rspec/rules/S5527/javascript/rule.adoc

include::../description.adoc[]

== Noncompliant Code Example

https://nodejs.org/api/https.html[https] built-in module:

----
let options = {
  hostname: 'wrong.host.badssl.com',
  port: 443,
  path: '/',
  method: 'GET',
  secureProtocol: 'TLSv1_2_method',
  checkServerIdentity: function() {} // Noncompliant: there is no test cases
};

let req = https.request(options, (res) => {
  console.log('statusCode:', res.statusCode);
  console.log('headers:', res.headers);

  res.on('data', (d) => {
    process.stdout.write(d);
  });
}); // Noncompliant
----

https://nodejs.org/api/tls.html[tls] built-in module:

----
let options = {
    secureProtocol: 'TLSv1_2_method',
    checkServerIdentity: function() {}  // Noncompliant: there is no test cases
};

let socket = tls.connect(443, "www.example.com", options, () => {
  console.log('client connected',
              socket.authorized ? 'authorized' : 'unauthorized');
  process.stdin.pipe(socket);
  process.stdin.resume();
});  // Noncompliant
----

https://www.npmjs.com/package/request[request] module:

----
let socket = request.get({
    url: 'https://wrong.host.badssl.com',
    secureProtocol: 'TLSv1_2_method',
    checkServerIdentity: function() {}  // Noncompliant: there is no test cases
});

----

== Compliant Solution

https://nodejs.org/api/https.html[https] built-in module:

----
let options = {
  hostname: 'wrong.host.badssl.com',
  port: 443,
  path: '/',
  method: 'GET',
  secureProtocol: 'TLSv1_2_method'
};

let req = https.request(options, (res) => {
  console.log('statusCode:', res.statusCode);
  console.log('headers:', res.headers);

  res.on('data', (d) => {
    process.stdout.write(d);
  });
}); // Compliant: default checkServerIdentity function is secure
----


https://nodejs.org/api/tls.html[tls] built-in module:

----
let options = {
    secureProtocol: 'TLSv1_2_method',
    checkServerIdentity: (servername, peer) => {
        console.log("checkServerIdentity");
        if (servername !== "www.example.com") {
            return new Error ('Error');  // Compliant: there is at least one check 
        }
    }
};

let socket = tls.connect(443, "www.example.com", options, () => {
  console.log('client connected',
              socket.authorized ? 'authorized' : 'unauthorized');
  process.stdin.pipe(socket);
  process.stdin.resume();
}); // Compliant
----

https://www.npmjs.com/package/request[request] module:

----
let socket = request.get({
    url: 'https://www.example.com/',
    secureProtocol: 'TLSv1_2_method' // Compliant
}); // Compliant:  default checkServerIdentity function is secure 
----

include::../see.adoc[]
Add missing rules because of approximative section names 2020-06-30 14:41:58 +02:00			`include::../description.adoc[]`

			`== Noncompliant Code Example`

			`https://nodejs.org/api/https.html[https] built-in module:`

			`----`
			`let options = {`
			`hostname: 'wrong.host.badssl.com',`
			`port: 443,`
			`path: '/',`
			`method: 'GET',`
			`secureProtocol: 'TLSv1_2_method',`
			`checkServerIdentity: function() {} // Noncompliant: there is no test cases`
			`};`

			`let req = https.request(options, (res) => {`
			`console.log('statusCode:', res.statusCode);`
			`console.log('headers:', res.headers);`

			`res.on('data', (d) => {`
			`process.stdout.write(d);`
			`});`
			`}); // Noncompliant`
			`----`

			`https://nodejs.org/api/tls.html[tls] built-in module:`

			`----`
			`let options = {`
			`secureProtocol: 'TLSv1_2_method',`
			`checkServerIdentity: function() {} // Noncompliant: there is no test cases`
			`};`

			`let socket = tls.connect(443, "www.example.com", options, () => {`
			`console.log('client connected',`
			`socket.authorized ? 'authorized' : 'unauthorized');`
			`process.stdin.pipe(socket);`
			`process.stdin.resume();`
			`}); // Noncompliant`
			`----`

			`https://www.npmjs.com/package/request[request] module:`

			`----`
			`let socket = request.get({`
			`url: 'https://wrong.host.badssl.com',`
			`secureProtocol: 'TLSv1_2_method',`
			`checkServerIdentity: function() {} // Noncompliant: there is no test cases`
			`});`

			`----`

			`== Compliant Solution`

			`https://nodejs.org/api/https.html[https] built-in module:`

			`----`
			`let options = {`
			`hostname: 'wrong.host.badssl.com',`
			`port: 443,`
			`path: '/',`
			`method: 'GET',`
			`secureProtocol: 'TLSv1_2_method'`
			`};`

			`let req = https.request(options, (res) => {`
			`console.log('statusCode:', res.statusCode);`
			`console.log('headers:', res.headers);`

			`res.on('data', (d) => {`
			`process.stdout.write(d);`
			`});`
			`}); // Compliant: default checkServerIdentity function is secure`
			`----`


			`https://nodejs.org/api/tls.html[tls] built-in module:`

			`----`
			`let options = {`
			`secureProtocol: 'TLSv1_2_method',`
			`checkServerIdentity: (servername, peer) => {`
			`console.log("checkServerIdentity");`
			`if (servername !== "www.example.com") {`
			`return new Error ('Error'); // Compliant: there is at least one check`
			`}`
			`}`
			`};`

			`let socket = tls.connect(443, "www.example.com", options, () => {`
			`console.log('client connected',`
			`socket.authorized ? 'authorized' : 'unauthorized');`
			`process.stdin.pipe(socket);`
			`process.stdin.resume();`
			`}); // Compliant`
			`----`

			`https://www.npmjs.com/package/request[request] module:`

			`----`
			`let socket = request.get({`
			`url: 'https://www.example.com/',`
			`secureProtocol: 'TLSv1_2_method' // Compliant`
			`}); // Compliant: default checkServerIdentity function is secure`
			`----`

			`include::../see.adoc[]`