Go をセキュアに書き進めるための
「ガードレール」を整備しよう / Let's Build Security Guardrails For Your Go Programs!

Transcript

1. (P
   ΛηΩϡΞʹॻ͖ਐΊΔͨΊͷ
   ʮΨʔυϨʔϧʯΛ੔උ͠Α͏ (P
   $POGFSFODF
   
   4QSJOH
   #4 ถ಺
   وࢤ
   
   :0/&6$)*
   5BLBTIJ
   גࣜձࣾ
   'MBUU
   4FDVSJUZ

2. ˜
   
   TIJGUKTJOGP (P
   ΛηΩϡΞʹॻ͖ਐΊΔͨΊͷʮΨʔυϨʔϧʯΛ੔උ͠Α͏ 
   XIPBNJ
   4FF
   IUUQTTIJGUKTJOGP ถ಺
   وࢤ
   !MNU@TXBMMPX
   
   
   גࣜձࣾ
   'MBUU
   4FDVSJUZ
   ࠷ۙʰ8FC
   ϒϥ΢βηΩϡϦςΟʱͱ͍͏ॻ੶Λग़͠·ͨ͠ 

3. ˜
   
   TIJGUKTJOGP (P
   ΛηΩϡΞʹॻ͖ਐΊΔͨΊͷʮΨʔυϨʔϧʯΛ੔උ͠Α͏  ͋Εɺ͜Εͬͯ҆શ͚ͩͬʜʜ /* ... */ x := 0

   blah(unsafe.Pointer(x)) /* ... */

4. ˜
   
   TIJGUKTJOGP (P
   ΛηΩϡΞʹॻ͖ਐΊΔͨΊͷʮΨʔυϨʔϧʯΛ੔උ͠Α͏  ͋Εɺ͜Εͬͯ҆શ͚ͩͬʜʜ /* ... */ x := 0

   blah(unsafe.Pointer(x)) /* ... */ /* .... */ config = &tls.Config{ InsecureSkipVerify: true, }; /* .... */

5. ˜
   
   TIJGUKTJOGP (P
   ΛηΩϡΞʹॻ͖ਐΊΔͨΊͷʮΨʔυϨʔϧʯΛ੔උ͠Α͏  ͋Εɺ͜Εͬͯ҆શ͚ͩͬʜʜ /* ... */ x := 0

   blah(unsafe.Pointer(x)) /* ... */ /* .... */ config = &tls.Config{ InsecureSkipVerify: true, }; /* .... */ https://golang.org/pkg/math/rand

6. ˜
   
   TIJGUKTJOGP (P
   ΛηΩϡΞʹॻ͖ਐΊΔͨΊͷʮΨʔυϨʔϧʯΛ੔උ͠Α͏  ͋͋ɺ҆શͳίʔυΛॻ͘ͷ͸ർΕΔ
   ʜʜͦΕ͕ͨͱ͑
   (P
   Ͱ͋ͬͯ΋ʂ /* ... */ x :=

   0 blah(unsafe.Pointer(x)) /* ... */ /* .... */ config = &tls.Config{ InsecureSkipVerify: true, }; /* .... */ https://golang.org/pkg/math/rand

7. ˜
   
   TIJGUKTJOGP (P
   ΛηΩϡΞʹॻ͖ਐΊΔͨΊͷʮΨʔυϨʔϧʯΛ੔උ͠Α͏  ૊৫ͷίʔυΛηΩϡΞʹอ্ͭͰͷ՝୊ ஌͍ͬͯͯ΋஫ҙෆ଍Ͱ
   ੬ऑͳίʔυΛॻ͍ͯ͠·͏ ՝୊
    ࣗ෼͸෼͔͍ͬͯΔ͕ɺ
   νʔϜʹ஌ݟ͕ਁಁ͠ͳ͍ ՝୊
   

   ͦ΋ͦ΋ԿʹؾΛ͚ͭΔ΂͖ ͔Λ୭΋஌Βͳ͍·· ՝୊
    c := &http.Client{ Transport: &http.Transport{ TLSClientConfig: &tls.Config{ InsecureSkipVerify: true, }, }, }

8. ˜
   
   TIJGUKTJOGP (P
   ΛηΩϡΞʹॻ͖ਐΊΔͨΊͷʮΨʔυϨʔϧʯΛ੔උ͠Α͏  ૊৫ͷίʔυΛηΩϡΞʹอ্ͭͰͷ՝୊ ஌͍ͬͯͯ΋஫ҙෆ଍Ͱ
   ੬ऑͳίʔυΛॻ͍ͯ͠·͏ ՝୊
    ࣗ෼͸෼͔͍ͬͯΔ͕ɺ
   νʔϜʹ஌ݟ͕ਁಁ͠ͳ͍ ՝୊
   

