Insecure-TLS: restrict sources to potentially interesting integers.

2026-01-29 14:23:03 +01:00 · 2020-07-29 16:46:36 +01:00
parent e89cd16cb1
commit cce3a70412
1 changed files with 9 additions and 0 deletions
--- a/ql/src/Security/CWE-327/InsecureTLS.ql
+++ b/ql/src/Security/CWE-327/InsecureTLS.ql
@@ -35,6 +35,14 @@ predicate isInsecureTlsVersion(int val, string name, string fieldName) {
  )
 }

+/**
+ * Returns integers that may represent a TLS version.
+ *
+ * Integer values corresponding to versions are defined at https://golang.org/pkg/crypto/tls/#pkg-constants
+ * Zero means the default version; at the time of writing, TLS 1.0.
+ */
+int getATlsVersion() { result in [768, 769, 770, 771, 772, 0] }
+
 /**
 * Holds if `node` refers to a value returned alongside a non-nil error value.
 *
@@ -60,6 +68,7 @@ class TlsVersionFlowConfig extends TaintTracking::Configuration {
   */
  predicate isSource(DataFlow::Node source, int val) {
    val = source.getIntValue() and
+    val = getATlsVersion() and
    not isReturnedWithError(source)
  }