UNPKG

@sun-asterisk/sunlint

Version:

☀️ SunLint - Multi-language static analysis tool for code quality and security | Sun* Engineering Standards

github.com/sun-asterisk/engineer-excellence/tree/main/coding-quality/extensions/sunlint

sun-asterisk/engineer-excellence

51 lines (47 loc) 1.2 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
"use strict"; /** * S014 – Insecure TLS Version * OWASP ASVS 9.1.3 * Ensure that only secure versions of TLS (1.2 and 1.3) are enabled. */ module.exports = { meta: { type: "problem", docs: { description: "Ensure that only secure versions of TLS are enabled. Do not use SSLv3, TLS 1.0, or TLS 1.1.", recommended: true, }, schema: [], messages: { insecureTLS: "Insecure TLS/SSL version detected. Only TLS 1.2 or TLS 1.3 should be used.", }, }, create(context) { return { Property(node) { // Detect insecure minVersion in HTTPS server options if ( node.key && node.key.name === "minVersion" && node.value.type === "Literal" && typeof node.value.value === "string" ) { const version = node.value.value.toLowerCase(); if ( version === "tlsv1" || version === "tlsv1.0" || version === "tlsv1.1" || version === "sslv3" ) { context.report({ node: node.value, messageId: "insecureTLS", }); } } }, }; }, };