   ͦ΋ͦ΋ԿʹؾΛ͚ͭΔ΂͖ ͔Λ୭΋஌Βͳ͍·· ՝୊
    c := &http.Client{ Transport: &http.Transport{ TLSClientConfig: &tls.Config{ InsecureSkipVerify: true, }, }, }

9. ˜
   
   TIJGUKTJOGP (P
   ΛηΩϡΞʹॻ͖ਐΊΔͨΊͷʮΨʔυϨʔϧʯΛ੔උ͠Α͏  ૊৫ͷίʔυΛηΩϡΞʹอ্ͭͰͷ՝୊ ஌͍ͬͯͯ΋஫ҙෆ଍Ͱ
   ੬ऑͳίʔυΛॻ͍ͯ͠·͏ ՝୊
    ࣗ෼͸෼͔͍ͬͯΔ͕ɺ
   νʔϜʹ஌ݟ͕ਁಁ͠ͳ͍ ՝୊
   

   ͦ΋ͦ΋ԿʹؾΛ͚ͭΔ΂͖ ͔Λ୭΋஌Βͳ͍·· ՝୊
    c := &http.Client{ Transport: &http.Transport{ TLSClientConfig: &tls.Config{ InsecureSkipVerify: true, }, }, }

10. ˜
    
    TIJGUKTJOGP (P
    ΛηΩϡΞʹॻ͖ਐΊΔͨΊͷʮΨʔυϨʔϧʯΛ੔උ͠Α͏   ͦ΋ͦ΋ԿʹؾΛ͚ͭΔ΂͖͔Λ୭΋஌Βͳ͍··
     ࣗ෼͸෼͔͍ͬͯΔ͕ɺνʔϜʹ஌ݟ͕ਁಁ͠ͳ͍
     ஌͍ͬͯͯ΋஫ҙෆ଍Ͱ੬ऑͳίʔυΛॻ͍ͯ͠·͏ ΄͍͠ͷ͸ʜ

    ՝୊ ஌͍ͬͯͯ΋஫ҙෆ଍Ͱ
    ੬ऑͳίʔυΛॻ͍ͯ͠·͏ ՝୊
     ࣗ෼͸෼͔͍ͬͯΔ͕ɺ
    νʔϜʹ஌ݟ͕ਁಁ͠ͳ͍ ՝୊
     ͦ΋ͦ΋ԿʹؾΛ͚ͭΔ΂͖͔Λ୭΋஌Βͳ͍·· ՝୊
     c := &http.Client{ Transport: &http.Transport{ TLSClientConfig: &tls.Config{ InsecureSkipVerify: true, }, }, }

11. ˜
    
    TIJGUKTJOGP (P
    ΛηΩϡΞʹॻ͖ਐΊΔͨΊͷʮΨʔυϨʔϧʯΛ੔උ͠Α͏   ͦ΋ͦ΋ԿʹؾΛ͚ͭΔ΂͖͔Λ୭΋஌Βͳ͍··
     ࣗ෼͸෼͔͍ͬͯΔ͕ɺνʔϜʹ஌ݟ͕ਁಁ͠ͳ͍
     ஌͍ͬͯͯ΋஫ҙෆ଍Ͱ੬ऑͳίʔυΛॻ͍ͯ͠·͏ ΄͍͠ͷ͸ʜΨʔυϨʔϧ
    
    🚧

    ՝୊ ҎԼΛຬͨ͢Α͏ͳʮΨʔυϨʔϧʯ͕΄͍͠ʂ
    ✔ Α͋͘ΔϛεΛେ·͔ʹरͬͯ͘ΕΔ
    ✔ Ұਓͷ஌ݟΛνʔϜʹεέʔϧͤ͞ΒΕΔ
    ✔ ؾΛ͚ͭଓ͚ͳͯ͘΋ɺ໰୊Λػց͕ڭ͑ͯ͘ΕΔ ཧ૝ ஌͍ͬͯͯ΋஫ҙෆ଍Ͱ
    ੬ऑͳίʔυΛॻ͍ͯ͠·͏ ՝୊
     ࣗ෼͸෼͔͍ͬͯΔ͕ɺ
    νʔϜʹ஌ݟ͕ਁಁ͠ͳ͍ ՝୊
     ͦ΋ͦ΋ԿʹؾΛ͚ͭΔ΂͖͔Λ୭΋஌Βͳ͍·· ՝୊
     c := &http.Client{ Transport: &http.Transport{ TLSClientConfig: &tls.Config{ InsecureSkipVerify: true, }, }, }

