rspec/rules/S5527/javascript/how-to-fix-it/node-js.adoc

== How to fix it in Node.js

=== Code examples

include::../../common/fix/code-rationale.adoc[]

:cert_method_name: checkServerIdentity

include::../../common/fix/code-rationale-override.adoc[]

==== Noncompliant code example

[source,javascript,diff-id=1,diff-type=noncompliant]
----
const https = require('node:https');

let options = {
  hostname: 'www.example.com',
  port: 443,
  path: '/',
  method: 'GET',
  checkServerIdentity: function() {}, // Noncompliant
  secureProtocol: 'TLSv1_2_method'
};

let req = https.request(options, (res) => {
  res.on('data', (d) => {
    process.stdout.write(d);
  });
});
----

[source,javascript,diff-id=2,diff-type=noncompliant]
----
const tls = require('node:tls');

let options = {
  checkServerIdentity: function() {}, // Noncompliant
  secureProtocol: 'TLSv1_2_method'
};

let socket = tls.connect(443, "www.example.com", options, () => {
  process.stdin.pipe(socket);
  process.stdin.resume();
});
----

==== Compliant solution

[source,javascript,diff-id=1,diff-type=compliant]
----
const https = require('node:https');

let options = {
  hostname: 'www.example.com',
  port: 443,
  path: '/',
  method: 'GET',
  secureProtocol: 'TLSv1_2_method'
};

let req = https.request(options, (res) => {
  res.on('data', (d) => {
    process.stdout.write(d);
  });
});
----

[source,javascript,diff-id=2,diff-type=compliant]
----
const tls = require('node:tls');

let options = {
  secureProtocol: 'TLSv1_2_method'
};

let socket = tls.connect(443, "www.example.com", options, () => {
  process.stdin.pipe(socket);
  process.stdin.resume();
});
----

=== How does this work?

include::../../common/fix/validation.adoc[]
Modify S5527: Learn-As-You-Code migration (#2269) ## Review A dedicated reviewer checked the rule description successfully for: - [x] logical errors and incorrect information - [x] information gaps and missing content - [x] text style and tone - [x] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule) --------- Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com> 2023-06-28 17:11:41 +02:00			`== How to fix it in Node.js`

			`=== Code examples`

			`include::../../common/fix/code-rationale.adoc[]`

			`:cert_method_name: checkServerIdentity`

			`include::../../common/fix/code-rationale-override.adoc[]`

			`==== Noncompliant code example`

			`[source,javascript,diff-id=1,diff-type=noncompliant]`
			`----`
			`const https = require('node:https');`

			`let options = {`
			`hostname: 'www.example.com',`
			`port: 443,`
			`path: '/',`
			`method: 'GET',`
			`checkServerIdentity: function() {}, // Noncompliant`
			`secureProtocol: 'TLSv1_2_method'`
			`};`

			`let req = https.request(options, (res) => {`
			`res.on('data', (d) => {`
			`process.stdout.write(d);`
			`});`
			`});`
			`----`

			`[source,javascript,diff-id=2,diff-type=noncompliant]`
			`----`
			`const tls = require('node:tls');`

			`let options = {`
			`checkServerIdentity: function() {}, // Noncompliant`
			`secureProtocol: 'TLSv1_2_method'`
			`};`

			`let socket = tls.connect(443, "www.example.com", options, () => {`
			`process.stdin.pipe(socket);`
			`process.stdin.resume();`
			`});`
			`----`

			`==== Compliant solution`

			`[source,javascript,diff-id=1,diff-type=compliant]`
			`----`
			`const https = require('node:https');`

			`let options = {`
			`hostname: 'www.example.com',`
			`port: 443,`
			`path: '/',`
			`method: 'GET',`
			`secureProtocol: 'TLSv1_2_method'`
			`};`

			`let req = https.request(options, (res) => {`
			`res.on('data', (d) => {`
			`process.stdout.write(d);`
			`});`
			`});`
			`----`

			`[source,javascript,diff-id=2,diff-type=compliant]`
			`----`
			`const tls = require('node:tls');`

			`let options = {`
			`secureProtocol: 'TLSv1_2_method'`
			`};`

			`let socket = tls.connect(443, "www.example.com", options, () => {`
			`process.stdin.pipe(socket);`
			`process.stdin.resume();`
			`});`
			`----`

			`=== How does this work?`

			`include::../../common/fix/validation.adoc[]`