gosec/rules/tls.go

// (c) Copyright 2016 Hewlett Packard Enterprise Development LP
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package rules

import (
	"fmt"
	"go/ast"
	"reflect"
	"regexp"

	"github.com/GoASTScanner/gas"
)

type InsecureConfigTLS struct {
	MinVersion  int16
	MaxVersion  int16
	pattern     *regexp.Regexp
	goodCiphers []string
}

func stringInSlice(a string, list []string) bool {
	for _, b := range list {
		if b == a {
			return true
		}
	}
	return false
}

func (t *InsecureConfigTLS) processTlsCipherSuites(n ast.Node, c *gas.Context) *gas.Issue {
	a := reflect.TypeOf(&ast.KeyValueExpr{})
	b := reflect.TypeOf(&ast.CompositeLit{})
	if node, ok := gas.SimpleSelect(n, a, b).(*ast.CompositeLit); ok {
		for _, elt := range node.Elts {
			if ident, ok := elt.(*ast.SelectorExpr); ok {
				if !stringInSlice(ident.Sel.Name, t.goodCiphers) {
					str := fmt.Sprintf("TLS Bad Cipher Suite: %s", ident.Sel.Name)
					return gas.NewIssue(c, n, str, gas.High, gas.High)
				}
			}
		}
	}
	return nil
}

func (t *InsecureConfigTLS) processTlsConfVal(n *ast.KeyValueExpr, c *gas.Context) *gas.Issue {
	if ident, ok := n.Key.(*ast.Ident); ok {
		switch ident.Name {
		case "InsecureSkipVerify":
			if node, ok := n.Value.(*ast.Ident); ok {
				if node.Name != "false" {
					return gas.NewIssue(c, n, "TLS InsecureSkipVerify set true.", gas.High, gas.High)
				}
			} else {
				// TODO(tk): symbol tab look up to get the actual value
				return gas.NewIssue(c, n, "TLS InsecureSkipVerify may be true.", gas.High, gas.Low)
			}

		case "PreferServerCipherSuites":
			if node, ok := n.Value.(*ast.Ident); ok {
				if node.Name == "false" {
					return gas.NewIssue(c, n, "TLS PreferServerCipherSuites set false.", gas.Medium, gas.High)
				}
			} else {
				// TODO(tk): symbol tab look up to get the actual value
				return gas.NewIssue(c, n, "TLS PreferServerCipherSuites may be false.", gas.Medium, gas.Low)
			}

		case "MinVersion":
			if ival, ierr := gas.GetInt(n.Value); ierr == nil {
				if (int16)(ival) < t.MinVersion {
					return gas.NewIssue(c, n, "TLS MinVersion too low.", gas.High, gas.High)
				}
				// TODO(tk): symbol tab look up to get the actual value
				return gas.NewIssue(c, n, "TLS MinVersion may be too low.", gas.High, gas.Low)
			}

		case "MaxVersion":
			if ival, ierr := gas.GetInt(n.Value); ierr == nil {
				if (int16)(ival) < t.MaxVersion {
					return gas.NewIssue(c, n, "TLS MaxVersion too low.", gas.High, gas.High)
				}
				// TODO(tk): symbol tab look up to get the actual value
				return gas.NewIssue(c, n, "TLS MaxVersion may be too low.", gas.High, gas.Low)
			}

		case "CipherSuites":
			if ret := t.processTlsCipherSuites(n, c); ret != nil {
				return ret
			}

		}

	}
	return nil
}

func (t *InsecureConfigTLS) Match(n ast.Node, c *gas.Context) (gi *gas.Issue, err error) {
	if node := gas.MatchCompLit(n, t.pattern); node != nil {
		for _, elt := range node.Elts {
			if kve, ok := elt.(*ast.KeyValueExpr); ok {
				gi = t.processTlsConfVal(kve, c)
				if gi != nil {
					break
				}
			}
		}
	}
	return
}

func NewModernTlsCheck(conf map[string]interface{}) (gas.Rule, []ast.Node) {
	// https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
	return &InsecureConfigTLS{
		pattern:    regexp.MustCompile(`^tls\.Config$`),
		MinVersion: 0x0303, // TLS 1.2 only
		MaxVersion: 0x0303,
		goodCiphers: []string{
			"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
			"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
			"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
			"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
		},
	}, []ast.Node{(*ast.CompositeLit)(nil)}
}