12. ˜
    
    TIJGUKTJOGP (P
    ΛηΩϡΞʹॻ͖ਐΊΔͨΊͷʮΨʔυϨʔϧʯΛ੔උ͠Α͏  ΨʔυϨʔϧΛߏ੒͢ΔͨΊͷ
    
    
    ͭͷΞΫγϣϯ ஌͍ͬͯͯ΋஫ҙෆ଍Ͱ
    ੬ऑͳίʔυΛॻ͍ͯ͠·͏ ࣗ෼͸෼͔͍ͬͯΔ͕ɺ
    νʔϜʹ஌ݟ͕ਁಁ͠ͳ͍ ͦ΋ͦ΋ԿʹؾΛ͚ͭΔ΂͖

    ͔Λ୭΋஌Βͳ͍·· ՝୊
    ·ͣ͸
    HPTFD
    ͰΑ͋͘Δ
    ϛεΛݕग़Ͱ͖ΔΑ͏ʹ͢Δ HPSVMFHVBSE
    ౳Λ׆༻ͯ͠
    ஌ݟΛίʔυͱͯ͠஝ੵ͍ͯ͘͠ $*
    ʹ
    HPTFD
    ౳Λ഑ஔ͢Δ
    ॳظ͸
    SFWJFXEPH
    ͷซ༻΋
    (PPE
    ΞΫγϣϯ

13. ˜
    
    TIJGUKTJOGP (P
    ΛηΩϡΞʹॻ͖ਐΊΔͨΊͷʮΨʔυϨʔϧʯΛ੔උ͠Α͏  ‣ యܕతͳ҆શͰͳ͍
    (P
    ίʔυύλʔϯΛݕग़ͯ͘͠ΕΔπʔϧ
    ‣ HPMBOHDJMJOU
    ܦ༝Ͱར༻Մೳ
    ‣ ,VCFSOFUFT
    ΍
    $BEEZ
    ౳ͷஶ໊ͳ
    (P
    ϓϩδΣΫτͰ΋ར༻͞Ε͍ͯΔ HPTFD
    

    IUUQTHJUIVCDPNTFDVSFHPHPTFD $ gosec ./main.go [/app/main.go:6] - G404 (CWE-338): Use of weak random number generator (math/rand instead of crypto/rand) (Confidence: MEDIUM, Severity: HIGH) 5: func main() { > 6: sample := rand.Int() 7:

14. ˜
    
    TIJGUKTJOGP (P
    ΛηΩϡΞʹॻ͖ਐΊΔͨΊͷʮΨʔυϨʔϧʯΛ੔උ͠Α͏  ҆શͰͳ͍
    (P
    ίʔυͷయܕྫΛݕग़Մೳ /* ... */ x := 0

    blah(unsafe.Pointer(x)) /* ... */ /* .... */ config = &tls.Config{ InsecureSkipVerify: true, }; /* .... */ ( ( HPTFD https://golang.org/pkg/math/rand (

15. ˜
    
    TIJGUKTJOGP (P
    ΛηΩϡΞʹॻ͖ਐΊΔͨΊͷʮΨʔυϨʔϧʯΛ੔උ͠Α͏  ‣ HP
    ܥύοέʔδ੡
    ‣ HP
    ͸
    
    (P
    ඪ४ͷ੩తղੳ༻ͷύοέʔδ܈
    ‣

    HPTFD
    Ͱ͸ओʹ
    HPBTUʢߏจ໦पΓʣͱ
    HPUZQFT
    ʢܕपΓʣ͕ར༻͞Ε͍ͯΔ
    ‣ ֤ݕग़ϧʔϧ͸
    HP
    ͱ
    HPTFD
    ʹΑΔ
    HP
    ͷ
    UIJO
    XSBQQFS
    Ͱॻ͔ΕΔ HPTFD
    ͷ͘͠Έ if ident, ok := n.Key.(*ast.Ident); ok { switch ident.Name { case "InsecureSkipVerify": if node, ok := n.Value.(*ast.Ident); ok { if node.Name != "false" { return gosec.NewIssue(c, n, t.ID(), "TLS InsecureSkipVerify set true.", gosec.High, gosec.High) } } // .... https://github.com/securego/gosec/blob/27a5ffb5c8f6dd3b6dea3b8e6019a2b3d43bf0f9/rules/tls.go#L64-L72

