From 102373b5cadeb439f2264c25c3757e8beacc654a Mon Sep 17 00:00:00 2001
From: denis-troller <denis-troller@users.noreply.github.com>
Date: Tue, 21 Oct 2025 17:22:41 +0000
Subject: [PATCH 1/4] Create rule S8208

---
 rules/S8208/go/metadata.json | 25 ++++++++++++++++++++
 rules/S8208/go/rule.adoc     | 44 ++++++++++++++++++++++++++++++++++++
 rules/S8208/metadata.json    |  2 ++
 3 files changed, 71 insertions(+)
 create mode 100644 rules/S8208/go/metadata.json
 create mode 100644 rules/S8208/go/rule.adoc
 create mode 100644 rules/S8208/metadata.json

diff --git a/rules/S8208/go/metadata.json b/rules/S8208/go/metadata.json
new file mode 100644
index 00000000000..5dd45150789
--- /dev/null
+++ b/rules/S8208/go/metadata.json
@@ -0,0 +1,25 @@
+{
+  "title": "FIXME",
+  "type": "CODE_SMELL",
+  "status": "ready",
+  "remediation": {
+    "func": "Constant\/Issue",
+    "constantCost": "5min"
+  },
+  "tags": [
+  ],
+  "defaultSeverity": "Major",
+  "ruleSpecification": "RSPEC-8208",
+  "sqKey": "S8208",
+  "scope": "All",
+  "defaultQualityProfiles": ["Sonar way"],
+  "quickfix": "unknown",
+  "code": {
+    "impacts": {
+      "MAINTAINABILITY": "HIGH",
+      "RELIABILITY": "MEDIUM",
+      "SECURITY": "LOW"
+    },
+    "attribute": "CONVENTIONAL"
+  }
+}
diff --git a/rules/S8208/go/rule.adoc b/rules/S8208/go/rule.adoc
new file mode 100644
index 00000000000..7193b5561c7
--- /dev/null
+++ b/rules/S8208/go/rule.adoc
@@ -0,0 +1,44 @@
+FIXME: add a description
+
+// If you want to factorize the description uncomment the following line and create the file.
+//include::../description.adoc[]
+
+== Why is this an issue?
+
+FIXME: remove the unused optional headers (that are commented out)
+
+//=== What is the potential impact?
+
+== How to fix it
+//== How to fix it in FRAMEWORK NAME
+
+=== Code examples
+
+==== Noncompliant code example
+
+[source,go,diff-id=1,diff-type=noncompliant]
+----
+FIXME
+----
+
+==== Compliant solution
+
+[source,go,diff-id=1,diff-type=compliant]
+----
+FIXME
+----
+
+//=== How does this work?
+
+//=== Pitfalls
+
+//=== Going the extra mile
+
+
+//== Resources
+//=== Documentation
+//=== Articles & blog posts
+//=== Conference presentations
+//=== Standards
+//=== External coding guidelines
+//=== Benchmarks
diff --git a/rules/S8208/metadata.json b/rules/S8208/metadata.json
new file mode 100644
index 00000000000..2c63c085104
--- /dev/null
+++ b/rules/S8208/metadata.json
@@ -0,0 +1,2 @@
+{
+}

From e6ce1a3b03f4febeecc8baf745e853be244303c7 Mon Sep 17 00:00:00 2001
From: denis-troller <denis.troller@sonarsource.com>
Date: Tue, 21 Oct 2025 19:29:24 +0200
Subject: [PATCH 2/4] Update rules/S8208/go/rule.adoc in PR #5769

---
 rules/S8208/go/rule.adoc | 56 ++++++++++++++++++++++++++--------------
 1 file changed, 37 insertions(+), 19 deletions(-)

diff --git a/rules/S8208/go/rule.adoc b/rules/S8208/go/rule.adoc
index 7193b5561c7..013bf0178de 100644
--- a/rules/S8208/go/rule.adoc
+++ b/rules/S8208/go/rule.adoc
@@ -1,16 +1,27 @@
-FIXME: add a description
-
-// If you want to factorize the description uncomment the following line and create the file.
-//include::../description.adoc[]
+This rule raises an issue when an HTTP response body is not closed after use.
 
 == Why is this an issue?
 
-FIXME: remove the unused optional headers (that are commented out)
+In Go, HTTP response bodies must be explicitly closed to prevent resource leaks. The Go documentation clearly states: "The caller must close the response body when finished with it." When response bodies are not closed, several problems can occur:
+
+* **Connection pool exhaustion**: The HTTP client maintains a pool of connections for reuse. If response bodies are not closed, these connections cannot be returned to the pool, eventually exhausting available connections.
+* **Memory leaks**: Unclosed response bodies can hold references to network resources and buffers, preventing garbage collection.
+* **Resource starvation**: Over time, accumulated unclosed connections can consume system resources like file descriptors and memory.
+
+The issue is particularly problematic in high-throughput applications where many HTTP requests are made. Even if the response data is fully read, the body must still be explicitly closed to signal that the connection can be reused.
+
+=== What is the potential impact?
 
