Merge branch 'master' into rule/S4426-add-go

rules/S5527/go/metadata.json

@@ -0,0 +1,3 @@
+{
+
+}

rules/S5527/go/rule.adoc

@@ -0,0 +1,67 @@
+include::../summary.adoc[]
+
+== Why is this an issue?
+
+include::../rationale.adoc[]
+
+include::../impact.adoc[]
+
+// How to fix it section
+
+== How to fix it
+
+=== Code examples
+
+include::../common/fix/code-rationale.adoc[]
+
+Hostname validation is disabled if ``++InsecureSkipVerify++`` is set to `true` for ``++TLSClientConfig++`` used for the transport class.
+
+For HTTPS, it is recommended to use high-level interfaces (like ``++http.Get()++``), which perform the certificate validation instead of using ``++http.Client++`` directly.
+
+==== Noncompliant code example
+
+[source,go,diff-id=1,diff-type=noncompliant]
+----
+client := &http.Client{
+    Transport: &http.Transport{
+        TLSClientConfig: &tls.Config{
+            InsecureSkipVerify: true, // Noncompliant
+        },
+    },
+}
+
+client.Get("https://example.com")
+----
+
+==== Compliant solution
+
+Usage of high-level interfaces is recommended:
+[source,go,diff-id=1,diff-type=compliant]
+----
+http.Get("https://example.com")
+----
+
+=== How does this work?
+
+include::../common/fix/validation.adoc[]
+
+== Resources
+
+include::../common/resources/standards.adoc[]
+
+ifdef::env-github,rspecator-view[]
+
+'''
+== Implementation Specification
+(visible only on this page)
+
+include::../message.adoc[]
+
+'''
+== Comments And Links
+(visible only on this page)
+
+include::../comments-and-links.adoc[]
+
+endif::env-github,rspecator-view[]
+