Add a test for tls min version defined in a different file

ccojocar · ccojocar · commit 1fbcf10e18ef · 2022-01-26T19:27:26.000+01:00
diff --git a/rules/tls.go b/rules/tls.go
@@ -87,7 +87,7 @@ func (t *insecureConfigTLS) processTLSConfVal(n *ast.KeyValueExpr, c *gosec.Cont
 			}
 
 		case "MinVersion":
-			if d, ok := n.Value.(*ast.Ident); ok {
+			if d, ok := n.Value.(*ast.Ident); ok && d.Obj != nil {
 				if vs, ok := d.Obj.Decl.(*ast.ValueSpec); ok && len(vs.Values) > 0 {
 					if s, ok := vs.Values[0].(*ast.SelectorExpr); ok {
 						x := s.X.(*ast.Ident).Name
diff --git a/testutils/source.go b/testutils/source.go
@@ -2838,6 +2838,27 @@ func TlsConfig1() *tls.Config {
    return &tls.Config{MinVersion: 0x0304}
 }
 `}, 1, gosec.NewConfig()},
+		{[]string{`
+package main
+
+import (
+	"crypto/tls"
+	"fmt"
+)
+
+func main() {
+	cfg := tls.Config{
+		MinVersion: MinVer,
+	}
+	fmt.Println("tls min version", cfg.MinVersion)
+}
+`, `
+package main
+
+import "crypto/tls"
+
+const MinVer = tls.VersionTLS13
+`}, 0, gosec.NewConfig()},
 	}
 
 	// SampleCodeG403 - weak key strength

Original file line number	Diff line number	Diff line change
`@@ -87,7 +87,7 @@ func (t insecureConfigTLS) processTLSConfVal(n ast.KeyValueExpr, c *gosec.Cont`
`87`	`87`	`}`
`88`	`88`
`89`	`89`	`case "MinVersion":`
`90`		`- if d, ok := n.Value.(*ast.Ident); ok {`
	`90`	`+ if d, ok := n.Value.(*ast.Ident); ok && d.Obj != nil {`
`91`	`91`	`if vs, ok := d.Obj.Decl.(*ast.ValueSpec); ok && len(vs.Values) > 0 {`
`92`	`92`	`if s, ok := vs.Values[0].(*ast.SelectorExpr); ok {`
`93`	`93`	`x := s.X.(*ast.Ident).Name`