11:02:01 +01:00			`if ident, ok := n.Key.(*ast.Ident); ok {`
			`switch ident.Name {`
Migrated old test cases. 2017-12-28 06:54:10 +00:00
Initial public release 2016-07-20 11:02:01 +01:00			`case "InsecureSkipVerify":`
			`if node, ok := n.Value.(*ast.Ident); ok {`
			`if node.Name != "false" {`
			`return gas.NewIssue(c, n, "TLS InsecureSkipVerify set true.", gas.High, gas.High)`
			`}`
			`} else {`
			`// TODO(tk): symbol tab look up to get the actual value`
			`return gas.NewIssue(c, n, "TLS InsecureSkipVerify may be true.", gas.High, gas.Low)`
			`}`

Add a check for PreferServerCipherSuites flag of tls.Config 2017-03-15 14:05:44 +00:00			`case "PreferServerCipherSuites":`
			`if node, ok := n.Value.(*ast.Ident); ok {`
			`if node.Name == "false" {`
			`return gas.NewIssue(c, n, "TLS PreferServerCipherSuites set false.", gas.Medium, gas.High)`
			`}`
			`} else {`
			`// TODO(tk): symbol tab look up to get the actual value`
			`return gas.NewIssue(c, n, "TLS PreferServerCipherSuites may be false.", gas.Medium, gas.Low)`
			`}`

Initial public release 2016-07-20 11:02:01 +01:00			`case "MinVersion":`
			`if ival, ierr := gas.GetInt(n.Value); ierr == nil {`
			`if (int16)(ival) < t.MinVersion {`
			`return gas.NewIssue(c, n, "TLS MinVersion too low.", gas.High, gas.High)`
			`}`
			`// TODO(tk): symbol tab look up to get the actual value`
			`return gas.NewIssue(c, n, "TLS MinVersion may be too low.", gas.High, gas.Low)`
			`}`

			`case "MaxVersion":`
			`if ival, ierr := gas.GetInt(n.Value); ierr == nil {`
			`if (int16)(ival) < t.MaxVersion {`
			`return gas.NewIssue(c, n, "TLS MaxVersion too low.", gas.High, gas.High)`
			`}`
			`// TODO(tk): symbol tab look up to get the actual value`
			`return gas.NewIssue(c, n, "TLS MaxVersion may be too low.", gas.High, gas.Low)`
			`}`

			`case "CipherSuites":`
Migrated old test cases. 2017-12-28 06:54:10 +00:00			`if ret := t.processTLSCipherSuites(n.Value, c); ret != nil {`
Initial public release 2016-07-20 11:02:01 +01:00			`return ret`
			`}`
Add a check for PreferServerCipherSuites flag of tls.Config 2017-03-15 14:05:44 +00:00
Initial public release 2016-07-20 11:02:01 +01:00			`}`
Add a check for PreferServerCipherSuites flag of tls.Config 2017-03-15 14:05:44 +00:00
Initial public release 2016-07-20 11:02:01 +01:00			`}`
			`return nil`
			`}`

Migrated old test cases. 2017-12-28 06:54:10 +00:00			`func (t insecureConfigTLS) Match(n ast.Node, c gas.Context) (*gas.Issue, error) {`
			`if complit, ok := n.(*ast.CompositeLit); ok && c.Info.TypeOf(complit.Type).String() == t.requiredType {`
			`for _, elt := range complit.Elts {`
Initial public release 2016-07-20 11:02:01 +01:00			`if kve, ok := elt.(*ast.KeyValueExpr); ok {`
Migrated old test cases. 2017-12-28 06:54:10 +00:00			`issue := t.processTLSConfVal(kve, c)`
			`if issue != nil {`
			`return issue, nil`
Initial public release 2016-07-20 11:02:01 +01:00			`}`
			`}`
			`}`
			`}`
Migrated old test cases. 2017-12-28 06:54:10 +00:00			`return nil, nil`
Initial public release 2016-07-20 11:02:01 +01:00			`}`

fix golint errors picked up by hound-ci 2017-12-13 12:35:47 +00:00			`// NewModernTLSCheck see: https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility`
			`func NewModernTLSCheck(conf gas.Config) (gas.Rule, []ast.Node) {`
fix hound-ci errors 2017-12-13 07:39:00 +00:00			`return &insecureConfigTLS{`
Migrated old test cases. 2017-12-28 06:54:10 +00:00			`requiredType: "crypto/tls.Config",`
Major rework of codebase - Get rid of 'core' and move CLI to cmd/gas directory - Migrate (most) tests to use Ginkgo and testutils framework - GAS now expects package to reside in $GOPATH - GAS now can resolve dependencies for better type checking (if package on GOPATH) - Simplified public API 2017-07-19 22:17:00 +01:00			`MinVersion: 0x0303, // TLS 1.2 only`
			`MaxVersion: 0x0303,`
Initial public release 2016-07-20 11:02:01 +01:00			`goodCiphers: []string{`
			`"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",`
			`"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",`
Add the CHACHA20 to good ciphers in modern tls check 2017-08-30 15:00:56 +01:00			`"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",`
Initial public release 2016-07-20 11:02:01 +01:00			`"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",`
			`"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",`
Add the CHACHA20 to good ciphers in modern tls check 2017-08-30 15:00:56 +01:00			`"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",`
Initial public release 2016-07-20 11:02:01 +01:00			`},`
Allow rules to register against multiple ast nodes Update the AddRule interface to allow rules to register interest in multiple ast.Nodes. Adds more flexibility to how rules can work, and was needed to fix the hard coded credentials test specifically. 2016-11-13 20:55:31 +00:00			`}, []ast.Node{(*ast.CompositeLit)(nil)}`
Initial public release 2016-07-20 11:02:01 +01:00			`}`

