mirror of
https://github.com/securego/gosec.git
synced 2024-12-25 12:05:52 +00:00
Add a test for tls min version defined in a different file
This commit is contained in:
parent
b12c0f6e4e
commit
1fbcf10e18
2 changed files with 22 additions and 1 deletions
|
@ -87,7 +87,7 @@ func (t *insecureConfigTLS) processTLSConfVal(n *ast.KeyValueExpr, c *gosec.Cont
|
||||||
}
|
}
|
||||||
|
|
||||||
case "MinVersion":
|
case "MinVersion":
|
||||||
if d, ok := n.Value.(*ast.Ident); ok {
|
if d, ok := n.Value.(*ast.Ident); ok && d.Obj != nil {
|
||||||
if vs, ok := d.Obj.Decl.(*ast.ValueSpec); ok && len(vs.Values) > 0 {
|
if vs, ok := d.Obj.Decl.(*ast.ValueSpec); ok && len(vs.Values) > 0 {
|
||||||
if s, ok := vs.Values[0].(*ast.SelectorExpr); ok {
|
if s, ok := vs.Values[0].(*ast.SelectorExpr); ok {
|
||||||
x := s.X.(*ast.Ident).Name
|
x := s.X.(*ast.Ident).Name
|
||||||
|
|
|
@ -2838,6 +2838,27 @@ func TlsConfig1() *tls.Config {
|
||||||
return &tls.Config{MinVersion: 0x0304}
|
return &tls.Config{MinVersion: 0x0304}
|
||||||
}
|
}
|
||||||
`}, 1, gosec.NewConfig()},
|
`}, 1, gosec.NewConfig()},
|
||||||
|
{[]string{`
|
||||||
|
package main
|
||||||
|
|
||||||
|
import (
|
||||||
|
"crypto/tls"
|
||||||
|
"fmt"
|
||||||
|
)
|
||||||
|
|
||||||
|
func main() {
|
||||||
|
cfg := tls.Config{
|
||||||
|
MinVersion: MinVer,
|
||||||
|
}
|
||||||
|
fmt.Println("tls min version", cfg.MinVersion)
|
||||||
|
}
|
||||||
|
`, `
|
||||||
|
package main
|
||||||
|
|
||||||
|
import "crypto/tls"
|
||||||
|
|
||||||
|
const MinVer = tls.VersionTLS13
|
||||||
|
`}, 0, gosec.NewConfig()},
|
||||||
}
|
}
|
||||||
|
|
||||||
// SampleCodeG403 - weak key strength
|
// SampleCodeG403 - weak key strength
|
||||||
|
|
Loading…
Reference in a new issue