gitlab.gosec.G402-1

unknown
Download Count*
License

Usage of a cryptographically insecure cipher suite has been detected. It is recommended that alternative ciphers be used instead.

Run Locally

Run in CI

Defintion

rules:
  - id: gosec.G402-1
    patterns:
      - pattern-either:
          - pattern: |
              tls.Config{..., CipherSuites: []$SLICE{..., $CIPHERS, ...}, ...}
          - pattern: |
              tls.CipherSuite{..., ID: $CIPHERS, ...}
      - metavariable-regex:
          metavariable: $CIPHERS
          regex: ((?!tls.TLS_AES_128_GCM_SHA256)|(?!tls.TLS_AES_256_GCM_SHA384)|(?!tls.TLS_CHACHA20_POLY1305_SHA256)|
            (?!tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)|(?!tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256)|
            (?!tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384)|(?!tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)|
            (?!tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305)|(?!tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256)|
            (?!tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305)|(?!tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256)|
            (?!tls.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256)|(?!tls.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384))
    message: >
      Usage of a cryptographically insecure cipher suite has been detected. It
      is recommended that 

      alternative ciphers be used instead.
    metadata:
      cwe: "CWE-327: Use of a Broken or Risky Cryptographic Algorithm"
      owasp: "A9: Using Components with Known Vulnerabilities"
      primary_identifier: gosec.G402-1
      secondary_identifiers:
        - name: Gosec Rule ID G402
          type: gosec_rule_id
          value: G402
      license: MIT
    severity: WARNING
    languages:
      - go