16. ˜
    
    TIJGUKTJOGP (P
    ΛηΩϡΞʹॻ͖ਐΊΔͨΊͷʮΨʔυϨʔϧʯΛ੔උ͠Α͏  ՝୊
    ૊৫ݻ༗ͷϧʔϧ࡞੒ͰࠔΔ func applyUnsafeOpToDir(path string) error { /*

    ... */ } /* ... */ s := scanner.Text() applyUnsafeOpToDir("/etc") applyUnsafeOpToDir("/etc"+ "/gogogo") applyUnsafeOpToDir(s) ͦͦ͜͜ةͳ͍ؔ਺ ‣ QSJWBUF
    ͳύοέʔδʹؔ͢ΔηΩϡϦςΟϧʔϧΛ
    HPTFD
    ʹ௥Ճ͢Δͷ͸ࠔ೉
    ‣ 044
    ͳͷͰ૊৫ʹݻ༗ͷϧʔϧΛ࡞ͬͯ΋
    DPOUSJCVUF
    Ͱ͖ͳ͍
    ‣ ҰԠ
    HPTFD
    Λ
    GPSL
    ͯ͠ϝϯςφϯε͢Δͱ͍͏ख͸͋Δ͕ɺͭΒ͍
    ‣ ࿑ྗ͸࠷খԽͭͭࣗ͠࡞
    -JOUFS
    Λ༻ҙͰ͖ͨΒخ͍͕͠ʜʜ ྫ
    Ҿ਺͕ίϯύΠϧ ࣌ఆ਺Ͱͳ͍Մೳੑ͕ ͋Δ৔߹ʹܯࠂ͍ͨ͠

17. ˜
    
    TIJGUKTJOGP (P
    ΛηΩϡΞʹॻ͖ਐΊΔͨΊͷʮΨʔυϨʔϧʯΛ੔උ͠Α͏  ‣ (P
    ίʔυ޲͚ͷಠࣗ੩తղੳϧʔϧͷ࡞੒Λิॿ͢Δ
    -JOUFS
    ‣ ૊৫ಠࣗͷϧʔϧΛڧྗͳύλʔϯϚονϟʢETM
    ύοέʔδʣΛ༻͍ͯهड़Ͱ͖Δ
    ‣ HPBOBMZTJT
    HPHSFQ
    ϕʔεͰ࡞੒͞Ε͍ͯΔ

    HPSVMFHVBSE
    IUUQTHJUIVCDPNRVBTJMZUFHPSVMFHVBSE m.Match(`copy($b, []byte($s))`). Where(m["s"].Type.Is(`string`)). Suggest(`copy($b, $s)`) sample := "test" copy(buf, []byte(sample)) ղੳϧʔϧͷྫ ݕग़͍ͨ͠அยͷྫ

18. ˜
    
    TIJGUKTJOGP (P
    ΛηΩϡΞʹॻ͖ਐΊΔͨΊͷʮΨʔυϨʔϧʯΛ੔උ͠Α͏  m.Match(`applyUnsafeOpToDir($x)`). Where(!m["x"].Const). Report(`$x should be a compile-time

    constant value`) func applyUnsafeOpToDir(path string) error { /* ... */ } /* ... */ s := scanner.Text() applyUnsafeOpToDir("/etc") applyUnsafeOpToDir("/etc"+ "/gogogo") applyUnsafeOpToDir(s) /app/main.go:39:2: permitOnlyConstant: s should be a compile-time constant value (rules.go:14) ղੳର৅ͷίʔυྫ ղੳϧʔϧͷྫ ղੳ݁Ռͷྫ ࠷ऴߦͷΑ͏ͳ
    ݺͼग़͠Λݕग़͍ͨ͠ʂ

19. ˜
    
    TIJGUKTJOGP (P
    ΛηΩϡΞʹॻ͖ਐΊΔͨΊͷʮΨʔυϨʔϧʯΛ੔උ͠Α͏  m.Match(`applyUnsafeOpToDir($x)`). Where(!m["x"].Const). Report(`$x should be a compile-time

    constant value`) func applyUnsafeOpToDir(path string) error { /* ... */ } /* ... */ s := scanner.Text() applyUnsafeOpToDir("/etc") applyUnsafeOpToDir("/etc"+ "/gogogo") applyUnsafeOpToDir(s) /app/main.go:39:2: permitOnlyConstant: s should be a compile-time constant value (rules.go:14) ղੳର৅ͷίʔυྫ ղੳϧʔϧͷྫ ղੳ݁Ռͷྫ

