Modify rule S4423 for Go: Add examples for HTTP servers (#4800)

* Revert "SONARGO-393 Modify rule S4423 for Go: remove examples for HTTP server…" This reverts commit e7c5865c645d1d0268b89a1c9e6ec005c056545e. * Adjusted text about go version
2025-03-18 15:34:53 +01:00 · 2025-03-18 15:34:53 +01:00 · aa7f7e600d
commit aa7f7e600d
parent a025ef5394
1 changed files with 48 additions and 0 deletions
--- a/rules/S4423/go/how-to-fix-it/stdlib.adoc
+++ b/rules/S4423/go/how-to-fix-it/stdlib.adoc
@ -28,6 +28,25 @@ func main() {
 }
 ----

+For HTTP servers when using a go version older than 1.22:
+
+[source,go,diff-id=2,diff-type=noncompliant]
+----
+import (
+    "net/http"
+)
+
+func main() {
+    http.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) {
+        w.Write([]byte("Hello world!\n"))
+    })
+    err := http.ListenAndServeTLS(":443", "tls.crt", "tls.key", nil) // Noncompliant: TLS 1.0 by default for servers
+    if err != nil {
+        panic(err)
+    }
+}
+----
+
 ==== Compliant solution

 For HTTP clients:
@ -48,6 +67,35 @@ func main() {
 }
 ----

+For HTTP servers when using a go version older than 1.22:
+
+[source,go,diff-id=2,diff-type=compliant]
+----
+import (
+    "crypto/tls"
+    "net/http"
+)
+
+func main() {
+    mux := http.NewServeMux()
+    mux.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) {
+        w.Write([]byte("Hello world!\n"))
+    })
+    cfg := &tls.Config{
+        MinVersion: tls.VersionTLS12,
+    }
+    srv := &http.Server{
+        Addr: ":443",
+        Handler: mux,
+        TLSConfig: cfg,
+    }
+    err := srv.ListenAndServeTLS("tls.crt", "tls.key")
+    if err != nil {
+        panic(err)
+    }
+}
+----
+

 === How does this work?