Apply docs suggestions from code review

Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
2026-04-29 10:45:15 +02:00 · 2022-08-18 14:21:40 +01:00
parent 5d00b871d4
commit e8f027dab2
2 changed files with 3 additions and 3 deletions
--- a/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.qhelp
+++ b/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.qhelp
@@ -2,8 +2,8 @@
 <qhelp>

  <overview>
-    <p>Cryptographic algorithms often use padding schemes to make the plaintext less predictable. The OAEP scheme (Optimal Asymmetric Encryption Padding) should be used with RSA encryption.
-    Using no padding or an outdated padding scheme such as PKCS1 can weaken the encryption by making it vulnerable to a padding oracle attack.
+    <p>Cryptographic algorithms often use padding schemes to make the plaintext less predictable. The OAEP (Optimal Asymmetric Encryption Padding) scheme should be used with RSA encryption.
+    Using an outdated padding scheme such as PKCS1, or no padding at all, can weaken the encryption by making it vulnerable to a padding oracle attack.
    </p>
  </overview>

--- a/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql
+++ b/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql
@@ -1,6 +1,6 @@
 /**
 * @name Use of RSA algorithm without OAEP
- * @description Using RSA encryption without OAEP padding can lead to a padding oracle attack, weakening the encryption.
+ * @description Using RSA encryption without OAEP padding can result in a padding oracle attack, leading to a weaker encryption.
 * @kind path-problem
 * @problem.severity warning
 * @security-severity 7.5