gosec/rules/tls_config.go

package rules

import (
	"go/ast"

	"github.com/securego/gosec"
)

// NewModernTLSCheck creates a check for Modern TLS ciphers
// DO NOT EDIT - generated by tlsconfig tool
func NewModernTLSCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
	return &insecureConfigTLS{
		MetaData:     gosec.MetaData{ID: id},
		requiredType: "crypto/tls.Config",
		MinVersion:   0x0303,
		MaxVersion:   0x0303,
		goodCiphers: []string{
			"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
			"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
			"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
			"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
			"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
			"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
			"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
			"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
			"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
			"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
		},
	}, []ast.Node{(*ast.CompositeLit)(nil)}
}

// NewIntermediateTLSCheck creates a check for Intermediate TLS ciphers
// DO NOT EDIT - generated by tlsconfig tool
func NewIntermediateTLSCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
	return &insecureConfigTLS{
		MetaData:     gosec.MetaData{ID: id},
		requiredType: "crypto/tls.Config",
		MinVersion:   0x0301,
		MaxVersion:   0x0303,
		goodCiphers: []string{
			"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
			"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
			"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
			"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
			"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
			"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
			"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
			"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
			"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
			"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
			"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
			"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
			"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
			"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
			"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
			"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
			"TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
			"TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
			"TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
			"TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
			"TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
			"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
			"TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
			"TLS_RSA_WITH_AES_128_GCM_SHA256",
			"TLS_RSA_WITH_AES_256_GCM_SHA384",
			"TLS_RSA_WITH_AES_128_CBC_SHA256",
			"TLS_RSA_WITH_AES_256_CBC_SHA256",
			"TLS_RSA_WITH_AES_128_CBC_SHA",
			"TLS_RSA_WITH_AES_256_CBC_SHA",
			"TLS_RSA_WITH_3DES_EDE_CBC_SHA",
		},
	}, []ast.Node{(*ast.CompositeLit)(nil)}
}

// NewOldTLSCheck creates a check for Old TLS ciphers
// DO NOT EDIT - generated by tlsconfig tool
func NewOldTLSCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
	return &insecureConfigTLS{
		MetaData:     gosec.MetaData{ID: id},
		requiredType: "crypto/tls.Config",
		MinVersion:   0x0300,
		MaxVersion:   0x0303,
		goodCiphers: []string{
			"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
			"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
			"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
			"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
			"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
			"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
			"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
			"TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",
			"TLS_DHE_DSS_WITH_AES_256_GCM_SHA384",
			"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
			"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
			"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
			"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
			"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
			"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
			"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
			"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
			"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
			"TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
			"TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
			"TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",
			"TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
			"TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
			"TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
			"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
			"TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
			"TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
			"TLS_RSA_WITH_AES_128_GCM_SHA256",
			"TLS_RSA_WITH_AES_256_GCM_SHA384",
			"TLS_RSA_WITH_AES_128_CBC_SHA256",
			"TLS_RSA_WITH_AES_256_CBC_SHA256",
			"TLS_RSA_WITH_AES_128_CBC_SHA",
			"TLS_RSA_WITH_AES_256_CBC_SHA",
			"TLS_DHE_DSS_WITH_AES_256_CBC_SHA256",
			"TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
			"TLS_RSA_WITH_3DES_EDE_CBC_SHA",
			"TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384",
			"TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384",
			"TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256",
			"TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256",
			"TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA",
			"TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA",
			"TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256",
			"TLS_RSA_WITH_CAMELLIA_256_CBC_SHA",
			"TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256",
			"TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256",
			"TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256",
			"TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256",
			"TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA",
			"TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA",
			"TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256",
			"TLS_RSA_WITH_CAMELLIA_128_CBC_SHA",
			"TLS_DHE_RSA_WITH_SEED_CBC_SHA",
			"TLS_DHE_DSS_WITH_SEED_CBC_SHA",
			"TLS_RSA_WITH_SEED_CBC_SHA",
		},
	}, []ast.Node{(*ast.CompositeLit)(nil)}
}
Add a tool to generate the TLS configuration form Mozilla's ciphers recommendation (#178) * Add a tool which generates the TLS rule configuration from Mozilla server side TLS configuration * Update README * Remove trailing space in README * Update dependencies * Fix the commends of the generated functions 2018-02-21 05:59:18 +00:00			`package rules`

