Move fix it section into the main adoc

SonarSource · Feb 11, 2025 · 7b6e40f · 7b6e40f
1 parent a213bf7
commit 7b6e40f
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 37 deletions.
diff --git a/rules/S5527/go/how-to-fix-it/std.adoc b/rules/S5527/go/how-to-fix-it/std.adoc
diff --git a/rules/S5527/go/rule.adoc b/rules/S5527/go/rule.adoc
@@ -8,7 +8,42 @@ include::../impact.adoc[]
 
 // How to fix it section
 
-include::how-to-fix-it/std.adoc[]
+== How to fix it
+
+=== Code examples
+
+include::../common/fix/code-rationale.adoc[]
+
+Hostname validation is disabled if ``++InsecureSkipVerify++`` is set to `true` for ``++TLSClientConfig++`` used for the transport class.
+
+For HTTPS, it is recommended to use high-level interfaces (like ``++http.Get()++``), which perform the certificate validation instead of using ``++http.Client++`` directly.
+
+==== Noncompliant code example
+
+[source,go,diff-id=1,diff-type=noncompliant]
+----
+client := &http.Client{
+    Transport: &http.Transport{
+        TLSClientConfig: &tls.Config{
+            InsecureSkipVerify: true, // Non-compliant
+        },
+    },
+}
+
+client.Get("https://example.com")
+----
+
+==== Compliant solution
+
+Usage of high-level interfaces is recommended:
+[source,go,diff-id=1,diff-type=compliant]
+----
+http.Get("https://example.com")
+----
+
+=== How does this work?
+
+include::../common/fix/validation.adoc[]
 
 == Resources