Include changes from review

cpp/ql/src/experimental/Security/CWE/CWE-295/CurlSSL.qhelp

@@ -1,10 +1,11 @@
 <!DOCTYPE qhelp PUBLIC "-//Semmle//qhelp//EN" "qhelp.dtd">
 <qhelp>
   <overview>
-    Disabling verification of the SSL certificate allows man-in-the-middle attacks. Disabling the
-    peer or the host's certificate verification makes the SSL communication insecure. Just having
-    encryption on a transfer is not enough as you cannot be sure that you are communicating with the
-    correct end-point.
+    Disabling verification of the SSL certificate allows man-in-the-middle attacks.
+    A SSL connection is vulnerable to man-in-the-middle attacks if the certification is not checked
+    properly.
+    If the peer or the host's certificate verification is not verified, the underlying SSL
+    communication is insecure.
   </overview>
   <recommendation>
     It is recommended that all communications be done post verification of the host as well as the
@@ -21,10 +22,12 @@
   <references>
     <li> Curl Documentation:<a href="https://curl.se/libcurl/c/CURLOPT_SSL_VERIFYHOST.html">
       CURLOPT_SSL_VERIFYHOST</a></li>
-    <li> Curl Documentation:<a href="https://curl.se/libcurl/c/CURLOPT_SSL_VERIFYHOST.html">
-      CURLOPT_SSL_VERIFYHOST</a></li>
-    <li> Related CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2022-33684"> CVE-2022-33684</a></li>
-    <li> Related CVE: <a href="https://huntr.com/bounties/42325662-6329-4e04-875a-49e2f5d69f78">
-      `openframeworks/openframeworks`</a></li>
+    <li> Curl Documentation:<a href="https://curl.se/libcurl/c/CURLOPT_SSL_VERIFYPEER.html">
+      CURLOPT_SSL_VERIFYPEER</a></li>
+    <li> Related CVE: <a href="https://github.com/advisories/GHSA-5r3h-c3r7-9w4h"> CVE-2022-33684</a></li>
+    <li> Related security advisory: <a
+        href="https://huntr.com/bounties/42325662-6329-4e04-875a-49e2f5d69f78">
+        <code>openframeworks/openframeworks</code>
+      </a></li>
   </references>
 </qhelp>

cpp/ql/src/experimental/Security/CWE/CWE-295/CurlSSL.ql

@@ -15,7 +15,7 @@ import semmle.code.cpp.dataflow.new.TaintTracking
 private class CurlSetOptCall extends FunctionCall {
   CurlSetOptCall() {
     exists(FunctionCall fc, Function f |
-      f.hasGlobalName("curl_easy_setopt") and
+      f.hasGlobalOrStdName("curl_easy_setopt") and
       fc.getTarget() = f
     |
       this = fc
@@ -34,6 +34,7 @@ private class CurlVerificationConstant extends EnumConstantAccess {
 
 from CurlSetOptCall c
 where
-  c.getArgument(1) = any(CurlVerificationConstant v) and
+  c.getArgument(1) = any(CurlVerificationConstant v) 
+  and
   c.getArgument(2).getValue() = "0"
 select c, "This call disables Secure Socket Layer and could potentially lead to MITM attacks"

cpp/ql/src/experimental/Security/CWE/CWE-295/CurlSSLBad.cpp

@@ -4,6 +4,6 @@ void bad(void) {
 		std::unique_ptr<CURL, void(*)(CURL*)>(curl_easy_init(), curl_easy_cleanup);
 	curl_easy_setopt(curl.get(), CURLOPT_SSL_VERIFYPEER, 0);
 	curl_easy_setopt(curl.get(), CURLOPT_SSL_VERIFYHOST, 0); 
-  curl_easy_setopt(curl.get(), CURLOPT_URL, host.c_str());
-  curl_easy_perform(curl.get());
+  	curl_easy_setopt(curl.get(), CURLOPT_URL, host.c_str());
+  	curl_easy_perform(curl.get());
 }

cpp/ql/src/experimental/Security/CWE/CWE-295/CurlSSLGood.cpp

@@ -4,6 +4,6 @@ void good(void) {
 		std::unique_ptr<CURL, void(*)(CURL*)>(curl_easy_init(), curl_easy_cleanup);
 	curl_easy_setopt(curl.get(), CURLOPT_SSL_VERIFYPEER, 2);
 	curl_easy_setopt(curl.get(), CURLOPT_SSL_VERIFYHOST, 2); 
-  curl_easy_setopt(curl.get(), CURLOPT_URL, host.c_str());
-  curl_easy_perform(curl.get());
+  	curl_easy_setopt(curl.get(), CURLOPT_URL, host.c_str());
+  	curl_easy_perform(curl.get());
 }