Created
September 24, 2020 05:27
-
-
Save inkz/97913eca05f0f251360e1d01fbdda321 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rules: | |
- id: disallow-old-tls-versions | |
patterns: | |
- pattern-either: | |
- pattern: | | |
tls.Config{..., MinVersion: $TLS.$VERSION, ...} | |
- pattern: | | |
$CONFIG = &tls.Config{...} | |
... | |
$CONFIG.MinVersion = $TLS.$VERSION | |
- metavariable-regex: | |
metavariable: $VERSION | |
regex: (VersionTLS10|VersionTLS11|VersionSSL30) | |
message: | | |
Detects creations of tls configuration objects with an insecure MinVersion of TLS. | |
These protocols are deprecated due to POODLE, man in the middle attacks, and other vulnerabilities. | |
metadata: | |
vulnerability: Insecure Transport | |
owasp: 'A3: Sensitive Data Exposure' | |
cwe: 'CWE-319: Cleartext Transmission of Sensitive Information' | |
references: | |
- https://stackoverflow.com/questions/26429751/java-http-clients-and-poodle | |
severity: WARNING | |
languages: [go] | |
- id: bypass-tls-verification | |
patterns: | |
- pattern-either: | |
- pattern: | | |
tls.Config{..., InsecureSkipVerify: true, ...} | |
- pattern: | | |
$CONFIG = &tls.Config{...} | |
... | |
$CONFIG.InsecureSkipVerify = true | |
message: | | |
Checks for disabling of TLS/SSL certificate verification. | |
This should only be used for debugging purposes because it leads to vulnerability to MTM attacks. | |
metadata: | |
vulnerability: Insecure Transport | |
owasp: 'A3: Sensitive Data Exposure' | |
cwe: 'CWE-319: Cleartext Transmission of Sensitive Information' | |
references: | |
- https://stackoverflow.com/questions/12122159/how-to-do-a-https-request-with-bad-certificate | |
languages: [go] | |
severity: WARNING |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment