mirror of
https://github.com/securego/gosec.git
synced 2025-01-12 04:45:53 +00:00
Quiet warnings about integer truncation (#586)
Both MinVersion and MaxVersion of crypto/tls.Config are uint16, so the int16 fields of rules.insecureConfigTLS are too small. GetInt() interprets integer literals as fitting within 64-bits, so simplify things by using int64.
This commit is contained in:
parent
bf2cd2392b
commit
27a5ffb5c8
1 changed files with 8 additions and 8 deletions
16
rules/tls.go
16
rules/tls.go
|
@ -26,12 +26,12 @@ import (
|
||||||
|
|
||||||
type insecureConfigTLS struct {
|
type insecureConfigTLS struct {
|
||||||
gosec.MetaData
|
gosec.MetaData
|
||||||
MinVersion int16
|
MinVersion int64
|
||||||
MaxVersion int16
|
MaxVersion int64
|
||||||
requiredType string
|
requiredType string
|
||||||
goodCiphers []string
|
goodCiphers []string
|
||||||
actualMinVersion int16
|
actualMinVersion int64
|
||||||
actualMaxVersion int16
|
actualMaxVersion int64
|
||||||
}
|
}
|
||||||
|
|
||||||
func (t *insecureConfigTLS) ID() string {
|
func (t *insecureConfigTLS) ID() string {
|
||||||
|
@ -86,7 +86,7 @@ func (t *insecureConfigTLS) processTLSConfVal(n *ast.KeyValueExpr, c *gosec.Cont
|
||||||
|
|
||||||
case "MinVersion":
|
case "MinVersion":
|
||||||
if ival, ierr := gosec.GetInt(n.Value); ierr == nil {
|
if ival, ierr := gosec.GetInt(n.Value); ierr == nil {
|
||||||
t.actualMinVersion = (int16)(ival)
|
t.actualMinVersion = ival
|
||||||
} else {
|
} else {
|
||||||
if se, ok := n.Value.(*ast.SelectorExpr); ok {
|
if se, ok := n.Value.(*ast.SelectorExpr); ok {
|
||||||
if pkg, ok := se.X.(*ast.Ident); ok && pkg.Name == "tls" {
|
if pkg, ok := se.X.(*ast.Ident); ok && pkg.Name == "tls" {
|
||||||
|
@ -97,7 +97,7 @@ func (t *insecureConfigTLS) processTLSConfVal(n *ast.KeyValueExpr, c *gosec.Cont
|
||||||
|
|
||||||
case "MaxVersion":
|
case "MaxVersion":
|
||||||
if ival, ierr := gosec.GetInt(n.Value); ierr == nil {
|
if ival, ierr := gosec.GetInt(n.Value); ierr == nil {
|
||||||
t.actualMaxVersion = (int16)(ival)
|
t.actualMaxVersion = ival
|
||||||
} else {
|
} else {
|
||||||
if se, ok := n.Value.(*ast.SelectorExpr); ok {
|
if se, ok := n.Value.(*ast.SelectorExpr); ok {
|
||||||
if pkg, ok := se.X.(*ast.Ident); ok && pkg.Name == "tls" {
|
if pkg, ok := se.X.(*ast.Ident); ok && pkg.Name == "tls" {
|
||||||
|
@ -117,8 +117,8 @@ func (t *insecureConfigTLS) processTLSConfVal(n *ast.KeyValueExpr, c *gosec.Cont
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (t *insecureConfigTLS) mapVersion(version string) int16 {
|
func (t *insecureConfigTLS) mapVersion(version string) int64 {
|
||||||
var v int16
|
var v int64
|
||||||
switch version {
|
switch version {
|
||||||
case "VersionTLS13":
|
case "VersionTLS13":
|
||||||
v = tls.VersionTLS13
|
v = tls.VersionTLS13
|
||||||
|
|
Loading…
Reference in a new issue