func NewIntermediateTlsCheck(conf map[string]interface{}) (gas.Rule, []ast.Node) {
	// https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29
	return &InsecureConfigTLS{
		pattern:    regexp.MustCompile(`^tls\.Config$`),
		MinVersion: 0x0301, // TLS 1.2, 1.1, 1.0
		MaxVersion: 0x0303,
		goodCiphers: []string{
			"TLS_RSA_WITH_AES_128_CBC_SHA",
			"TLS_RSA_WITH_AES_256_CBC_SHA",
			"TLS_RSA_WITH_AES_128_GCM_SHA256",
			"TLS_RSA_WITH_AES_256_GCM_SHA384",
			"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
			"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
			"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
			"TLS_ECDHE_RSA_WITH_RC4_128_SHA",
			"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
			"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
			"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
			"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
			"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
			"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
			"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
		},
	}, []ast.Node{(*ast.CompositeLit)(nil)}
}

func NewCompatTlsCheck(conf map[string]interface{}) (gas.Rule, []ast.Node) {
	// https://wiki.mozilla.org/Security/Server_Side_TLS#Old_compatibility_.28default.29
	return &InsecureConfigTLS{
		pattern:    regexp.MustCompile(`^tls\.Config$`),
		MinVersion: 0x0301, // TLS 1.2, 1.1, 1.0
		MaxVersion: 0x0303,
		goodCiphers: []string{
			"TLS_RSA_WITH_RC4_128_SHA",
			"TLS_RSA_WITH_3DES_EDE_CBC_SHA",
			"TLS_RSA_WITH_AES_128_CBC_SHA",
			"TLS_RSA_WITH_AES_256_CBC_SHA",
			"TLS_RSA_WITH_AES_128_GCM_SHA256",
			"TLS_RSA_WITH_AES_256_GCM_SHA384",
			"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
			"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
			"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
			"TLS_ECDHE_RSA_WITH_RC4_128_SHA",
			"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
			"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
			"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
			"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
			"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
			"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
			"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
		},
	}, []ast.Node{(*ast.CompositeLit)(nil)}
}
Initial public release 2016-07-20 11:02:01 +01:00			`// (c) Copyright 2016 Hewlett Packard Enterprise Development LP`
			`//`
			`// Licensed under the Apache License, Version 2.0 (the "License");`
			`// you may not use this file except in compliance with the License.`
			`// You may obtain a copy of the License at`
			`//`
			`// http://www.apache.org/licenses/LICENSE-2.0`
			`//`
			`// Unless required by applicable law or agreed to in writing, software`
			`// distributed under the License is distributed on an "AS IS" BASIS,`
			`// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`// See the License for the specific language governing permissions and`
			`// limitations under the License.`

			`package rules`

			`import (`
			`"fmt"`
			`"go/ast"`
			`"reflect"`
			`"regexp"`

Restructure to focus on lib rather than cli 2017-04-26 16:08:46 +01:00			`"github.com/GoASTScanner/gas"`
Initial public release 2016-07-20 11:02:01 +01:00			`)`

			`type InsecureConfigTLS struct {`
			`MinVersion int16`
			`MaxVersion int16`
			`pattern *regexp.Regexp`
			`goodCiphers []string`
			`}`

			`func stringInSlice(a string, list []string) bool {`
			`for _, b := range list {`
			`if b == a {`
			`return true`
			`}`
			`}`
			`return false`
			`}`

			`func (t InsecureConfigTLS) processTlsCipherSuites(n ast.Node, c gas.Context) *gas.Issue {`
			`a := reflect.TypeOf(&ast.KeyValueExpr{})`
			`b := reflect.TypeOf(&ast.CompositeLit{})`
			`if node, ok := gas.SimpleSelect(n, a, b).(*ast.CompositeLit); ok {`
			`for _, elt := range node.Elts {`
			`if ident, ok := elt.(*ast.SelectorExpr); ok {`
			`if !stringInSlice(ident.Sel.Name, t.goodCiphers) {`
			`str := fmt.Sprintf("TLS Bad Cipher Suite: %s", ident.Sel.Name)`
			`return gas.NewIssue(c, n, str, gas.High, gas.High)`
			`}`
			`}`
			`}`
			`}`
			`return nil`
			`}`

			`func (t InsecureConfigTLS) processTlsConfVal(n ast.KeyValueExpr, c gas.Context) gas.Issue {`
			`if ident, ok := n.Key.(*ast.Ident); ok {`
			`switch ident.Name {`
			`case "InsecureSkipVerify":`
			`if node, ok := n.Value.(*ast.Ident); ok {`
			`if node.Name != "false" {`
			`return gas.NewIssue(c, n, "TLS InsecureSkipVerify set true.", gas.High, gas.High)`
			`}`
			`} else {`
			`// TODO(tk): symbol tab look up to get the actual value`
			`return gas.NewIssue(c, n, "TLS InsecureSkipVerify may be true.", gas.High, gas.Low)`
			`}`

