From aa7f7e600de5df1453dcce8dfd88f7ac39a68df7 Mon Sep 17 00:00:00 2001 From: Jonas Wielage Date: Tue, 18 Mar 2025 15:34:53 +0100 Subject: [PATCH] Modify rule S4423 for Go: Add examples for HTTP servers (#4800) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Revert "SONARGO-393 Modify rule S4423 for Go: remove examples for HTTP server…" This reverts commit e7c5865c645d1d0268b89a1c9e6ec005c056545e. * Adjusted text about go version --- rules/S4423/go/how-to-fix-it/stdlib.adoc | 48 ++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/rules/S4423/go/how-to-fix-it/stdlib.adoc b/rules/S4423/go/how-to-fix-it/stdlib.adoc index a53b89d021..55b3901cda 100644 --- a/rules/S4423/go/how-to-fix-it/stdlib.adoc +++ b/rules/S4423/go/how-to-fix-it/stdlib.adoc @@ -28,6 +28,25 @@ func main() { } ---- +For HTTP servers when using a go version older than 1.22: + +[source,go,diff-id=2,diff-type=noncompliant] +---- +import ( + "net/http" +) + +func main() { + http.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) { + w.Write([]byte("Hello world!\n")) + }) + err := http.ListenAndServeTLS(":443", "tls.crt", "tls.key", nil) // Noncompliant: TLS 1.0 by default for servers + if err != nil { + panic(err) + } +} +---- + ==== Compliant solution For HTTP clients: @@ -48,6 +67,35 @@ func main() { } ---- +For HTTP servers when using a go version older than 1.22: + +[source,go,diff-id=2,diff-type=compliant] +---- +import ( + "crypto/tls" + "net/http" +) + +func main() { + mux := http.NewServeMux() + mux.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) { + w.Write([]byte("Hello world!\n")) + }) + cfg := &tls.Config{ + MinVersion: tls.VersionTLS12, + } + srv := &http.Server{ + Addr: ":443", + Handler: mux, + TLSConfig: cfg, + } + err := srv.ListenAndServeTLS("tls.crt", "tls.key") + if err != nil { + panic(err) + } +} +---- + === How does this work?