20. ˜
    
    TIJGUKTJOGP (P
    ΛηΩϡΞʹॻ͖ਐΊΔͨΊͷʮΨʔυϨʔϧʯΛ੔උ͠Α͏  m.Match(`applyUnsafeOpToDir($x)`). Where(!m["x"].Const). Report(`$x should be a compile-time

    constant value`) func applyUnsafeOpToDir(path string) error { /* ... */ } /* ... */ s := scanner.Text() applyUnsafeOpToDir("/etc") applyUnsafeOpToDir("/etc"+ "/gogogo") applyUnsafeOpToDir(s) /app/main.go:39:2: permitOnlyConstant: s should be a compile-time constant value (rules.go:14) ղੳର৅ͷίʔυྫ ղੳϧʔϧͷྫ ղੳ݁Ռͷྫ ^ \

21. ˜
    
    TIJGUKTJOGP (P
    ΛηΩϡΞʹॻ͖ਐΊΔͨΊͷʮΨʔυϨʔϧʯΛ੔උ͠Α͏  (P
    ʹಛԽ͍ͯ͠Δ͔Βͦ͜ͷڧΈ΋ https://go-ruleguard.github.io/by-example/ m.Match(`fmt.Sprint($x)`). Where(m["x"].Type. Implements(`fmt.Stringer`)). Suggest(`$x.String()`) m.Match(`$x<$a

    && $x>$b`). Where(m["a"].Value.Int() <= m["b"].Value.Int()). Report("always false") ‣ HPSVMFHVBSE
    ͸
    (P
    ʹಛԽͯ͠࡞ΒΕ͍ͯΔ
    ‣ ͦͷͨΊྨࣅπʔϧͱൺ΂Δͱศརɾߴػೳ
    ‣ ίϯύΠϧ࣌ఆ਺ͷऔΓѻ͍ɺܕपΓͷऔΓѻ͍ɺʜ ܕ৘ใΛ༻͍ͨ
    ϧʔϧ ίϯύΠϧ࣌ఆ਺Λ
    ༻͍ͨϧʔϧ

22. ˜
    
    TIJGUKTJOGP (P
    ΛηΩϡΞʹॻ͖ਐΊΔͨΊͷʮΨʔυϨʔϧʯΛ੔උ͠Α͏  ܧଓతʹվળ͍ͯͨ͘͠Ίʹ
    ͜ͷखͷπʔϧͷಋೖ͸ॳظোน͕ߴ͍͕ʜʜ $ curl -sfL https://raw.githubusercontent.com/securego/gosec/ master/install.sh

    | sh -s -- -b $(go env GOPATH)/bin v2.7.0 $ gosec ./... ʮࢼ͠ʹ࢖ͬͯΈΑ͏ʂʯ

23. ˜
    
    TIJGUKTJOGP (P
    ΛηΩϡΞʹॻ͖ਐΊΔͨΊͷʮΨʔυϨʔϧʯΛ੔උ͠Α͏  ܧଓతʹվળ͍ͯͨ͘͠Ίʹ
    ͜ͷखͷπʔϧͷಋೖ͸ॳظোน͕ߴ͍͕ʜʜ $ curl -sfL https://raw.githubusercontent.com/securego/gosec/ master/install.sh

    | sh -s -- -b $(go env GOPATH)/bin v2.7.0 $ gosec ./... /* ... */ Summary: Files: 77 Lines: 4034 Nosec: 0 Issues: 543 $ ʮ΋ͷౖ͍͢͝ΒΕͯΔͳɺಋೖ͸·ͨࠓ౓ߟ͑Δ͔ʜʯ

24. ˜
    
    TIJGUKTJOGP (P
    ΛηΩϡΞʹॻ͖ਐΊΔͨΊͷʮΨʔυϨʔϧʯΛ੔උ͠Α͏  ܧଓతʹվળ͍ͯͨ͘͠Ίʹ
    ͜ͷखͷπʔϧͷಋೖ͸ॳظোน͕ߴ͍͕ʜʜ $ curl -sfL https://raw.githubusercontent.com/securego/gosec/ master/install.sh

    | sh -s -- -b $(go env GOPATH)/bin v2.7.0 $ gosec ./main.go /* ... */ Summary: Files: 77 Lines: 4034 Nosec: 0 Issues: 543 $ ʮ΋ͷౖ͍͢͝ΒΕͯΔͳɺಋೖ͸·ͨࠓ౓ߟ͑Δ͔ʜʯ

