func (r *FilePermissions) Match(n ast.Node, c *gas.Context) (*gas.Issue, error) { if node := gas.MatchCall(n, r.pattern); node != nil { if val, err := gas.GetInt(node.Args[1]); err == nil && val > r.mode { return gas.NewIssue(c, n, r.What, r.Severity, r.Confidence), nil } } return nil, nil }
func (w *WeakKeyStrength) Match(n ast.Node, c *gas.Context) (*gas.Issue, error) { if node := gas.MatchCall(n, w.pattern); node != nil { if bits, err := gas.GetInt(node.Args[1]); err == nil && bits < (int64)(w.bits) { return gas.NewIssue(c, n, w.What, w.Severity, w.Confidence), nil } } return nil, nil }
func (t *InsecureConfigTLS) processTlsConfVal(n *ast.KeyValueExpr, c *gas.Context) *gas.Issue { if ident, ok := n.Key.(*ast.Ident); ok { switch ident.Name { case "InsecureSkipVerify": if node, ok := n.Value.(*ast.Ident); ok { if node.Name != "false" { return gas.NewIssue(c, n, "TLS InsecureSkipVerify set true.", gas.High, gas.High) } } else { // TODO(tk): symbol tab look up to get the actual value return gas.NewIssue(c, n, "TLS InsecureSkipVerify may be true.", gas.High, gas.Low) } case "MinVersion": if ival, ierr := gas.GetInt(n.Value); ierr == nil { if (int16)(ival) < t.MinVersion { return gas.NewIssue(c, n, "TLS MinVersion too low.", gas.High, gas.High) } // TODO(tk): symbol tab look up to get the actual value return gas.NewIssue(c, n, "TLS MinVersion may be too low.", gas.High, gas.Low) } case "MaxVersion": if ival, ierr := gas.GetInt(n.Value); ierr == nil { if (int16)(ival) < t.MaxVersion { return gas.NewIssue(c, n, "TLS MaxVersion too low.", gas.High, gas.High) } // TODO(tk): symbol tab look up to get the actual value return gas.NewIssue(c, n, "TLS MaxVersion may be too low.", gas.High, gas.Low) } case "CipherSuites": if ret := t.processTlsCipherSuites(n, c); ret != nil { return ret } } } return nil }