rspec/rules/S4423/go/rule.adoc


include::../summary.adoc[]

== Why is this an issue?

include::../rationale.adoc[]

include::../impact.adoc[]

// How to fix it section

include::how-to-fix-it/stdlib.adoc[]

== Resources

include::../common/resources/docs.adoc[]

include::../common/resources/articles.adoc[]

* GitHub - `golang/go` - https://github.com/golang/go/issues/45428[`crypto/tls`: disable client-side TLS 1.0 and TLS 1.1]

include::../common/resources/presentations.adoc[]

include::../common/resources/standards.adoc[]


ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

=== Message

Change this code to enforce TLS 1.2 or above.

=== Highlighting

When a `tls.Config` is found:

* If the `MinProtocol` property is set, then highlight it and its incorrect value.
* If the `MinProtocol` property is not set (but defaults to TLS 1.0), then highlight the entire `tls.Config` object.

When a `tls.Config` is not found, but an `http.Server` is created (which defaults to TLS 1.0):

* Highlight the `http.Server` constructor.

'''
== Comments And Links
(visible only on this page)

include::../comments-and-links.adoc[]

endif::env-github,rspecator-view[]
Create rule S4423: add Go (APPSEC-905) (#2830) Research ticket: [APPSEC-905](https://sonarsource.atlassian.net/browse/APPSEC-905) You can preview this rule [here](https://sonarsource.github.io/rspec/#/rspec/S4423/go) (updated a few minutes after each push). ## Review A dedicated reviewer checked the rule description successfully for: - [ ] logical errors and incorrect information - [ ] information gaps and missing content - [ ] text style and tone - [ ] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule) [APPSEC-905]: https://sonarsource.atlassian.net/browse/APPSEC-905?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ --------- Co-authored-by: egon-okerman-sonarsource <egon-okerman-sonarsource@users.noreply.github.com> Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com> 2023-08-16 13:53:27 +02:00
			`include::../summary.adoc[]`

			`== Why is this an issue?`

			`include::../rationale.adoc[]`

			`include::../impact.adoc[]`

			`// How to fix it section`

			`include::how-to-fix-it/stdlib.adoc[]`

			`== Resources`

			`include::../common/resources/docs.adoc[]`

			`include::../common/resources/articles.adoc[]`

			* GitHub - `golang/go` - https://github.com/golang/go/issues/45428[`crypto/tls`: disable client-side TLS 1.0 and TLS 1.1]

			`include::../common/resources/presentations.adoc[]`

			`include::../common/resources/standards.adoc[]`


			`ifdef::env-github,rspecator-view[]`

			`'''`
			`== Implementation Specification`
			`(visible only on this page)`

			`=== Message`

			`Change this code to enforce TLS 1.2 or above.`

			`=== Highlighting`

			When a `tls.Config` is found:

			* If the `MinProtocol` property is set, then highlight it and its incorrect value.
			* If the `MinProtocol` property is not set (but defaults to TLS 1.0), then highlight the entire `tls.Config` object.

			When a `tls.Config` is not found, but an `http.Server` is created (which defaults to TLS 1.0):

			* Highlight the `http.Server` constructor.

			`'''`
			`== Comments And Links`
			`(visible only on this page)`

			`include::../comments-and-links.adoc[]`

			`endif::env-github,rspecator-view[]`