rspec/rules/S5332/go/rule.adoc

include::../description.adoc[]

include::../ask-yourself.adoc[]

include::../recommended.adoc[]

== Sensitive Code Example

[source,go,diff-id=1,diff-type=noncompliant]
----
import "net/http"

response, err := http.Get("http://www.example.com/") // Sensitive
----

[source,go,diff-id=2,diff-type=noncompliant]
----
import "net/smtp"

connection, err := smtp.Dial("mail.example.com:25") // Sensitive
connection.Hello("my-sending-server.example.com")
// authenticate and send email
connection.Quit()
----

== Compliant Solution

[source,go,diff-id=1,diff-type=compliant]
----
import "net/http"

response, err := http.Get("https://www.example.com/") // Compliant
----

[source,go,diff-id=2,diff-type=compliant]
----
import (
    "crypto/tls"
    "net/smtp"
)

tlsConfig := &tls.Config{}

connection, err := smtp.Dial("mail.example.com:25") // Compliant
connection.Hello("my-sending-server.example.com")
err = connection.StartTLS(tlsConfig)
if err == nil {
    // authenticate and send email
}
connection.Quit()
----

include::../exceptions.adoc[]

include::../see.adoc[]


ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

== Message

* Make sure allowing clear-text traffic is safe here.
* Using http protocol is insecure. Use https instead.

== Highlighting

Highlight the function call that sets the URL or hostname/port.

endif::env-github,rspecator-view[]