Java: Add QLDoc improve query message

intrigus · intrigus · commit b4692734b28e · 2021-01-11T13:42:08.000+01:00
diff --git a/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql b/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql
@@ -115,5 +115,5 @@ where
   not isNodeGuardedByFlag(sink.getNode()) and
   verifier = source.getNode().asExpr().(ClassInstanceExpr).getConstructedType()
 select sink, source, sink,
-  "$@ that is defined $@ and accepts any certificate as valid, is used $@.", source,
-  "This hostname verifier", verifier, "here", sink, "here"
+  "$@ that is defined $@ and accepts any certificate as valid, is used here.", source,
+  "This hostname verifier", verifier, "here"
diff --git a/java/ql/src/semmle/code/java/security/Encryption.qll b/java/ql/src/semmle/code/java/security/Encryption.qll
@@ -29,6 +29,7 @@ class SSLContext extends RefType {
   SSLContext() { hasQualifiedName("javax.net.ssl", "SSLContext") }
 }
 
+/** Models the `javax.net.ssl.SSLSession` class. */
 class SSLSession extends RefType {
   SSLSession() { hasQualifiedName("javax.net.ssl", "SSLSession") }
 }
@@ -37,6 +38,7 @@ class HostnameVerifier extends RefType {
   HostnameVerifier() { hasQualifiedName("javax.net.ssl", "HostnameVerifier") }
 }
 
+/** Models the `verify` method of the class `javax.net.ssl.HostnameVerifier`. */
 class HostnameVerifierVerify extends Method {
   HostnameVerifierVerify() {
     hasName("verify") and
@@ -81,6 +83,7 @@ class SetHostnameVerifierMethod extends Method {
   }
 }
 
+/** Models the `setDefaultHostnameVerifier` method of the class `javax.net.ssl.HttpsURLConnection`. */
 class SetDefaultHostnameVerifierMethod extends Method {
   SetDefaultHostnameVerifierMethod() {
     hasName("setDefaultHostnameVerifier") and

Original file line number	Diff line number	Diff line change
`@@ -29,6 +29,7 @@ class SSLContext extends RefType {`
`29`	`29`	`SSLContext() { hasQualifiedName("javax.net.ssl", "SSLContext") }`
`30`	`30`	`}`
`31`	`31`
	`32`	+/** Models the `javax.net.ssl.SSLSession` class. */
`32`	`33`	`class SSLSession extends RefType {`
`33`	`34`	`SSLSession() { hasQualifiedName("javax.net.ssl", "SSLSession") }`
`34`	`35`	`}`
`@@ -37,6 +38,7 @@ class HostnameVerifier extends RefType {`
`37`	`38`	`HostnameVerifier() { hasQualifiedName("javax.net.ssl", "HostnameVerifier") }`
`38`	`39`	`}`
`39`	`40`
	`41`	+/** Models the `verify` method of the class `javax.net.ssl.HostnameVerifier`. */
`40`	`42`	`class HostnameVerifierVerify extends Method {`
`41`	`43`	`HostnameVerifierVerify() {`
`42`	`44`	`hasName("verify") and`
`@@ -81,6 +83,7 @@ class SetHostnameVerifierMethod extends Method {`
`81`	`83`	`}`
`82`	`84`	`}`
`83`	`85`
	`86`	+/** Models the `setDefaultHostnameVerifier` method of the class `javax.net.ssl.HttpsURLConnection`. */
`84`	`87`	`class SetDefaultHostnameVerifierMethod extends Method {`
`85`	`88`	`SetDefaultHostnameVerifierMethod() {`
`86`	`89`	`hasName("setDefaultHostnameVerifier") and`