Add a check for PreferServerCipherSuites flag of tls.Config 2017-03-15 14:05:44 +00:00			`case "PreferServerCipherSuites":`
			`if node, ok := n.Value.(*ast.Ident); ok {`
			`if node.Name == "false" {`
			`return gas.NewIssue(c, n, "TLS PreferServerCipherSuites set false.", gas.Medium, gas.High)`
			`}`
			`} else {`
			`// TODO(tk): symbol tab look up to get the actual value`
			`return gas.NewIssue(c, n, "TLS PreferServerCipherSuites may be false.", gas.Medium, gas.Low)`
			`}`

Initial public release 2016-07-20 11:02:01 +01:00			`case "MinVersion":`
			`if ival, ierr := gas.GetInt(n.Value); ierr == nil {`
			`if (int16)(ival) < t.MinVersion {`
			`return gas.NewIssue(c, n, "TLS MinVersion too low.", gas.High, gas.High)`
			`}`
			`// TODO(tk): symbol tab look up to get the actual value`
			`return gas.NewIssue(c, n, "TLS MinVersion may be too low.", gas.High, gas.Low)`
			`}`

			`case "MaxVersion":`
			`if ival, ierr := gas.GetInt(n.Value); ierr == nil {`
			`if (int16)(ival) < t.MaxVersion {`
			`return gas.NewIssue(c, n, "TLS MaxVersion too low.", gas.High, gas.High)`
			`}`
			`// TODO(tk): symbol tab look up to get the actual value`
			`return gas.NewIssue(c, n, "TLS MaxVersion may be too low.", gas.High, gas.Low)`
			`}`

			`case "CipherSuites":`
			`if ret := t.processTlsCipherSuites(n, c); ret != nil {`
			`return ret`
			`}`
Add a check for PreferServerCipherSuites flag of tls.Config 2017-03-15 14:05:44 +00:00
Initial public release 2016-07-20 11:02:01 +01:00			`}`
Add a check for PreferServerCipherSuites flag of tls.Config 2017-03-15 14:05:44 +00:00
Initial public release 2016-07-20 11:02:01 +01:00			`}`
			`return nil`
			`}`

			`func (t InsecureConfigTLS) Match(n ast.Node, c gas.Context) (gi *gas.Issue, err error) {`
			`if node := gas.MatchCompLit(n, t.pattern); node != nil {`
			`for _, elt := range node.Elts {`
			`if kve, ok := elt.(*ast.KeyValueExpr); ok {`
			`gi = t.processTlsConfVal(kve, c)`
			`if gi != nil {`
			`break`
			`}`
			`}`
			`}`
			`}`
			`return`
			`}`

Allow rules to register against multiple ast nodes Update the AddRule interface to allow rules to register interest in multiple ast.Nodes. Adds more flexibility to how rules can work, and was needed to fix the hard coded credentials test specifically. 2016-11-13 20:55:31 +00:00			`func NewModernTlsCheck(conf map[string]interface{}) (gas.Rule, []ast.Node) {`
Initial public release 2016-07-20 11:02:01 +01:00			`// https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility`
Allow rules to register against multiple ast nodes Update the AddRule interface to allow rules to register interest in multiple ast.Nodes. Adds more flexibility to how rules can work, and was needed to fix the hard coded credentials test specifically. 2016-11-13 20:55:31 +00:00			`return &InsecureConfigTLS{`
Fix incorrect regexp matches There are some cases where the '.' character would also match any character and could lead to incorrect results. For example the regular expression - `^ioutils.WriteFile$' would match ioutils.WriteFile, but also ioutils_WriteFile. Additionally made sure that all regexp were declared using raw strings to avoid any unnecesary string escaping that potentially make the regexp difficult to read. 2016-07-30 21:29:33 +01:00			pattern: regexp.MustCompile(`^tls\.Config$`),
Initial public release 2016-07-20 11:02:01 +01:00			`MinVersion: 0x0303, // TLS 1.2 only`
			`MaxVersion: 0x0303,`
			`goodCiphers: []string{`
			`"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",`
			`"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",`
			`"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",`
			`"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",`
			`},`
Allow rules to register against multiple ast nodes Update the AddRule interface to allow rules to register interest in multiple ast.Nodes. Adds more flexibility to how rules can work, and was needed to fix the hard coded credentials test specifically. 2016-11-13 20:55:31 +00:00			`}, []ast.Node{(*ast.CompositeLit)(nil)}`
Initial public release 2016-07-20 11:02:01 +01:00			`}`

