ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S4423/go/rule.adoc
github-actions[bot] 10cb45778a
Create rule S4423: add Go (APPSEC-905) (#2830) 
Research ticket:
[APPSEC-905](https://sonarsource.atlassian.net/browse/APPSEC-905)

You can preview this rule
[here](https://sonarsource.github.io/rspec/#/rspec/S4423/go) (updated a
few minutes after each push).

## Review

A dedicated reviewer checked the rule description successfully for:

- [ ] logical errors and incorrect information
- [ ] information gaps and missing content
- [ ] text style and tone
- [ ] PR summary and labels follow [the
guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule)



[APPSEC-905]:
https://sonarsource.atlassian.net/browse/APPSEC-905?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ

---------

Co-authored-by: egon-okerman-sonarsource <egon-okerman-sonarsource@users.noreply.github.com>
Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com>
2023-08-16 13:53:27 +02:00

55 lines
1.2 KiB
Plaintext
Raw Permalink Blame History

include::../summary.adoc[]
== Why is this an issue?
include::../rationale.adoc[]
include::../impact.adoc[]
// How to fix it section
include::how-to-fix-it/stdlib.adoc[]
== Resources
include::../common/resources/docs.adoc[]
include::../common/resources/articles.adoc[]
* GitHub - `golang/go` - https://github.com/golang/go/issues/45428[`crypto/tls`: disable client-side TLS 1.0 and TLS 1.1]
include::../common/resources/presentations.adoc[]
include::../common/resources/standards.adoc[]
ifdef::env-github,rspecator-view[]
'''
== Implementation Specification
(visible only on this page)
=== Message
Change this code to enforce TLS 1.2 or above.
=== Highlighting
When a `tls.Config` is found:
* If the `MinProtocol` property is set, then highlight it and its incorrect value.
* If the `MinProtocol` property is not set (but defaults to TLS 1.0), then highlight the entire `tls.Config` object.
When a `tls.Config` is not found, but an `http.Server` is created (which defaults to TLS 1.0):
* Highlight the `http.Server` constructor.
'''
== Comments And Links
(visible only on this page)
include::../comments-and-links.adoc[]
endif::env-github,rspecator-view[]
Reference in New Issue View Git Blame Copy Permalink