diff --git a/go.sum b/go.sum index 9c5625f..51aff79 100644 --- a/go.sum +++ b/go.sum @@ -369,6 +369,7 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 h1:ObdrDkeb4kJdCP557AjRjq golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad h1:DN0cp81fZ3njFcrLCytUHRSUkqBjfTo4Tx9RJTWs0EY= golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= diff --git a/rules/tls.go b/rules/tls.go index a013788..8fbcbca 100644 --- a/rules/tls.go +++ b/rules/tls.go @@ -146,6 +146,11 @@ func (t *insecureConfigTLS) checkVersion(n ast.Node, c *gosec.Context) *gosec.Is return nil } +func (t *insecureConfigTLS) resetVersion() { + t.actualMaxVersion = 0 + t.actualMinVersion = 0 +} + func (t *insecureConfigTLS) Match(n ast.Node, c *gosec.Context) (*gosec.Issue, error) { if complit, ok := n.(*ast.CompositeLit); ok && complit.Type != nil { actualType := c.Info.TypeOf(complit.Type) @@ -158,7 +163,9 @@ func (t *insecureConfigTLS) Match(n ast.Node, c *gosec.Context) (*gosec.Issue, e } } } - return t.checkVersion(complit, c), nil + issue := t.checkVersion(complit, c) + t.resetVersion() + return issue, nil } } return nil, nil diff --git a/testutils/source.go b/testutils/source.go index cec6d05..8bb162a 100644 --- a/testutils/source.go +++ b/testutils/source.go @@ -2057,7 +2057,24 @@ func main() { if err != nil { fmt.Println(err) } -}`}, 0, gosec.NewConfig()}} +}`}, 0, gosec.NewConfig()}, {[]string{` +package p0 + +import "crypto/tls" + +func TlsConfig0() *tls.Config { + var v uint16 = 0 + return &tls.Config{MinVersion: v} +} +`, ` +package p0 + +import "crypto/tls" + +func TlsConfig1() *tls.Config { + return &tls.Config{MinVersion: 0x0304} +} +`}, 1, gosec.NewConfig()}} // SampleCodeG403 - weak key strength SampleCodeG403 = []CodeSample{