2023-11-25 22:51:38 +00:00
|
|
|
package testutils
|
|
|
|
|
|
|
|
import "github.com/securego/gosec/v2"
|
|
|
|
|
2023-12-08 13:30:54 +00:00
|
|
|
// SampleCodeG402 - TLS settings
|
|
|
|
var SampleCodeG402 = []CodeSample{
|
|
|
|
{[]string{`
|
2023-11-25 22:51:38 +00:00
|
|
|
// InsecureSkipVerify
|
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/tls"
|
|
|
|
"fmt"
|
|
|
|
"net/http"
|
|
|
|
)
|
|
|
|
|
|
|
|
func main() {
|
|
|
|
tr := &http.Transport{
|
|
|
|
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
|
|
|
|
}
|
|
|
|
|
|
|
|
client := &http.Client{Transport: tr}
|
2024-12-16 14:18:51 +00:00
|
|
|
_, err := client.Get("https://go.dev/")
|
2023-11-25 22:51:38 +00:00
|
|
|
if err != nil {
|
|
|
|
fmt.Println(err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
`}, 1, gosec.NewConfig()},
|
2023-12-08 13:30:54 +00:00
|
|
|
{[]string{`
|
2023-11-25 22:51:38 +00:00
|
|
|
// InsecureSkipVerify from variable
|
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/tls"
|
|
|
|
)
|
|
|
|
|
|
|
|
func main() {
|
|
|
|
var conf tls.Config
|
|
|
|
conf.InsecureSkipVerify = true
|
|
|
|
}
|
|
|
|
`}, 1, gosec.NewConfig()},
|
2023-12-08 13:30:54 +00:00
|
|
|
{[]string{`
|
2023-11-25 22:51:38 +00:00
|
|
|
// Insecure minimum version
|
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/tls"
|
|
|
|
"fmt"
|
|
|
|
"net/http"
|
|
|
|
)
|
|
|
|
|
|
|
|
func main() {
|
|
|
|
tr := &http.Transport{
|
|
|
|
TLSClientConfig: &tls.Config{MinVersion: 0},
|
|
|
|
}
|
|
|
|
client := &http.Client{Transport: tr}
|
2024-12-16 14:18:51 +00:00
|
|
|
_, err := client.Get("https://go.dev/")
|
2023-11-25 22:51:38 +00:00
|
|
|
if err != nil {
|
|
|
|
fmt.Println(err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
`}, 1, gosec.NewConfig()},
|
2023-12-08 13:30:54 +00:00
|
|
|
{[]string{`
|
2023-11-25 22:51:38 +00:00
|
|
|
// Insecure minimum version
|
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/tls"
|
|
|
|
"fmt"
|
|
|
|
)
|
|
|
|
|
|
|
|
func CaseNotError() *tls.Config {
|
|
|
|
var v uint16 = tls.VersionTLS13
|
|
|
|
|
|
|
|
return &tls.Config{
|
|
|
|
MinVersion: v,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func main() {
|
|
|
|
a := CaseNotError()
|
|
|
|
fmt.Printf("Debug: %v\n", a.MinVersion)
|
|
|
|
}
|
|
|
|
`}, 0, gosec.NewConfig()},
|
2023-12-08 13:30:54 +00:00
|
|
|
{[]string{`
|
2023-11-25 22:51:38 +00:00
|
|
|
// Insecure minimum version
|
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/tls"
|
|
|
|
"fmt"
|
|
|
|
)
|
|
|
|
|
|
|
|
func CaseNotError() *tls.Config {
|
|
|
|
return &tls.Config{
|
|
|
|
MinVersion: tls.VersionTLS13,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func main() {
|
|
|
|
a := CaseNotError()
|
|
|
|
fmt.Printf("Debug: %v\n", a.MinVersion)
|
|
|
|
}
|
|
|
|
`}, 0, gosec.NewConfig()},
|
2023-12-08 13:30:54 +00:00
|
|
|
{[]string{`
|
2023-11-25 22:51:38 +00:00
|
|
|
// Insecure minimum version
|
|
|
|
package main
|
|
|
|
import (
|
|
|
|
"crypto/tls"
|
|
|
|
"fmt"
|
|
|
|
)
|
|
|
|
|
|
|
|
func CaseError() *tls.Config {
|
|
|
|
var v = &tls.Config{
|
|
|
|
MinVersion: 0,
|
|
|
|
}
|
|
|
|
return v
|
|
|
|
}
|
|
|
|
|
|
|
|
func main() {
|
|
|
|
a := CaseError()
|
|
|
|
fmt.Printf("Debug: %v\n", a.MinVersion)
|
|
|
|
}
|
|
|
|
`}, 1, gosec.NewConfig()},
|
2023-12-08 13:30:54 +00:00
|
|
|
{[]string{`
|
2023-11-25 22:51:38 +00:00
|
|
|
// Insecure minimum version
|
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/tls"
|
|
|
|
"fmt"
|
|
|
|
)
|
|
|
|
|
|
|
|
func CaseError() *tls.Config {
|
|
|
|
var v = &tls.Config{
|
|
|
|
MinVersion: getVersion(),
|
|
|
|
}
|
|
|
|
return v
|
|
|
|
}
|
|
|
|
|
|
|
|
func getVersion() uint16 {
|
|
|
|
return tls.VersionTLS12
|
|
|
|
}
|
|
|
|
|
|
|
|
func main() {
|
|
|
|
a := CaseError()
|
|
|
|
fmt.Printf("Debug: %v\n", a.MinVersion)
|
|
|
|
}
|
|
|
|
`}, 1, gosec.NewConfig()},
|
2023-12-08 13:30:54 +00:00
|
|
|
{[]string{`
|
2023-11-25 22:51:38 +00:00
|
|
|
// Insecure minimum version
|
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/tls"
