From 29588dadab4e74b00f2f64455517272cc73eb02d Mon Sep 17 00:00:00 2001 From: denis-troller Date: Tue, 21 Oct 2025 17:23:06 +0000 Subject: [PATCH 1/3] Create rule S8211 --- rules/S8211/go/metadata.json | 25 ++++++++++++++++++++ rules/S8211/go/rule.adoc | 44 ++++++++++++++++++++++++++++++++++++ rules/S8211/metadata.json | 2 ++ 3 files changed, 71 insertions(+) create mode 100644 rules/S8211/go/metadata.json create mode 100644 rules/S8211/go/rule.adoc create mode 100644 rules/S8211/metadata.json diff --git a/rules/S8211/go/metadata.json b/rules/S8211/go/metadata.json new file mode 100644 index 00000000000..4c206263639 --- /dev/null +++ b/rules/S8211/go/metadata.json @@ -0,0 +1,25 @@ +{ + "title": "FIXME", + "type": "CODE_SMELL", + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + ], + "defaultSeverity": "Major", + "ruleSpecification": "RSPEC-8211", + "sqKey": "S8211", + "scope": "All", + "defaultQualityProfiles": ["Sonar way"], + "quickfix": "unknown", + "code": { + "impacts": { + "MAINTAINABILITY": "HIGH", + "RELIABILITY": "MEDIUM", + "SECURITY": "LOW" + }, + "attribute": "CONVENTIONAL" + } +} diff --git a/rules/S8211/go/rule.adoc b/rules/S8211/go/rule.adoc new file mode 100644 index 00000000000..7193b5561c7 --- /dev/null +++ b/rules/S8211/go/rule.adoc @@ -0,0 +1,44 @@ +FIXME: add a description + +// If you want to factorize the description uncomment the following line and create the file. +//include::../description.adoc[] + +== Why is this an issue? + +FIXME: remove the unused optional headers (that are commented out) + +//=== What is the potential impact? + +== How to fix it +//== How to fix it in FRAMEWORK NAME + +=== Code examples + +==== Noncompliant code example + +[source,go,diff-id=1,diff-type=noncompliant] +---- +FIXME +---- + +==== Compliant solution + +[source,go,diff-id=1,diff-type=compliant] +---- +FIXME +---- + +//=== How does this work? + +//=== Pitfalls + +//=== Going the extra mile + + +//== Resources +//=== Documentation +//=== Articles & blog posts +//=== Conference presentations +//=== Standards +//=== External coding guidelines +//=== Benchmarks diff --git a/rules/S8211/metadata.json b/rules/S8211/metadata.json new file mode 100644 index 00000000000..2c63c085104 --- /dev/null +++ b/rules/S8211/metadata.json @@ -0,0 +1,2 @@ +{ +} From 617739c83e48acfdf506ece3e5b4f9d897fd014f Mon Sep 17 00:00:00 2001 From: denis-troller Date: Tue, 21 Oct 2025 19:30:54 +0200 Subject: [PATCH 2/3] Update rules/S8211/go/rule.adoc in PR #5772 --- rules/S8211/go/rule.adoc | 58 +++++++++++++++++++++++++++------------- 1 file changed, 39 insertions(+), 19 deletions(-) diff --git a/rules/S8211/go/rule.adoc b/rules/S8211/go/rule.adoc index 7193b5561c7..2fa11d3cde3 100644 --- a/rules/S8211/go/rule.adoc +++ b/rules/S8211/go/rule.adoc @@ -1,16 +1,32 @@ -FIXME: add a description - -// If you want to factorize the description uncomment the following line and create the file. -//include::../description.adoc[] +This rule raises an issue when functions perform HTTP operations without accepting or using a `context.Context` parameter for proper cancellation and timeout handling. == Why is this an issue? -FIXME: remove the unused optional headers (that are commented out) +HTTP operations without proper context handling can lead to serious reliability issues in Go applications. + +When you make HTTP requests using methods like `http.Get()` or `client.Get()` without context, these requests cannot be cancelled or have timeouts applied at the application level. This creates several problems: + +* **Hanging requests**: If an external service becomes unresponsive, your requests will wait indefinitely, consuming resources and potentially blocking your application. +* **Resource leaks**: Goroutines making these requests may never terminate, leading to memory leaks and goroutine accumulation