Java: Fix QHelp & accept test output

Accept test output for changed alert message.
2026-04-30 19:26:02 +02:00 · 2021-02-08 00:05:02 +01:00
parent d3e6e594b2
commit 2e30f2d9ce
2 changed files with 6 additions and 4 deletions
--- a/java/ql/src/experimental/Security/CWE/CWE-295/JxBrowserWithoutCertValidation.qhelp
+++ b/java/ql/src/experimental/Security/CWE/CWE-295/JxBrowserWithoutCertValidation.qhelp
@@ -11,9 +11,11 @@ Versions smaller than 6.24 by default ignore any HTTPS certificate errors thereb

 <recommendation>
 <p>Do either of these:
-<li>Update to version 6.24 or 7.x.x as these correctly reject certificate errors by default.</li>
-<li>Add a custom implementation of the <code>LoadHandler</code> interface whose <code>onCertificateError</code> method always returns <b>true</b> indicating that loading should be cancelled.
-Then use the <code>setLoadHandler</code> method with your custom <code>LoadHandler</code> on every <code>Browser</code> you use.</li>
+<ul>
+  <li>Update to version 6.24 or 7.x.x as these correctly reject certificate errors by default.</li>
+  <li>Add a custom implementation of the <code>LoadHandler</code> interface whose <code>onCertificateError</code> method always returns <b>true</b> indicating that loading should be cancelled.
+  Then use the <code>setLoadHandler</code> method with your custom <code>LoadHandler</code> on every <code>Browser</code> you use.</li>
+</ul>
 </p>
 </recommendation>

--- a/java/ql/test/experimental/query-tests/security/CWE-295/jxbrowser-6.23.1/JxBrowserWithoutCertValidation.expected
+++ b/java/ql/test/experimental/query-tests/security/CWE-295/jxbrowser-6.23.1/JxBrowserWithoutCertValidation.expected
@@ -1 +1 @@
-| JxBrowserWithoutCertValidationV6_23_1.java:17:27:17:39 | new Browser(...) | This JxBrowser instance allows man-in-the-middle attacks. |
+| JxBrowserWithoutCertValidationV6_23_1.java:17:27:17:39 | new Browser(...) | This JxBrowser instance may not check HTTPS certificates. |