mod_saslauth: Implement RFC 9266 'tls-exporter' channel binding (#1760)
Brings back SCRAM-SHA-*-PLUS from its hiatus brought on by the earlier
channel binding method being undefined for TLS 1.3, and the increasing
deployment of TLS 1.3.
See 1bfd238e05ad and #1542
Requires future version of LuaSec, once support for this key material
export method is merged.
See https://github.com/brunoos/luasec/pull/187
rules:
- id: log-variable-fmtstring
patterns:
- pattern: log("...", $A)
- pattern-not: log("...", "...")
message: Variable passed as format string to logging
languages: [lua]
severity: ERROR
- id: module-log-variable-fmtstring
patterns:
- pattern: module:log("...", $A)
- pattern-not: module:log("...", "...")
message: Variable passed as format string to logging
languages: [lua]
severity: ERROR
- id: module-getopt-string-default
patterns:
- pattern: module:get_option_string("...", $A)
- pattern-not: module:get_option_string("...", "...")
- pattern-not: module:get_option_string("...", host)
- pattern-not: module:get_option_string("...", module.host)
message: Non-string default from :get_option_string
severity: ERROR
languages: [lua]