http.NewRequest request send to http:// URLs GO-S1028
Security
Major
a02
a06
cwe-327
sans top 25
owasp top 10
Requests sent via http.NewRequest to http:// URLs is dangerous because the
server is attempting to connect to a website that does not encrypt traffic with
TLS. Instead, it is recommended to use https://.
Bad practice
req, err := http.NewRequest("GET", "http://deepsource.io", nil)
Recommended
req, err := http.NewRequest("GET", "https://deepsource.io", nil)