over time. +* **Poor user experience**: Users cannot cancel operations that are taking too long, leading to unresponsive applications. +* **Cascading failures**: In microservice architectures, one slow service can cause timeouts and failures to propagate throughout your system. + +The `context.Context` package in Go provides a standard way to carry cancellation signals, deadlines, and timeouts across API boundaries. When you use context-aware HTTP methods like `http.NewRequestWithContext()`, your requests can be cancelled when: -//=== What is the potential impact? +* A user cancels their request +* A timeout is reached +* The application is shutting down +* A parent operation is cancelled + +This enables proper resource cleanup and prevents your application from wasting resources on operations that are no longer needed. + +=== What is the potential impact? + +Without proper context usage, HTTP operations can hang indefinitely, leading to resource exhaustion, memory leaks, and application instability. In high-load scenarios, this can cause cascading failures and service outages. == How to fix it -//== How to fix it in FRAMEWORK NAME + +Add a context.Context parameter to your function and use http.NewRequestWithContext to create context-aware HTTP requests. === Code examples @@ -18,27 +34,31 @@ FIXME: remove the unused optional headers (that are commented out) [source,go,diff-id=1,diff-type=noncompliant] ---- -FIXME +func makeAPICall(url string) (*http.Response, error) { + client := &http.Client{} + resp, err := client.Get(url) // Noncompliant + return resp, err +} ---- ==== Compliant solution [source,go,diff-id=1,diff-type=compliant] ---- -FIXME +func makeAPICall(ctx context.Context, url string) (*http.Response, error) { + client := &http.Client{} + req, _ := http.NewRequestWithContext(ctx, "GET", url, nil) + resp, err := client.Do(req) + return resp, err +} ---- -//=== How does this work? +== Resources -//=== Pitfalls +=== Documentation -//=== Going the extra mile + * Go context package - https://pkg.go.dev/context[Official documentation for Go's context package] + * Go HTTP client documentation - https://pkg.go.dev/net/http#Client[Official documentation for Go's HTTP client] -//== Resources -//=== Documentation -//=== Articles & blog posts -//=== Conference presentations -//=== Standards -//=== External coding guidelines -//=== Benchmarks + * Context and cancellation in Go - https://go.dev/blog/context[Official Go blog post explaining context usage patterns] From 6df205d73fe99d1dec349bbb821621a48703342b Mon Sep 17 00:00:00 2001 From: denis-troller Date: Tue, 21 Oct 2025 19:30:57 +0200 Subject: [PATCH 3/3] Update rules/S8211/go/metadata.json in PR #5772 --- rules/S8211/go/metadata.json | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/rules/S8211/go/metadata.json b/rules/S8211/go/metadata.json index 4c206263639..045a86b57f2 100644 --- a/rules/S8211/go/metadata.json +++ b/rules/S8211/go/metadata.json @@ -1,25 +1,30 @@ { - "title": "FIXME", + "title": "HTTP operations should use context for cancellation and timeout control", "type": "CODE_SMELL", "status": "ready", "remediation": { - "func": "Constant\/Issue", - "constantCost": "5min" + "func": "Constant/Issue", + "constantCost": "30 min" }, "tags": [ + "http", + "context", + "timeout", + "cancellation" ], - "defaultSeverity": "Major", + "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-8211", "sqKey": "S8211", - "scope": "All", - "defaultQualityProfiles": ["Sonar way"], + "scope": "Main", + "defaultQualityProfiles": [ + "Sonar way" + ], "quickfix": "unknown", "code": { "impacts": { - "MAINTAINABILITY": "HIGH", - "RELIABILITY": "MEDIUM", - "SECURITY": "LOW" + "RELIABILITY": "BLOCKER", + "MAINTAINABILITY": "BLOCKER" }, - "attribute": "CONVENTIONAL" + "attribute": "COMPLETE" } -} +} \ No newline at end of file