mirror of
https://github.com/securego/gosec.git
synced 2024-12-24 11:35:52 +00:00
Add a test for tls min version defined in a different file
This commit is contained in:
parent
b12c0f6e4e
commit
1fbcf10e18
2 changed files with 22 additions and 1 deletions
|
@ -87,7 +87,7 @@ func (t *insecureConfigTLS) processTLSConfVal(n *ast.KeyValueExpr, c *gosec.Cont
|
|||
}
|
||||
|
||||
case "MinVersion":
|
||||
if d, ok := n.Value.(*ast.Ident); ok {
|
||||
if d, ok := n.Value.(*ast.Ident); ok && d.Obj != nil {
|
||||
if vs, ok := d.Obj.Decl.(*ast.ValueSpec); ok && len(vs.Values) > 0 {
|
||||
if s, ok := vs.Values[0].(*ast.SelectorExpr); ok {
|
||||
x := s.X.(*ast.Ident).Name
|
||||
|
|
|
@ -2838,6 +2838,27 @@ func TlsConfig1() *tls.Config {
|
|||
return &tls.Config{MinVersion: 0x0304}
|
||||
}
|
||||
`}, 1, gosec.NewConfig()},
|
||||
{[]string{`
|
||||
package main
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"fmt"
|
||||
)
|
||||
|
||||
func main() {
|
||||
cfg := tls.Config{
|
||||
MinVersion: MinVer,
|
||||
}
|
||||
fmt.Println("tls min version", cfg.MinVersion)
|
||||
}
|
||||
`, `
|
||||
package main
|
||||
|
||||
import "crypto/tls"
|
||||
|
||||
const MinVer = tls.VersionTLS13
|
||||
`}, 0, gosec.NewConfig()},
|
||||
}
|
||||
|
||||
// SampleCodeG403 - weak key strength
|
||||
|
|
Loading…
Reference in a new issue