|
|
|
|
"fmt"
|
|
|
|
"net/http"
|
|
|
|
)
|
|
|
|
|
|
|
|
var theValue uint16 = 0x0304
|
|
|
|
|
|
|
|
func main() {
|
|
|
|
tr := &http.Transport{
|
|
|
|
TLSClientConfig: &tls.Config{MinVersion: theValue},
|
|
|
|
}
|
|
|
|
client := &http.Client{Transport: tr}
|
2024-12-16 14:18:51 +00:00
|
|
|
_, err := client.Get("https://go.dev/")
|
2023-11-25 22:51:38 +00:00
|
|
|
if err != nil {
|
|
|
|
fmt.Println(err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
`}, 0, gosec.NewConfig()},
|
2023-12-08 13:30:54 +00:00
|
|
|
{[]string{`
|
2023-11-25 22:51:38 +00:00
|
|
|
// Insecure max version
|
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/tls"
|
|
|
|
"fmt"
|
|
|
|
"net/http"
|
|
|
|
)
|
|
|
|
|
|
|
|
func main() {
|
|
|
|
tr := &http.Transport{
|
|
|
|
TLSClientConfig: &tls.Config{MaxVersion: 0},
|
|
|
|
}
|
|
|
|
client := &http.Client{Transport: tr}
|
2024-12-16 14:18:51 +00:00
|
|
|
_, err := client.Get("https://go.dev/")
|
2023-11-25 22:51:38 +00:00
|
|
|
if err != nil {
|
|
|
|
fmt.Println(err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
`}, 1, gosec.NewConfig()},
|
2023-12-08 13:30:54 +00:00
|
|
|
{[]string{`
|
2023-11-25 22:51:38 +00:00
|
|
|
// Insecure ciphersuite selection
|
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/tls"
|
|
|
|
"fmt"
|
|
|
|
"net/http"
|
|
|
|
)
|
|
|
|
|
|
|
|
func main() {
|
|
|
|
tr := &http.Transport{
|
|
|
|
TLSClientConfig: &tls.Config{
|
|
|
|
CipherSuites: []uint16{
|
|
|
|
tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
|
|
|
|
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
client := &http.Client{Transport: tr}
|
2024-12-16 14:18:51 +00:00
|
|
|
_, err := client.Get("https://go.dev/")
|
2023-11-25 22:51:38 +00:00
|
|
|
if err != nil {
|
|
|
|
fmt.Println(err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
`}, 1, gosec.NewConfig()},
|
2023-12-08 13:30:54 +00:00
|
|
|
{[]string{`
|
2023-11-25 22:51:38 +00:00
|
|
|
// secure max version when min version is specified
|
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/tls"
|
|
|
|
"fmt"
|
|
|
|
"net/http"
|
|
|
|
)
|
|
|
|
|
|
|
|
func main() {
|
|
|
|
tr := &http.Transport{
|
|
|
|
TLSClientConfig: &tls.Config{
|
2024-12-16 14:18:51 +00:00
|
|
|
MaxVersion: 0,
|
2023-11-25 22:51:38 +00:00
|
|
|
MinVersion: tls.VersionTLS13,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
client := &http.Client{Transport: tr}
|
2024-12-16 14:18:51 +00:00
|
|
|
_, err := client.Get("https://go.dev/")
|
2023-11-25 22:51:38 +00:00
|
|
|
if err != nil {
|
|
|
|
fmt.Println(err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
`}, 0, gosec.NewConfig()},
|
2023-12-08 13:30:54 +00:00
|
|
|
{[]string{`
|
2023-11-25 22:51:38 +00:00
|
|
|
package p0
|
|
|
|
|
|
|
|
import "crypto/tls"
|
|
|
|
|
|
|
|
func TlsConfig0() *tls.Config {
|
|
|
|
var v uint16 = 0
|
|
|
|
return &tls.Config{MinVersion: v}
|
|
|
|
}
|
|
|
|
`, `
|
|
|
|
package p0
|
|
|
|
|
|
|
|
import "crypto/tls"
|
|
|
|
|
|
|
|
func TlsConfig1() *tls.Config {
|
|
|
|
return &tls.Config{MinVersion: 0x0304}
|
|
|
|
}
|
|
|
|
`}, 1, gosec.NewConfig()},
|
2023-12-08 13:30:54 +00:00
|
|
|
{[]string{`
|
2023-11-25 22:51:38 +00:00
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/tls"
|
|
|
|
"fmt"
|
|
|
|
)
|
|
|
|
|
|
|
|
func main() {
|
|
|
|
cfg := tls.Config{
|
|
|
|
MinVersion: MinVer,
|
|
|
|
}
|
|
|
|
fmt.Println("tls min version", cfg.MinVersion)
|
|
|
|
}
|
|
|
|
`, `
|
|
|
|
package main
|
|
|
|
|
|
|
|
import "crypto/tls"
|
|
|
|
|
|
|
|
const MinVer = tls.VersionTLS13
|
|
|
|
`}, 0, gosec.NewConfig()},
|
2023-12-08 13:30:54 +00:00
|
|
|
{[]string{`
|
2023-11-25 22:51:38 +00:00
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/tls"
|
|
|
|
cryptotls "crypto/tls"
|
|
|
|
)
|
|
|
|
|
|
|
|
func main() {
|
|
|
|
_ = tls.Config{MinVersion: tls.VersionTLS12}
|
|
|
|
_ = cryptotls.Config{MinVersion: cryptotls.VersionTLS12}
|
|
|
|
}
|
|
|
|
`}, 0, gosec.NewConfig()},
|
2023-12-08 13:30:54 +00:00
|
|
|
}
|