25. ˜
    
    TIJGUKTJOGP (P
    ΛηΩϡΞʹॻ͖ਐΊΔͨΊͷʮΨʔυϨʔϧʯΛ੔උ͠Α͏  ‣ ֤छ
    -JOUFS
    πʔϧͷग़ྗΛίϝϯτͱͯ͠౤ߘͯ͘͠ΕΔ
    (P
    ੡πʔϧ
    ‣ (JU)VC
    ౳Ͱͷࠩ෼ϨϏϡʔ࣌ʹɺࠩ෼෦෼ͷΈͷ
    -JOU
    ݁ՌΛڭ͑ͯ͘ΕΔ
    ‣ πʔϧͷ
    'BMTF
    1PTJUJWF
    ͕໨ཱͭ৔߹Ͱ΋ɺద౓ʹ໨ʹͭ͘ͱ͜ΖͰ஫ҙשىͰ͖Δ
    ‣

    ίʔυશମʹରͯ͠େྔͷΞϥʔτ͕ग़Δ؀ڥͰ΋ɺஈ֊తʹվળΛ࢝ΊΒΕΔ SFWJFXEPH
    🐾
    IUUQTHJUIVCDPNSFWJFXEPHSFWJFXEPH ͜ͷ෦෼ͷݕࠪ݁ՌΛ
    ίϝϯτͱͯ͠౤ߘ ͜ͷ෦෼ͷݕࠪ݁Ռ͸
    Ұ୴ࣺͯΔ

26. ˜
    
    TIJGUKTJOGP (P
    ΛηΩϡΞʹॻ͖ਐΊΔͨΊͷʮΨʔυϨʔϧʯΛ੔උ͠Α͏  &YBNQMF
    HPTFD
    
    SFWJFXEPH
    🐾 https://github.com/security-aware-repo-examples/gosec/pull/1 ࠩ෼ʹର͢Δࢦఠ͕ίϝϯτͰ

27. ˜
    
    TIJGUKTJOGP (P
    ΛηΩϡΞʹॻ͖ਐΊΔͨΊͷʮΨʔυϨʔϧʯΛ੔උ͠Α͏  ,FZ
    5BLFBXBZT ஌͍ͬͯͯ΋஫ҙෆ଍Ͱ
    ੬ऑͳίʔυΛॻ͍ͯ͠·͏ ՝୊
     ࣗ෼͸෼͔͍ͬͯΔ͕ɺ
    νʔϜʹ஌ݟ͕ਁಁ͠ͳ͍ ՝୊
    

    ͦ΋ͦ΋ԿʹؾΛ͚ͭΔ΂͖ ͔Λ୭΋஌Βͳ͍·· ՝୊
     ·ͣ͸
    HPTFD
    ͔Β࢝ΊΑ͏ HPSVMFHVBSE
    ౳Λ׆༻Ͱ͖Δ $*
    ʹ
    HPTFD
    ౳Λ഑ஔͰ͖Δ
    ॳظ͸
    SFWJFXEPH
    ͷซ༻΋
    (PPE &YBNQMFT
    BSF
    BWBJMBCMF
    BU
    
    IUUQTHJUIVCDPNTFDVSJUZBXBSFSFQPFYBNQMFT

28. ΨʔυϨʔϧΛ੔උͯ͠ɺ
    ҆৺ɾ҆શͳ
    (P
    ϥΠϑΛૹΓ·͠ΐ͏ʂ

29. ˜
    
    TIJGUKTJOGP (P
    ΛηΩϡΞʹॻ͖ਐΊΔͨΊͷʮΨʔυϨʔϧʯΛ੔උ͠Α͏  ‣ େྔͷ
    (PQIFS
    ͘Μͨͪ
    ‣ .BSJB-FUUB
    
    GSFFHPQIFSTQBDL
    ‣ IUUQTHJUIVCDPN.BSJB-FUUBGSFFHPQIFSTQBDL
    ‣

    ΨʔυϨʔϧͷΠϥετ
    ‣ ͍Β͢ͱ΍
    ‣ IUUQTXXXJSBTVUPZBDPNCMPHQPTU@IUNM "QQFOEJY
    ը૾ͷग़ࣗ