Merge pull request #3987 from Marcono1234/patch-1

[Java] Improve InsecureJavaMail.qhelp references
2026-04-24 08:15:14 +02:00 · 2020-08-04 12:12:38 +02:00
parent cdea0f05b0 5942bc6a43
commit 68441bdf99
1 changed files with 10 additions and 4 deletions
--- a/java/ql/src/experimental/Security/CWE/CWE-297/InsecureJavaMail.qhelp
+++ b/java/ql/src/experimental/Security/CWE/CWE-297/InsecureJavaMail.qhelp
@@ -22,9 +22,15 @@ credentials are sent in an SSL session without certificate validation. In the 'G

 <references>
 <li>
-<a href="https://cwe.mitre.org/data/definitions/297.html">CWE-297</a>
-<a href="https://issues.apache.org/jira/browse/LOG4J2-2819">Add support for specifying an SSL configuration for SmtpAppender (CVE-2020-9488)</a>
-<a href="https://rules.sonarsource.com/java/tag/owasp/RSPEC-4499">SMTP SSL connection should check server identity</a>
+  <a href="https://cwe.mitre.org/data/definitions/297.html">CWE-297</a>
+</li>
+<li>
+  Log4j2:
+  <a href="https://issues.apache.org/jira/browse/LOG4J2-2819">Add support for specifying an SSL configuration for SmtpAppender (CVE-2020-9488)</a>
+</li>
+<li>
+  SonarSource rule:
+  <a href="https://rules.sonarsource.com/java/tag/owasp/RSPEC-4499">SMTP SSL connection should check server identity</a>
 </li>
 </references>
-</qhelp>
+</qhelp>