Fix typos

ql/src/experimental/CWE-327/InsecureTLS.go

@@ -9,7 +9,7 @@ func main() {}
 func insecureMinMaxTlsVersion() {
 	{
 		config := &tls.Config{}
-		config.MinVersion = 0 //BAD: Setting the MinVersion to 0 equal to choosing the lowest supported version (i.e. SSL3.0)
+		config.MinVersion = 0 //BAD: Setting the MinVersion to 0 equals to choosing the lowest supported version (i.e. SSL3.0)
 	}
 	{
 		config := &tls.Config{}

ql/src/experimental/CWE-327/InsecureTLS.qhelp

@@ -44,4 +44,4 @@
 	<a href="https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Protection_Cheat_Sheet.html">Transport Layer Protection Cheat Sheet</a>
 </li>
 </references>
-</qhelp>
+</qhelp>

ql/src/experimental/CWE-327/SaferTLS.go

@@ -7,5 +7,5 @@ func saferTLSConfig() {
 	config.MinVersion = tls.VersionTLS12
 	config.MaxVersion = tls.VersionTLS13
 	// OR
-	config.MaxVersion = 0 // Setting MaxVersion to 0 means that the highest version available in the package will be used.
+	config.MaxVersion = 0 // GOOD: Setting MaxVersion to 0 means that the highest version available in the package will be used.
 }

ql/test/experimental/CWE-327/UnsafeTLS.go

@@ -11,74 +11,74 @@ func main() {
 func minMaxTlsVersion() {
 	{
 		config := &tls.Config{}
-		config.MinVersion = 0 //BAD
+		config.MinVersion = 0 // BAD
 	}
 	{
 		config := &tls.Config{}
-		config.MaxVersion = 0 //GOOD
+		config.MaxVersion = 0 // GOOD
 	}
 	///
 	{
 		config := &tls.Config{
-			MinVersion: 0, //BAD
+			MinVersion: 0, // BAD
 		}
 		_ = config
 	}
 	{
 		config := &tls.Config{
-			MaxVersion: 0, //GOOD
+			MaxVersion: 0, // GOOD
 		}
 		_ = config
 	}
 	///
 	{
 		config := &tls.Config{}
-		config.MinVersion = tls.VersionSSL30 //BAD
+		config.MinVersion = tls.VersionSSL30 // BAD
 	}
 	{
 		config := &tls.Config{}
-		config.MaxVersion = tls.VersionSSL30 //BAD
+		config.MaxVersion = tls.VersionSSL30 // BAD
 	}
 	///
 	{
 		config := &tls.Config{}
-		config.MinVersion = tls.VersionTLS10 //BAD
+		config.MinVersion = tls.VersionTLS10 // BAD
 	}
 	{
 		config := &tls.Config{}
-		config.MaxVersion = tls.VersionTLS10 //BAD
+		config.MaxVersion = tls.VersionTLS10 // BAD
 	}
 	///
 	{
 		config := &tls.Config{}
-		config.MinVersion = tls.VersionTLS11 //BAD
+		config.MinVersion = tls.VersionTLS11 // BAD
 	}
 	{
 		config := &tls.Config{}
-		config.MaxVersion = tls.VersionTLS11 //BAD
+		config.MaxVersion = tls.VersionTLS11 // BAD
 	}
 	///
 	{
 		config := &tls.Config{
-			MinVersion: tls.VersionTLS11, //BAD
+			MinVersion: tls.VersionTLS11, // BAD
 		}
 		_ = config
 	}
 	{
 		config := &tls.Config{
-			MaxVersion: tls.VersionTLS11, //BAD
+			MaxVersion: tls.VersionTLS11, // BAD
 		}
 		_ = config
 	}
 	{
 		config := &tls.Config{
-			MinVersion: tls.VersionTLS12, //GOOD
+			MinVersion: tls.VersionTLS12, // GOOD
 		}
 		_ = config
 	}
 	{
 		config := &tls.Config{
-			MaxVersion: tls.VersionTLS13, //GOOD
+			MaxVersion: tls.VersionTLS13, // GOOD
 		}
 		_ = config
 	}
@@ -88,12 +88,12 @@ func cipherSuites() {
 	{
 		config := &tls.Config{
 			CipherSuites: []uint16{
-				tls.TLS_RSA_WITH_RC4_128_SHA,                //BAD
-				tls.TLS_RSA_WITH_AES_128_CBC_SHA256,         //BAD
-				tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,        //BAD
-				tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA,          //BAD
-				tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, //BAD
-				tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,   //BAD
+				tls.TLS_RSA_WITH_RC4_128_SHA,                // BAD
+				tls.TLS_RSA_WITH_AES_128_CBC_SHA256,         // BAD
+				tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,        // BAD
+				tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA,          // BAD
+				tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, // BAD
+				tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,   // BAD
 			},
 		}
 		_ = config
@@ -101,7 +101,7 @@ func cipherSuites() {
 	{
 		config := &tls.Config{
 			CipherSuites: []uint16{
-				tls.TLS_RSA_WITH_RC4_128_SHA, //BAD
+				tls.TLS_RSA_WITH_RC4_128_SHA, // BAD
 			},
 		}
 		_ = config
@@ -109,7 +109,7 @@ func cipherSuites() {
 	{
 		config := &tls.Config{
 			CipherSuites: []uint16{
-				tls.TLS_RSA_WITH_AES_128_CBC_SHA256, //BAD
+				tls.TLS_RSA_WITH_AES_128_CBC_SHA256, // BAD
 			},
 		}
 		_ = config
@@ -117,7 +117,7 @@ func cipherSuites() {
 	{
 		config := &tls.Config{
 			CipherSuites: []uint16{
-				tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, //BAD
+				tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, // BAD
 			},
 		}
 		_ = config
@@ -125,7 +125,7 @@ func cipherSuites() {
 	{
 		config := &tls.Config{
 			CipherSuites: []uint16{
-				tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA, //BAD
+				tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA, // BAD
 			},
 		}
 		_ = config
@@ -133,7 +133,7 @@ func cipherSuites() {
 	{
 		config := &tls.Config{
 			CipherSuites: []uint16{
-				tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, //BAD
+				tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, // BAD
 			},
 		}
 		_ = config
@@ -141,7 +141,7 @@ func cipherSuites() {
 	{
 		config := &tls.Config{
 			CipherSuites: []uint16{
-				tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, //BAD
+				tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, // BAD
 			},
 		}
 		_ = config
@@ -149,7 +149,7 @@ func cipherSuites() {
 	{
 		config := &tls.Config{
 			CipherSuites: []uint16{
-				tls.TLS_CHACHA20_POLY1305_SHA256, //GOOD
+				tls.TLS_CHACHA20_POLY1305_SHA256, // GOOD
 			},
 		}
 		_ = config
@@ -157,14 +157,14 @@ func cipherSuites() {
 	{
 		config := &tls.Config{}
 		config.CipherSuites = make([]uint16, 0)
-		config.CipherSuites = append(config.CipherSuites, tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) //BAD
+		config.CipherSuites = append(config.CipherSuites, tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) // BAD
 	}
 	{
 		config := &tls.Config{}
 		config.CipherSuites = make([]uint16, 0)
 		insecureSuites := tls.InsecureCipherSuites()
 		for _, v := range insecureSuites {
-			config.CipherSuites = append(config.CipherSuites, v.ID) //BAD
+			config.CipherSuites = append(config.CipherSuites, v.ID) // BAD
 		}
 	}
 }
@@ -174,11 +174,11 @@ func good(version string) {
 
