From e38d4ecd9c709d0f1138d5a91137cde5d6a94d4e Mon Sep 17 00:00:00 2001 From: Slavomir Date: Mon, 22 Jun 2020 17:00:31 +0300 Subject: [PATCH] Fix typos --- ql/src/experimental/CWE-327/InsecureTLS.go | 2 +- ql/src/experimental/CWE-327/InsecureTLS.qhelp | 2 +- ql/src/experimental/CWE-327/SaferTLS.go | 2 +- ql/test/experimental/CWE-327/UnsafeTLS.go | 76 +++++++++---------- 4 files changed, 41 insertions(+), 41 deletions(-) diff --git a/ql/src/experimental/CWE-327/InsecureTLS.go b/ql/src/experimental/CWE-327/InsecureTLS.go index 4d78dbc2aa9..000eec9afb1 100644 --- a/ql/src/experimental/CWE-327/InsecureTLS.go +++ b/ql/src/experimental/CWE-327/InsecureTLS.go @@ -9,7 +9,7 @@ func main() {} func insecureMinMaxTlsVersion() { { config := &tls.Config{} - config.MinVersion = 0 //BAD: Setting the MinVersion to 0 equal to choosing the lowest supported version (i.e. SSL3.0) + config.MinVersion = 0 //BAD: Setting the MinVersion to 0 equals to choosing the lowest supported version (i.e. SSL3.0) } { config := &tls.Config{} diff --git a/ql/src/experimental/CWE-327/InsecureTLS.qhelp b/ql/src/experimental/CWE-327/InsecureTLS.qhelp index fcdb3d8875b..7df7c9f8a2a 100644 --- a/ql/src/experimental/CWE-327/InsecureTLS.qhelp +++ b/ql/src/experimental/CWE-327/InsecureTLS.qhelp @@ -44,4 +44,4 @@ Transport Layer Protection Cheat Sheet - \ No newline at end of file + diff --git a/ql/src/experimental/CWE-327/SaferTLS.go b/ql/src/experimental/CWE-327/SaferTLS.go index b3e9fce2a4f..d4cd7ecd17c 100644 --- a/ql/src/experimental/CWE-327/SaferTLS.go +++ b/ql/src/experimental/CWE-327/SaferTLS.go @@ -7,5 +7,5 @@ func saferTLSConfig() { config.MinVersion = tls.VersionTLS12 config.MaxVersion = tls.VersionTLS13 // OR - config.MaxVersion = 0 // Setting MaxVersion to 0 means that the highest version available in the package will be used. + config.MaxVersion = 0 // GOOD: Setting MaxVersion to 0 means that the highest version available in the package will be used. } diff --git a/ql/test/experimental/CWE-327/UnsafeTLS.go b/ql/test/experimental/CWE-327/UnsafeTLS.go index 6c7c206eb8d..46f844d4940 100644 --- a/ql/test/experimental/CWE-327/UnsafeTLS.go +++ b/ql/test/experimental/CWE-327/UnsafeTLS.go @@ -11,74 +11,74 @@ func main() { func minMaxTlsVersion() { { config := &tls.Config{} - config.MinVersion = 0 //BAD + config.MinVersion = 0 // BAD } { config := &tls.Config{} - config.MaxVersion = 0 //GOOD + config.MaxVersion = 0 // GOOD } /// { config := &tls.Config{ - MinVersion: 0, //BAD + MinVersion: 0, // BAD } _ = config } { config := &tls.Config{ - MaxVersion: 0, //GOOD + MaxVersion: 0, // GOOD } _ = config } /// { config := &tls.Config{} - config.MinVersion = tls.VersionSSL30 //BAD + config.MinVersion = tls.VersionSSL30 // BAD } { config := &tls.Config{} - config.MaxVersion = tls.VersionSSL30 //BAD + config.MaxVersion = tls.VersionSSL30 // BAD } /// { config := &tls.Config{} - config.MinVersion = tls.VersionTLS10 //BAD + config.MinVersion = tls.VersionTLS10 // BAD } { config := &tls.Config{} - config.MaxVersion = tls.VersionTLS10 //BAD + config.MaxVersion = tls.VersionTLS10 // BAD } /// { config := &tls.Config{} - config.MinVersion = tls.VersionTLS11 //BAD + config.MinVersion = tls.VersionTLS11 // BAD } { config := &tls.Config{} - config.MaxVersion = tls.VersionTLS11 //BAD + config.MaxVersion = tls.VersionTLS11 // BAD } /// { config := &tls.Config{ - MinVersion: tls.VersionTLS11, //BAD + MinVersion: tls.VersionTLS11, // BAD } _ = config } { config := &tls.Config{ - MaxVersion: tls.VersionTLS11, //BAD + MaxVersion: tls.VersionTLS11, // BAD } _ = config } { config := &tls.Config{ - MinVersion: tls.VersionTLS12, //GOOD + MinVersion: tls.VersionTLS12, // GOOD } _ = config } { config := &tls.Config{ - MaxVersion: tls.VersionTLS13, //GOOD + MaxVersion: tls.VersionTLS13, // GOOD } _ = config } @@ -88,12 +88,12 @@ func cipherSuites() { { config := &tls.Config{ CipherSuites: []uint16{ - tls.TLS_RSA_WITH_RC4_128_SHA, //BAD - tls.TLS_RSA_WITH_AES_128_CBC_SHA256, //BAD - tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, //BAD - tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA, //BAD - tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, //BAD - tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, //BAD + tls.TLS_RSA_WITH_RC4_128_SHA, // BAD + tls.TLS_RSA_WITH_AES_128_CBC_SHA256, // BAD + tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, // BAD + tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA, // BAD + tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, // BAD + tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, // BAD }, } _ = config @@ -101,7 +101,7 @@ func cipherSuites() { { config := &tls.Config{ CipherSuites: []uint16{ - tls.TLS_RSA_WITH_RC4_128_SHA, //BAD + tls.TLS_RSA_WITH_RC4_128_SHA, // BAD }, } _ = config @@ -109,7 +109,7 @@ func cipherSuites() { { config := &tls.Config{ CipherSuites: []uint16{ - tls.TLS_RSA_WITH_AES_128_CBC_SHA256, //BAD + tls.TLS_RSA_WITH_AES_128_CBC_SHA256, // BAD }, } _ = config @@ -117,7 +117,7 @@ func cipherSuites() { { config := &tls.Config{ CipherSuites: []uint16{ - tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, //BAD + tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, // BAD }, } _ = config @@ -125,7 +125,7 @@ func cipherSuites() { { config := &tls.Config{ CipherSuites: []uint16{ - tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA, //BAD + tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA, // BAD }, } _ = config @@ -133,7 +133,7 @@ func cipherSuites() { { config := &tls.Config{ CipherSuites: []uint16{ - tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, //BAD + tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, // BAD }, } _ = config @@ -141,7 +141,7 @@ func cipherSuites() { { config := &tls.Config{ CipherSuites: []uint16{ - tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, //BAD + tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, // BAD }, } _ = config @@ -149,7 +149,7 @@ func cipherSuites() { { config := &tls.Config{ CipherSuites: []uint16{ - tls.TLS_CHACHA20_POLY1305_SHA256, //GOOD + tls.TLS_CHACHA20_POLY1305_SHA256, // GOOD }, } _ = config @@ -157,14 +157,14 @@ func cipherSuites() { { config := &tls.Config{} config.CipherSuites = make([]uint16, 0) - config.CipherSuites = append(config.CipherSuites, tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) //BAD + config.CipherSuites = append(config.CipherSuites, tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) // BAD } { config := &tls.Config{} config.CipherSuites = make([]uint16, 0) insecureSuites := tls.InsecureCipherSuites() for _, v := range insecureSuites { - config.CipherSuites = append(config.CipherSuites, v.ID) //BAD + config.CipherSuites = append(config.CipherSuites, v.ID) // BAD } } } @@ -174,11 +174,11 @@ func good(version string) { switch version { case "1.0": - config.MinVersion = tls.VersionTLS10 //OK + config.MinVersion = tls.VersionTLS10 // OK case "1.1": - config.MinVersion = tls.VersionTLS11 //OK + config.MinVersion = tls.VersionTLS11 // OK default: - config.MinVersion = tls.VersionTLS12 //OK + config.MinVersion = tls.VersionTLS12 // OK } _ = config @@ -189,14 +189,14 @@ func badTlsVersion2(version string) { switch version { case "1.0": - config.MinVersion = tls.VersionTLS10 //OK + config.MinVersion = tls.VersionTLS10 // OK case "1.1": - config.MinVersion = tls.VersionTLS11 //OK + config.MinVersion = tls.VersionTLS11 // OK default: - config.MinVersion = tls.VersionTLS12 //OK + config.MinVersion = tls.VersionTLS12 // OK } - config.MinVersion = tls.VersionTLS11 //BAD + config.MinVersion = tls.VersionTLS11 // BAD _ = config } @@ -205,8 +205,8 @@ func badTlsVersion2(version string) { switch version { case "1.0": config := &tls.Config{} - config.MinVersion = tls.VersionTLS10 //BAD - config.MinVersion = tls.VersionTLS11 //BAD + config.MinVersion = tls.VersionTLS10 // BAD + config.MinVersion = tls.VersionTLS11 // BAD _ = config }