Fix missing </p> in qhelp.

2026-01-29 22:32:58 +01:00 · 2020-05-22 11:18:27 +01:00
parent bccf750e2e
commit 223d0dbf0b
1 changed files with 6 additions and 5 deletions
--- a/ql/src/experimental/CWE-807/SensitiveConditionBypass.qhelp
+++ b/ql/src/experimental/CWE-807/SensitiveConditionBypass.qhelp
@@ -6,25 +6,26 @@ Testing untrusted user input against a fixed constant results in
 a bypass of the conditional check as the attacker may alter the input to match the constant.
 When an incorrect check of this type is used to guard a potentially sensitive block, 
 it results an attacker gaining access to the sensitive block.
-</p>
+        </p>
    </overview>
    <recommendation>
        <p>
 Never decide whether to authenticate a user based on data that may be controlled by that user. 
 If necessary, ensure that the data is validated extensively when it is input before any 
 authentication checks are performed.
-</p>
-<p>
+        </p>
+        <p>
 It is still possible to have a system that "remembers" users, thus not requiring 
 the user to login on every interaction. For example, personalization settings can be applied 
 without authentication because this is not sensitive information. However, users
-should be allowed to take sensitive actions only when they have been fully authenticated. 
+should be allowed to take sensitive actions only when they have been fully authenticated.
+        </p>
    </recommendation>
    <example>
        <p>
 The following example shows a comparison where an user controlled 
 expression is used to guard a sensitive method. This should be avoided.:
-</p>
+        </p>
        <sample src="SensitiveConditionBypassBad.go" />
    </example>
 </qhelp>