Java: Fix qhelp, fix CWE reference

2026-04-30 03:05:15 +02:00 · 2021-02-10 13:57:51 +01:00
parent 2e30f2d9ce
commit 5c82ff83de
2 changed files with 2 additions and 3 deletions
--- a/java/ql/src/experimental/Security/CWE/CWE-295/JxBrowserWithoutCertValidation.qhelp
+++ b/java/ql/src/experimental/Security/CWE/CWE-295/JxBrowserWithoutCertValidation.qhelp
@@ -10,13 +10,12 @@ Versions smaller than 6.24 by default ignore any HTTPS certificate errors thereb
 </overview>

 <recommendation>
-<p>Do either of these:
+<p>Do either of these:</p>
 <ul>
  <li>Update to version 6.24 or 7.x.x as these correctly reject certificate errors by default.</li>
  <li>Add a custom implementation of the <code>LoadHandler</code> interface whose <code>onCertificateError</code> method always returns <b>true</b> indicating that loading should be cancelled.
  Then use the <code>setLoadHandler</code> method with your custom <code>LoadHandler</code> on every <code>Browser</code> you use.</li>
 </ul>
-</p>
 </recommendation>

 <example>
--- a/java/ql/src/experimental/Security/CWE/CWE-295/JxBrowserWithoutCertValidation.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-295/JxBrowserWithoutCertValidation.ql
@@ -4,7 +4,7 @@
 * @kind problem
 * @id java/jxbrowser/disabled-certificate-validation
 * @tags security
- *       external/cwe-295
+ *       external/cwe/cwe-295
 */

 import java