github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/nifcloud/sslcertificate/remove_expired_certificates.go (about) 1 package sslcertificate 2 3 import ( 4 "time" 5 6 "github.com/khulnasoft-lab/defsec/pkg/severity" 7 8 "github.com/khulnasoft-lab/defsec/pkg/state" 9 10 "github.com/khulnasoft-lab/defsec/pkg/scan" 11 12 "github.com/khulnasoft-lab/defsec/internal/rules" 13 14 "github.com/khulnasoft-lab/defsec/pkg/providers" 15 ) 16 17 var CheckRemoveExpiredCertificates = rules.Register( 18 scan.Rule{ 19 AVDID: "AVD-NIF-0006", 20 Provider: providers.NifcloudProvider, 21 Service: "ssl-certificate", 22 ShortCode: "remove-expired-certificates", 23 Summary: "Delete expired SSL certificates", 24 Impact: "Risk of misconfiguration and damage to credibility", 25 Resolution: "Remove expired certificates", 26 Explanation: ` 27 Removing expired SSL/TLS certificates eliminates the risk that an invalid certificate will be 28 deployed accidentally to a resource such as NIFCLOUD Load Balancer(L4LB), which candamage the 29 credibility of the application/website behind the L4LB. As a best practice, it is 30 recommended to delete expired certificates. 31 `, 32 Links: []string{ 33 "https://pfs.nifcloud.com/help/ssl/del.htm", 34 }, 35 Severity: severity.Low, 36 }, 37 func(s *state.State) (results scan.Results) { 38 for _, certificate := range s.Nifcloud.SSLCertificate.ServerCertificates { 39 if certificate.Expiration.Before(time.Now()) { 40 results.Add("Certificate has expired.", &certificate) 41 } else { 42 results.AddPassed(&certificate) 43 } 44 } 45 return 46 }, 47 )