			`import (`
			`"go/ast"`

Replace gas with gosec everywhere in the project 2018-07-19 17:42:25 +01:00			`"github.com/securego/gosec"`
Add a tool to generate the TLS configuration form Mozilla's ciphers recommendation (#178) * Add a tool which generates the TLS rule configuration from Mozilla server side TLS configuration * Update README * Remove trailing space in README * Update dependencies * Fix the commends of the generated functions 2018-02-21 05:59:18 +00:00			`)`

			`// NewModernTLSCheck creates a check for Modern TLS ciphers`
			`// DO NOT EDIT - generated by tlsconfig tool`
Replace gas with gosec everywhere in the project 2018-07-19 17:42:25 +01:00			`func NewModernTLSCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {`
Add a tool to generate the TLS configuration form Mozilla's ciphers recommendation (#178) * Add a tool which generates the TLS rule configuration from Mozilla server side TLS configuration * Update README * Remove trailing space in README * Update dependencies * Fix the commends of the generated functions 2018-02-21 05:59:18 +00:00			`return &insecureConfigTLS{`
Replace gas with gosec everywhere in the project 2018-07-19 17:42:25 +01:00			`MetaData: gosec.MetaData{ID: id},`
Add a tool to generate the TLS configuration form Mozilla's ciphers recommendation (#178) * Add a tool which generates the TLS rule configuration from Mozilla server side TLS configuration * Update README * Remove trailing space in README * Update dependencies * Fix the commends of the generated functions 2018-02-21 05:59:18 +00:00			`requiredType: "crypto/tls.Config",`
			`MinVersion: 0x0303,`
			`MaxVersion: 0x0303,`
			`goodCiphers: []string{`
			`"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",`
			`"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",`
Regenerate the TLS config (#199) 2018-04-16 06:44:11 +01:00			`"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",`
			`"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",`
Add a tool to generate the TLS configuration form Mozilla's ciphers recommendation (#178) * Add a tool which generates the TLS rule configuration from Mozilla server side TLS configuration * Update README * Remove trailing space in README * Update dependencies * Fix the commends of the generated functions 2018-02-21 05:59:18 +00:00			`"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",`
			`"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",`
			`"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",`
			`"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",`
			`"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",`
			`"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",`
			`},`
			`}, []ast.Node{(*ast.CompositeLit)(nil)}`
			`}`

			`// NewIntermediateTLSCheck creates a check for Intermediate TLS ciphers`
			`// DO NOT EDIT - generated by tlsconfig tool`
Replace gas with gosec everywhere in the project 2018-07-19 17:42:25 +01:00			`func NewIntermediateTLSCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {`
Add a tool to generate the TLS configuration form Mozilla's ciphers recommendation (#178) * Add a tool which generates the TLS rule configuration from Mozilla server side TLS configuration * Update README * Remove trailing space in README * Update dependencies * Fix the commends of the generated functions 2018-02-21 05:59:18 +00:00			`return &insecureConfigTLS{`
Replace gas with gosec everywhere in the project 2018-07-19 17:42:25 +01:00			`MetaData: gosec.MetaData{ID: id},`
Add a tool to generate the TLS configuration form Mozilla's ciphers recommendation (#178) * Add a tool which generates the TLS rule configuration from Mozilla server side TLS configuration * Update README * Remove trailing space in README * Update dependencies * Fix the commends of the generated functions 2018-02-21 05:59:18 +00:00			`requiredType: "crypto/tls.Config",`
			`MinVersion: 0x0301,`
			`MaxVersion: 0x0303,`
			`goodCiphers: []string{`
Regenerate the TLS config (#199) 2018-04-16 06:44:11 +01:00			`"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",`
			`"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",`
Add a tool to generate the TLS configuration form Mozilla's ciphers recommendation (#178) * Add a tool which generates the TLS rule configuration from Mozilla server side TLS configuration * Update README * Remove trailing space in README * Update dependencies * Fix the commends of the generated functions 2018-02-21 05:59:18 +00:00			`"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",`
			`"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",`
			`"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",`
			`"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",`
			`"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",`
			`"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",`
			`"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",`
			`"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",`
			`"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",`
			`"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",`
			`"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",`
			`"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",`
			`"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",`
			`"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",`
			`"TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",`
			`"TLS_DHE_RSA_WITH_AES_128_CBC_SHA",`
			`"TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",`
			`"TLS_DHE_RSA_WITH_AES_256_CBC_SHA",`
			`"TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",`
			`"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",`
			`"TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",`
			`"TLS_RSA_WITH_AES_128_GCM_SHA256",`
			`"TLS_RSA_WITH_AES_256_GCM_SHA384",`
			`"TLS_RSA_WITH_AES_128_CBC_SHA256",`
			`"TLS_RSA_WITH_AES_256_CBC_SHA256",`
			`"TLS_RSA_WITH_AES_128_CBC_SHA",`
			`"TLS_RSA_WITH_AES_256_CBC_SHA",`
			`"TLS_RSA_WITH_3DES_EDE_CBC_SHA",`
			`},`
			`}, []ast.Node{(*ast.CompositeLit)(nil)}`
			`}`