-//=== What is the potential impact?
+Failing to close HTTP response bodies can lead to:
+
+* **Application crashes** due to connection pool exhaustion
+* **Performance degradation** as new connections must be created instead of reusing existing ones
+* **Resource exhaustion** on the system level, affecting other applications
+* **Intermittent failures** that are difficult to debug in production environments
 
 == How to fix it
-//== How to fix it in FRAMEWORK NAME
+
+Always close the response body using defer immediately after checking for request errors. This ensures the body is closed even if subsequent operations fail.
 
 === Code examples
 
@@ -18,27 +29,34 @@ FIXME: remove the unused optional headers (that are commented out)
 
 [source,go,diff-id=1,diff-type=noncompliant]
 ----
-FIXME
+resp, err := http.Get("http://example.com/")
+if err != nil {
+    return err
+}
+body, err := io.ReadAll(resp.Body) // Noncompliant
+// Missing resp.Body.Close()
 ----
 
 ==== Compliant solution
 
 [source,go,diff-id=1,diff-type=compliant]
 ----
-FIXME
+resp, err := http.Get("http://example.com/")
+if err != nil {
+    return err
+}
+defer resp.Body.Close()
+body, err := io.ReadAll(resp.Body)
 ----
 
-//=== How does this work?
+== Resources
+
+=== Documentation
 
-//=== Pitfalls
+ * Go net/http package documentation - https://pkg.go.dev/net/http[Official Go documentation for the net/http package, which explicitly states the requirement to close response bodies]
 
-//=== Going the extra mile
+ * Effective Go - Defer statements - https://go.dev/doc/effective_go#defer[Official Go documentation explaining the defer statement and its proper usage for resource cleanup]
 
+=== Standards
 
-//== Resources
-//=== Documentation
-//=== Articles & blog posts
-//=== Conference presentations
-//=== Standards
-//=== External coding guidelines
-//=== Benchmarks
+ * CWE-404: Improper Resource Shutdown or Release - https://cwe.mitre.org/data/definitions/404.html[Describes the security implications of not properly releasing resources]

From 30a5692617d1a5a8909fe0e70adf362c607bc8ec Mon Sep 17 00:00:00 2001
From: denis-troller <denis.troller@sonarsource.com>
Date: Tue, 21 Oct 2025 19:29:27 +0200
Subject: [PATCH 3/4] Update rules/S8208/go/metadata.json in PR #5769

---
 rules/S8208/go/metadata.json | 27 +++++++++++++++------------
 1 file changed, 15 insertions(+), 12 deletions(-)

diff --git a/rules/S8208/go/metadata.json b/rules/S8208/go/metadata.json
index 5dd45150789..8fc53d54d86 100644
--- a/rules/S8208/go/metadata.json
+++ b/rules/S8208/go/metadata.json
@@ -1,25 +1,28 @@
 {
-  "title": "FIXME",
-  "type": "CODE_SMELL",
+  "title": "HTTP response bodies should be closed to prevent resource leaks",
+  "type": "BUG",
   "status": "ready",
   "remediation": {
-    "func": "Constant\/Issue",
-    "constantCost": "5min"
+    "func": "Constant/Issue",
+    "constantCost": "5 min"
   },
   "tags": [
+    "resource-leak",
+    "http"
   ],
-  "defaultSeverity": "Major",
+  "defaultSeverity": "Blocker",
   "ruleSpecification": "RSPEC-8208",
   "sqKey": "S8208",
-  "scope": "All",
-  "defaultQualityProfiles": ["Sonar way"],
+  "scope": "Main",
+  "defaultQualityProfiles": [
+    "Sonar way"
+  ],
   "quickfix": "unknown",
   "code": {
     "impacts": {
-      "MAINTAINABILITY": "HIGH",
-      "RELIABILITY": "MEDIUM",
-      "SECURITY": "LOW"
+      "RELIABILITY": "BLOCKER",
+      "MAINTAINABILITY": "BLOCKER"
     },
-    "attribute": "CONVENTIONAL"
+    "attribute": "COMPLETE"
   }
-}
+}
\ No newline at end of file

From 7ba38c0a44da63fa18d10a514d99ccf2a3daaa09 Mon Sep 17 00:00:00 2001
From: yassin-kammoun-sonarsouce <yassin.kammoun@sonarsource.com>
Date: Thu, 30 Oct 2025 14:11:51 +0100
Subject: [PATCH 4/4] Update severity

---
 rules/S8208/go/metadata.json | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/rules/S8208/go/metadata.json b/rules/S8208/go/metadata.json
index 8fc53d54d86..8f2fdfe56b7 100644
--- a/rules/S8208/go/metadata.json
+++ b/rules/S8208/go/metadata.json
@@ -10,7 +10,7 @@
     "resource-leak",
     "http"
   ],
-  "defaultSeverity": "Blocker",
+  "defaultSeverity": "Major",
   "ruleSpecification": "RSPEC-8208",
   "sqKey": "S8208",
   "scope": "Main",
@@ -20,9 +20,8 @@
   "quickfix": "unknown",
   "code": {
     "impacts": {
-      "RELIABILITY": "BLOCKER",
-      "MAINTAINABILITY": "BLOCKER"
+      "RELIABILITY": "HIGH"
     },
     "attribute": "COMPLETE"
   }
-}
\ No newline at end of file
+}