fix golint errors picked up by hound-ci 2017-12-13 12:35:47 +00:00			`// NewIntermediateTLSCheck see: https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29`
			`func NewIntermediateTLSCheck(conf gas.Config) (gas.Rule, []ast.Node) {`
fix hound-ci errors 2017-12-13 07:39:00 +00:00			`return &insecureConfigTLS{`
Migrated old test cases. 2017-12-28 06:54:10 +00:00			`requiredType: "crypto/tls.Config",`
Major rework of codebase - Get rid of 'core' and move CLI to cmd/gas directory - Migrate (most) tests to use Ginkgo and testutils framework - GAS now expects package to reside in $GOPATH - GAS now can resolve dependencies for better type checking (if package on GOPATH) - Simplified public API 2017-07-19 22:17:00 +01:00			`MinVersion: 0x0301, // TLS 1.2, 1.1, 1.0`
			`MaxVersion: 0x0303,`
Initial public release 2016-07-20 11:02:01 +01:00			`goodCiphers: []string{`
			`"TLS_RSA_WITH_AES_128_CBC_SHA",`
			`"TLS_RSA_WITH_AES_256_CBC_SHA",`
			`"TLS_RSA_WITH_AES_128_GCM_SHA256",`
			`"TLS_RSA_WITH_AES_256_GCM_SHA384",`
			`"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",`
			`"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",`
			`"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",`
			`"TLS_ECDHE_RSA_WITH_RC4_128_SHA",`
			`"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",`
			`"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",`
			`"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",`
			`"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",`
			`"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",`
			`"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",`
			`"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",`
			`},`
Allow rules to register against multiple ast nodes Update the AddRule interface to allow rules to register interest in multiple ast.Nodes. Adds more flexibility to how rules can work, and was needed to fix the hard coded credentials test specifically. 2016-11-13 20:55:31 +00:00			`}, []ast.Node{(*ast.CompositeLit)(nil)}`
Initial public release 2016-07-20 11:02:01 +01:00			`}`

fix golint errors picked up by hound-ci 2017-12-13 12:35:47 +00:00			`// NewCompatTLSCheck see: https://wiki.mozilla.org/Security/Server_Side_TLS#Old_compatibility_.28default.29`
			`func NewCompatTLSCheck(conf gas.Config) (gas.Rule, []ast.Node) {`
fix hound-ci errors 2017-12-13 07:39:00 +00:00			`return &insecureConfigTLS{`
Migrated old test cases. 2017-12-28 06:54:10 +00:00			`requiredType: "crypto/tls.Config",`
Major rework of codebase - Get rid of 'core' and move CLI to cmd/gas directory - Migrate (most) tests to use Ginkgo and testutils framework - GAS now expects package to reside in $GOPATH - GAS now can resolve dependencies for better type checking (if package on GOPATH) - Simplified public API 2017-07-19 22:17:00 +01:00			`MinVersion: 0x0301, // TLS 1.2, 1.1, 1.0`
			`MaxVersion: 0x0303,`
Initial public release 2016-07-20 11:02:01 +01:00			`goodCiphers: []string{`
			`"TLS_RSA_WITH_RC4_128_SHA",`
			`"TLS_RSA_WITH_3DES_EDE_CBC_SHA",`
			`"TLS_RSA_WITH_AES_128_CBC_SHA",`
			`"TLS_RSA_WITH_AES_256_CBC_SHA",`
			`"TLS_RSA_WITH_AES_128_GCM_SHA256",`
			`"TLS_RSA_WITH_AES_256_GCM_SHA384",`
			`"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",`
			`"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",`
			`"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",`
			`"TLS_ECDHE_RSA_WITH_RC4_128_SHA",`
			`"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",`
			`"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",`
			`"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",`
			`"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",`
			`"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",`
			`"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",`
			`"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",`
			`},`
Allow rules to register against multiple ast nodes Update the AddRule interface to allow rules to register interest in multiple ast.Nodes. Adds more flexibility to how rules can work, and was needed to fix the hard coded credentials test specifically. 2016-11-13 20:55:31 +00:00			`}, []ast.Node{(*ast.CompositeLit)(nil)}`
Initial public release 2016-07-20 11:02:01 +01:00			`}`