			`// NewOldTLSCheck creates a check for Old TLS ciphers`
			`// DO NOT EDIT - generated by tlsconfig tool`
Replace gas with gosec everywhere in the project 2018-07-19 17:42:25 +01:00			`func NewOldTLSCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {`
Add a tool to generate the TLS configuration form Mozilla's ciphers recommendation (#178) * Add a tool which generates the TLS rule configuration from Mozilla server side TLS configuration * Update README * Remove trailing space in README * Update dependencies * Fix the commends of the generated functions 2018-02-21 05:59:18 +00:00			`return &insecureConfigTLS{`
Replace gas with gosec everywhere in the project 2018-07-19 17:42:25 +01:00			`MetaData: gosec.MetaData{ID: id},`
Add a tool to generate the TLS configuration form Mozilla's ciphers recommendation (#178) * Add a tool which generates the TLS rule configuration from Mozilla server side TLS configuration * Update README * Remove trailing space in README * Update dependencies * Fix the commends of the generated functions 2018-02-21 05:59:18 +00:00			`requiredType: "crypto/tls.Config",`
			`MinVersion: 0x0300,`
			`MaxVersion: 0x0303,`
			`goodCiphers: []string{`
Regenerate the TLS config (#199) 2018-04-16 06:44:11 +01:00			`"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",`
			`"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",`
Add a tool to generate the TLS configuration form Mozilla's ciphers recommendation (#178) * Add a tool which generates the TLS rule configuration from Mozilla server side TLS configuration * Update README * Remove trailing space in README * Update dependencies * Fix the commends of the generated functions 2018-02-21 05:59:18 +00:00			`"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",`
			`"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",`
			`"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",`
			`"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",`
			`"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",`
			`"TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",`
			`"TLS_DHE_DSS_WITH_AES_256_GCM_SHA384",`
			`"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",`
			`"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",`
			`"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",`
			`"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",`
			`"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",`
			`"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",`
			`"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",`
			`"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",`
			`"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",`
			`"TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",`
			`"TLS_DHE_RSA_WITH_AES_128_CBC_SHA",`
			`"TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",`
			`"TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",`
			`"TLS_DHE_DSS_WITH_AES_256_CBC_SHA",`
			`"TLS_DHE_RSA_WITH_AES_256_CBC_SHA",`
			`"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",`
			`"TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",`
			`"TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",`
			`"TLS_RSA_WITH_AES_128_GCM_SHA256",`
			`"TLS_RSA_WITH_AES_256_GCM_SHA384",`
			`"TLS_RSA_WITH_AES_128_CBC_SHA256",`
			`"TLS_RSA_WITH_AES_256_CBC_SHA256",`
			`"TLS_RSA_WITH_AES_128_CBC_SHA",`
			`"TLS_RSA_WITH_AES_256_CBC_SHA",`
			`"TLS_DHE_DSS_WITH_AES_256_CBC_SHA256",`
			`"TLS_DHE_DSS_WITH_AES_128_CBC_SHA",`
			`"TLS_RSA_WITH_3DES_EDE_CBC_SHA",`
			`"TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384",`
			`"TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384",`
			`"TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256",`
			`"TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256",`
			`"TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA",`
			`"TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA",`
			`"TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256",`
			`"TLS_RSA_WITH_CAMELLIA_256_CBC_SHA",`
			`"TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256",`
			`"TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256",`
			`"TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256",`
			`"TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256",`
			`"TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA",`
			`"TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA",`
			`"TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256",`
			`"TLS_RSA_WITH_CAMELLIA_128_CBC_SHA",`
			`"TLS_DHE_RSA_WITH_SEED_CBC_SHA",`
			`"TLS_DHE_DSS_WITH_SEED_CBC_SHA",`
			`"TLS_RSA_WITH_SEED_CBC_SHA",`
			`},`
			`}, []ast.Node{(*ast.CompositeLit)(nil)}`
			`}`