From 2fad8a41937ef0d6f9e14c393a0b9c817bc7e119 Mon Sep 17 00:00:00 2001 From: Cosmin Cojocar Date: Wed, 26 Jan 2022 19:21:32 +0100 Subject: [PATCH] Resolve the TLS min version when is declarted in the same package but in a different file --- rules/tls.go | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/rules/tls.go b/rules/tls.go index 32fe936..21af8e5 100644 --- a/rules/tls.go +++ b/rules/tls.go @@ -87,8 +87,17 @@ func (t *insecureConfigTLS) processTLSConfVal(n *ast.KeyValueExpr, c *gosec.Cont } case "MinVersion": - if d, ok := n.Value.(*ast.Ident); ok && d.Obj != nil { - if vs, ok := d.Obj.Decl.(*ast.ValueSpec); ok && len(vs.Values) > 0 { + if d, ok := n.Value.(*ast.Ident); ok { + obj := d.Obj + if obj == nil { + for _, f := range c.PkgFiles { + obj = f.Scope.Lookup(d.Name) + if obj != nil { + break + } + } + } + if vs, ok := obj.Decl.(*ast.ValueSpec); ok && len(vs.Values) > 0 { if s, ok := vs.Values[0].(*ast.SelectorExpr); ok { x := s.X.(*ast.Ident).Name sel := s.Sel.Name