 	switch version {
 	case "1.0":
-		config.MinVersion = tls.VersionTLS10 //OK
+		config.MinVersion = tls.VersionTLS10 // OK
 	case "1.1":
-		config.MinVersion = tls.VersionTLS11 //OK
+		config.MinVersion = tls.VersionTLS11 // OK
 	default:
-		config.MinVersion = tls.VersionTLS12 //OK
+		config.MinVersion = tls.VersionTLS12 // OK
 	}
 
 	_ = config
@@ -189,14 +189,14 @@ func badTlsVersion2(version string) {
 
 		switch version {
 		case "1.0":
-			config.MinVersion = tls.VersionTLS10 //OK
+			config.MinVersion = tls.VersionTLS10 // OK
 		case "1.1":
-			config.MinVersion = tls.VersionTLS11 //OK
+			config.MinVersion = tls.VersionTLS11 // OK
 		default:
-			config.MinVersion = tls.VersionTLS12 //OK
+			config.MinVersion = tls.VersionTLS12 // OK
 		}
 
-		config.MinVersion = tls.VersionTLS11 //BAD
+		config.MinVersion = tls.VersionTLS11 // BAD
 
 		_ = config
 	}
@@ -205,8 +205,8 @@ func badTlsVersion2(version string) {
 		switch version {
 		case "1.0":
 			config := &tls.Config{}
-			config.MinVersion = tls.VersionTLS10 //BAD
-			config.MinVersion = tls.VersionTLS11 //BAD
+			config.MinVersion = tls.VersionTLS10 // BAD
+			config.MinVersion = tls.VersionTLS11 // BAD
 			_ = config
 		}