gopkg.in/alecthomas/gometalinter.v3@v3.0.0/_linters/src/github.com/securego/gosec/rules/rsa.go (about) 1 // (c) Copyright 2016 Hewlett Packard Enterprise Development LP 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package rules 16 17 import ( 18 "fmt" 19 "go/ast" 20 21 "github.com/securego/gosec" 22 ) 23 24 type weakKeyStrength struct { 25 gosec.MetaData 26 calls gosec.CallList 27 bits int 28 } 29 30 func (w *weakKeyStrength) ID() string { 31 return w.MetaData.ID 32 } 33 34 func (w *weakKeyStrength) Match(n ast.Node, c *gosec.Context) (*gosec.Issue, error) { 35 if callExpr := w.calls.ContainsCallExpr(n, c); callExpr != nil { 36 if bits, err := gosec.GetInt(callExpr.Args[1]); err == nil && bits < (int64)(w.bits) { 37 return gosec.NewIssue(c, n, w.ID(), w.What, w.Severity, w.Confidence), nil 38 } 39 } 40 return nil, nil 41 } 42 43 // NewWeakKeyStrength builds a rule that detects RSA keys < 2048 bits 44 func NewWeakKeyStrength(id string, conf gosec.Config) (gosec.Rule, []ast.Node) { 45 calls := gosec.NewCallList() 46 calls.Add("crypto/rsa", "GenerateKey") 47 bits := 2048 48 return &weakKeyStrength{ 49 calls: calls, 50 bits: bits, 51 MetaData: gosec.MetaData{ 52 ID: id, 53 Severity: gosec.Medium, 54 Confidence: gosec.High, 55 What: fmt.Sprintf("RSA keys should be at least %d bits", bits), 56 }, 57 }, []ast.Node{(*ast.CallExpr)(nil)} 58 }