From 1fbcf10e18ef88fec1957977eecef4627ed84e6d Mon Sep 17 00:00:00 2001 From: Cosmin Cojocar Date: Wed, 26 Jan 2022 18:13:53 +0100 Subject: [PATCH] Add a test for tls min version defined in a different file --- rules/tls.go | 2 +- testutils/source.go | 21 +++++++++++++++++++++ 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/rules/tls.go b/rules/tls.go index 55a6786..32fe936 100644 --- a/rules/tls.go +++ b/rules/tls.go @@ -87,7 +87,7 @@ func (t *insecureConfigTLS) processTLSConfVal(n *ast.KeyValueExpr, c *gosec.Cont } case "MinVersion": - if d, ok := n.Value.(*ast.Ident); ok { + if d, ok := n.Value.(*ast.Ident); ok && d.Obj != nil { if vs, ok := d.Obj.Decl.(*ast.ValueSpec); ok && len(vs.Values) > 0 { if s, ok := vs.Values[0].(*ast.SelectorExpr); ok { x := s.X.(*ast.Ident).Name diff --git a/testutils/source.go b/testutils/source.go index 212d6a4..a943b97 100644 --- a/testutils/source.go +++ b/testutils/source.go @@ -2838,6 +2838,27 @@ func TlsConfig1() *tls.Config { return &tls.Config{MinVersion: 0x0304} } `}, 1, gosec.NewConfig()}, + {[]string{` +package main + +import ( + "crypto/tls" + "fmt" +) + +func main() { + cfg := tls.Config{ + MinVersion: MinVer, + } + fmt.Println("tls min version", cfg.MinVersion) +} +`, ` +package main + +import "crypto/tls" + +const MinVer = tls.VersionTLS13 +`}, 0, gosec.NewConfig()}, } // SampleCodeG403 - weak key strength