hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Rust: Clarify some confusing text in the .qhelp.

Browse Source
This commit is contained in:
Geoffrey White
2025-11-13 09:00:46 +00:00
parent 42aca4a171
commit 15fa99a288
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
rust/ql/src/queries/security/CWE-295/DisabledCertificateCheck.qhelp
View File

@@ -5,7 +5,10 @@
<overview>
<p>
The <code>danger_accept_invalid_certs</code> and <code>danger_accept_invalid_hostnames</code> options on TLS connectors and HTTP clients control whether certificate and hostname verification is performed. If set to <code>true</code>, the client will accept any certificate or any host name, making it susceptible to man-in-the-middle attacks.
The <code>danger_accept_invalid_certs</code> option on TLS connectors and HTTP clients controls whether certificate verification is performed. If this option is set to <code>true</code>, the client will accept any certificate, making it susceptible to man-in-the-middle attacks.
</p>
<p>
Similarly, the <code>danger_accept_invalid_hostnames</code> option controls whether hostname verification is performed. If this option is set to <code>true</code>, the client will accept any valid certificate regardless of the site that certificate is for, again making it susceptible to man-in-the-middle attacks.
</p>
</overview>