Quiet warnings about integer truncation (#586)

Both MinVersion and MaxVersion of crypto/tls.Config are uint16, so the
int16 fields of rules.insecureConfigTLS are too small. GetInt()
interprets integer literals as fitting within 64-bits, so simplify
things by using int64.
This commit is contained in:
Chris Bandy 2021-03-03 03:05:33 -06:00 committed by GitHub
parent bf2cd2392b
commit 27a5ffb5c8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -26,12 +26,12 @@ import (
type insecureConfigTLS struct { type insecureConfigTLS struct {
gosec.MetaData gosec.MetaData
MinVersion int16 MinVersion int64
MaxVersion int16 MaxVersion int64
requiredType string requiredType string
goodCiphers []string goodCiphers []string
actualMinVersion int16 actualMinVersion int64
actualMaxVersion int16 actualMaxVersion int64
} }
func (t *insecureConfigTLS) ID() string { func (t *insecureConfigTLS) ID() string {
@ -86,7 +86,7 @@ func (t *insecureConfigTLS) processTLSConfVal(n *ast.KeyValueExpr, c *gosec.Cont
case "MinVersion": case "MinVersion":
if ival, ierr := gosec.GetInt(n.Value); ierr == nil { if ival, ierr := gosec.GetInt(n.Value); ierr == nil {
t.actualMinVersion = (int16)(ival) t.actualMinVersion = ival
} else { } else {
if se, ok := n.Value.(*ast.SelectorExpr); ok { if se, ok := n.Value.(*ast.SelectorExpr); ok {
if pkg, ok := se.X.(*ast.Ident); ok && pkg.Name == "tls" { if pkg, ok := se.X.(*ast.Ident); ok && pkg.Name == "tls" {
@ -97,7 +97,7 @@ func (t *insecureConfigTLS) processTLSConfVal(n *ast.KeyValueExpr, c *gosec.Cont
case "MaxVersion": case "MaxVersion":
if ival, ierr := gosec.GetInt(n.Value); ierr == nil { if ival, ierr := gosec.GetInt(n.Value); ierr == nil {
t.actualMaxVersion = (int16)(ival) t.actualMaxVersion = ival
} else { } else {
if se, ok := n.Value.(*ast.SelectorExpr); ok { if se, ok := n.Value.(*ast.SelectorExpr); ok {
if pkg, ok := se.X.(*ast.Ident); ok && pkg.Name == "tls" { if pkg, ok := se.X.(*ast.Ident); ok && pkg.Name == "tls" {
@ -117,8 +117,8 @@ func (t *insecureConfigTLS) processTLSConfVal(n *ast.KeyValueExpr, c *gosec.Cont
return nil return nil
} }
func (t *insecureConfigTLS) mapVersion(version string) int16 { func (t *insecureConfigTLS) mapVersion(version string) int64 {
var v int16 var v int64
switch version { switch version {
case "VersionTLS13": case "VersionTLS13":
v = tls.VersionTLS13 v = tls.VersionTLS13