From 14e4e2d40f91cde56f5692beb7a0c8edf374c0a2 Mon Sep 17 00:00:00 2001
From: Marco Gario <marcogario@github.com>
Date: Wed, 15 Apr 2020 12:05:54 +0200
Subject: [PATCH 1/2] Integeroverflow.qhelp: use paragraphs within sections

---
 .../IntegerOverflow/IntegerOverflow.qhelp     | 42 +++++++++++--------
 1 file changed, 25 insertions(+), 17 deletions(-)

diff --git a/ql/src/experimental/IntegerOverflow/IntegerOverflow.qhelp b/ql/src/experimental/IntegerOverflow/IntegerOverflow.qhelp
index 3f0d10e111a..88dfc682d7c 100644
--- a/ql/src/experimental/IntegerOverflow/IntegerOverflow.qhelp
+++ b/ql/src/experimental/IntegerOverflow/IntegerOverflow.qhelp
@@ -1,23 +1,31 @@
 <!DOCTYPE qhelp SYSTEM "qhelp.dtd">
 <qhelp>
-    <overview>
-    Arithmetic calculations involving integers should be checked to ensure that overflow or
-    underflow cannot occur, as this may cause incorrect results or program crashes.
-    </overview>
-    <recommendation>
+  <overview>
+    <p>
+      Arithmetic calculations involving integers should be checked to ensure that overflow or
+      underflow cannot occur, as this may cause incorrect results or program crashes.
+    </p>
+  </overview>
+  <recommendation>
+    <p>
     Before performing an integer operation that may cause an overflow, check the operands to ensure
     that the result of the operation will fit into the value range of the type. Alternatively, check
     the result of the operation to see whether it overflowed.
-    </recommendation>
-    <example>
-    In the following example snippet, the addition <code>start + offset</code> may overflow if
-    either <code>start</code> or <code>offset</code> is very large, which will cause the indexing
-    operation to panic at runtime:
-        <sample src="IntegerOverflow.go" />
-    One way to prevent this is to check whether <code>start + offset</code> overflows:
-        <sample src="IntegerOverflowGood.go" />
-    </example>
-    <references>
-        <li>Wikipedia <a href="https://en.wikipedia.org/wiki/Integer_overflow">Integer overflow</a>.</li>
-    </references>
+    </p>
+  </recommendation>
+  <example>
+    <p>
+      In the following example snippet, the addition <code>start + offset</code> may overflow if
+      either <code>start</code> or <code>offset</code> is very large, which will cause the indexing
+      operation to panic at runtime:
+    </p>
+    <sample src="IntegerOverflow.go" />
+    <p>
+      One way to prevent this is to check whether <code>start + offset</code> overflows:
+    </p>
+    <sample src="IntegerOverflowGood.go" />
+  </example>
+  <references>
+    <li>Wikipedia <a href="https://en.wikipedia.org/wiki/Integer_overflow">Integer overflow</a>.</li>
+  </references>
 </qhelp>

From 245b99dd423e5938d03290eb3ff09d93a4e11273 Mon Sep 17 00:00:00 2001
From: Max Schaefer <max@semmle.com>
Date: Thu, 16 Apr 2020 08:43:33 +0100
Subject: [PATCH 2/2] Fix misformatted header comment for
 `DisabledCertificateCheck`.

---
 ql/src/Security/CWE-295/DisabledCertificateCheck.ql | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ql/src/Security/CWE-295/DisabledCertificateCheck.ql b/ql/src/Security/CWE-295/DisabledCertificateCheck.ql
index 268a9a5bf09..7b4340818b1 100644
--- a/ql/src/Security/CWE-295/DisabledCertificateCheck.ql
+++ b/ql/src/Security/CWE-295/DisabledCertificateCheck.ql
@@ -8,7 +8,9 @@
  * @id go/disabled-certificate-check
  * @tags security
  *       external/cwe/cwe-295
- *
+ */
+
+/*
  * The approach taken by this query is to look for assignments that set `InsecureSkipVerify`
  * (from struct `Config` of package `crypto/tls`) to `true`. We exclude assignments that are
  * guarded by a feature-flag selecting whether verification should be skipped or not, since