Merge pull request #1494 from cyberark/gosec-fixes

Fix gosec warnings

bin/juxtaposer/tester/db/db.go

@@ -77,6 +77,7 @@ func (manager *DriverManager) ensureWantedDbDataState() error {
 		insertItemStatement := QueryTypes["insertItem"] +
 			fmt.Sprintf("(%s)", manager.Tester.GetQueryMarkers(5))
 
+		/* #nosec */
 		err = manager.Tester.Query(insertItemStatement,
 			fmt.Sprintf("%s%d", NameFieldPrefix, itemIndex),
 			itemIndex,

internal/plugin/connectors/http/generic/oauth/v1/protocol.go

@@ -3,11 +3,12 @@ package oauth1protocol
 import (
 	"bytes"
 	"crypto/hmac"
+	"crypto/rand"
 	"crypto/sha1"
 	"encoding/base64"
 	"fmt"
 	"io/ioutil"
-	"math/rand"
+	"math/big"
 	gohttp "net/http"
 	"net/url"
 	"sort"
@@ -71,14 +72,15 @@ var requiredConfigParams = []string{
 }
 
 func generateNonce(length int, charset string) string {
-	seededRand := rand.New(
-		rand.NewSource(time.Now().UnixNano()))
-
-	randomChars := make([]byte, length)
-	for index := range randomChars {
-		randomChars[index] = charset[seededRand.Intn(len(charset))]
+	randomBytes := make([]byte, length)
+	for i := 0; i < length; i++ {
+		n, err := rand.Int(rand.Reader, big.NewInt(int64(len(charset))))
+		if err != nil {
+			panic(err)
+		}
+		randomBytes[i] = charset[n.Int64()]
 	}
-	return string(randomChars)
+	return string(randomBytes)
 }
 
 // checkRequiredOAuthParams returns an error if a key from

internal/plugin/connectors/http/proxy_service.go

@@ -97,7 +97,8 @@ func NewProxyService(
 
 	transport := &gohttp.Transport{
 		TLSClientConfig: &tls.Config{
-			RootCAs: caCertPool,
+			RootCAs:    caCertPool,
+			MinVersion: tls.VersionTLS12,
 		},
 	}
 

test/connector/http/generic/http_test_server.go

@@ -85,7 +85,10 @@ func httpsServer(
 		return nil, err
 	}
 
-	config := &tls.Config{Certificates: []tls.Certificate{cert}}
+	config := &tls.Config{
+		Certificates: []tls.Certificate{cert},
+		MinVersion:   tls.VersionTLS12,
+	}
 	s.TLS = config
 
 	s.StartTLS()