Allow rules to register against multiple ast nodes Update the AddRule interface to allow rules to register interest in multiple ast.Nodes. Adds more flexibility to how rules can work, and was needed to fix the hard coded credentials test specifically. 2016-11-13 20:55:31 +00:00			`func NewIntermediateTlsCheck(conf map[string]interface{}) (gas.Rule, []ast.Node) {`
Initial public release 2016-07-20 11:02:01 +01:00			`// https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29`
Allow rules to register against multiple ast nodes Update the AddRule interface to allow rules to register interest in multiple ast.Nodes. Adds more flexibility to how rules can work, and was needed to fix the hard coded credentials test specifically. 2016-11-13 20:55:31 +00:00			`return &InsecureConfigTLS{`
Fix incorrect regexp matches There are some cases where the '.' character would also match any character and could lead to incorrect results. For example the regular expression - `^ioutils.WriteFile$' would match ioutils.WriteFile, but also ioutils_WriteFile. Additionally made sure that all regexp were declared using raw strings to avoid any unnecesary string escaping that potentially make the regexp difficult to read. 2016-07-30 21:29:33 +01:00			pattern: regexp.MustCompile(`^tls\.Config$`),
Initial public release 2016-07-20 11:02:01 +01:00			`MinVersion: 0x0301, // TLS 1.2, 1.1, 1.0`
			`MaxVersion: 0x0303,`
			`goodCiphers: []string{`
			`"TLS_RSA_WITH_AES_128_CBC_SHA",`
			`"TLS_RSA_WITH_AES_256_CBC_SHA",`
			`"TLS_RSA_WITH_AES_128_GCM_SHA256",`
			`"TLS_RSA_WITH_AES_256_GCM_SHA384",`
			`"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",`
			`"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",`
			`"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",`
			`"TLS_ECDHE_RSA_WITH_RC4_128_SHA",`
			`"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",`
			`"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",`
			`"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",`
			`"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",`
			`"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",`
			`"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",`
			`"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",`
			`},`
Allow rules to register against multiple ast nodes Update the AddRule interface to allow rules to register interest in multiple ast.Nodes. Adds more flexibility to how rules can work, and was needed to fix the hard coded credentials test specifically. 2016-11-13 20:55:31 +00:00			`}, []ast.Node{(*ast.CompositeLit)(nil)}`
Initial public release 2016-07-20 11:02:01 +01:00			`}`

Allow rules to register against multiple ast nodes Update the AddRule interface to allow rules to register interest in multiple ast.Nodes. Adds more flexibility to how rules can work, and was needed to fix the hard coded credentials test specifically. 2016-11-13 20:55:31 +00:00			`func NewCompatTlsCheck(conf map[string]interface{}) (gas.Rule, []ast.Node) {`
Initial public release 2016-07-20 11:02:01 +01:00			`// https://wiki.mozilla.org/Security/Server_Side_TLS#Old_compatibility_.28default.29`
Allow rules to register against multiple ast nodes Update the AddRule interface to allow rules to register interest in multiple ast.Nodes. Adds more flexibility to how rules can work, and was needed to fix the hard coded credentials test specifically. 2016-11-13 20:55:31 +00:00			`return &InsecureConfigTLS{`
Fix incorrect regexp matches There are some cases where the '.' character would also match any character and could lead to incorrect results. For example the regular expression - `^ioutils.WriteFile$' would match ioutils.WriteFile, but also ioutils_WriteFile. Additionally made sure that all regexp were declared using raw strings to avoid any unnecesary string escaping that potentially make the regexp difficult to read. 2016-07-30 21:29:33 +01:00			pattern: regexp.MustCompile(`^tls\.Config$`),
Initial public release 2016-07-20 11:02:01 +01:00			`MinVersion: 0x0301, // TLS 1.2, 1.1, 1.0`
			`MaxVersion: 0x0303,`
			`goodCiphers: []string{`
			`"TLS_RSA_WITH_RC4_128_SHA",`
			`"TLS_RSA_WITH_3DES_EDE_CBC_SHA",`
			`"TLS_RSA_WITH_AES_128_CBC_SHA",`
			`"TLS_RSA_WITH_AES_256_CBC_SHA",`
			`"TLS_RSA_WITH_AES_128_GCM_SHA256",`
			`"TLS_RSA_WITH_AES_256_GCM_SHA384",`
			`"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",`
			`"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",`
			`"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",`
			`"TLS_ECDHE_RSA_WITH_RC4_128_SHA",`
			`"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",`
			`"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",`
			`"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",`
			`"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",`
			`"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",`
			`"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",`
			`"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",`
			`},`
Allow rules to register against multiple ast nodes Update the AddRule interface to allow rules to register interest in multiple ast.Nodes. Adds more flexibility to how rules can work, and was needed to fix the hard coded credentials test specifically. 2016-11-13 20:55:31 +00:00			`}, []ast.Node{(*ast.CompositeLit)(nil)}`
Initial public release 2016-07-20 11:02:01 +01:00			`}`