convert tabs to spaces in qhelp

erik-krogh · erik-krogh · commit 220ff3cb2e5e · 2022-07-12T16:02:50.000+02:00
diff --git a/java/ql/src/Security/CWE/CWE-020/OverlyLargeRange.qhelp b/java/ql/src/Security/CWE/CWE-020/OverlyLargeRange.qhelp
@@ -3,13 +3,13 @@
 "qhelp.dtd">
 <qhelp>
 
-	<overview>
-		<p>
-			A regexp range can by accident match more than was intended.
+    <overview>
+        <p>
+            A regexp range can by accident match more than was intended.
             For example, the regular expression <code>/[a-zA-z]/</code> will 
             match every lowercase and uppercase letters, but the same regular 
             expression will also match the chars: <code>[\]^_`</code>.  
-		</p>
+        </p>
         <p>
             On other occasions it can happen that the dash in a regular 
             expression is not escaped, which will cause it to be interpreted 
@@ -18,22 +18,22 @@
             <code>,</code> and <code>_</code> (both included), which overlaps with the 
             range <code>[0-9]</code> and is thus clearly not intended.
         </p>
-	</overview>
+    </overview>
 
-	<recommendation>
-		<p>
+    <recommendation>
+        <p>
 
-			Don't write character ranges were there might be confusion as to
+            Don't write character ranges were there might be confusion as to
             which characters are included in the range.
 
-		</p>
-	</recommendation>
+        </p>
+    </recommendation>
 
-	<example>
+    <example>
 
-		<p>
+        <p>
             The following example code checks whether a string is a valid 6 digit hex color. 
-		</p>
+        </p>
 
 <sample language="java">
 import java.util.regex.Pattern
@@ -44,7 +44,7 @@ public class Tester {
 }
 </sample>
 
-		<p>
+        <p>
             However, the <code>A-f</code> range matches every uppercase character, and
             thus a "color" like <code>#XYZ</code> is considered valid.
         </p>
@@ -62,11 +62,11 @@ public class Tester {
 }
 </sample>
 
-	</example>
+    </example>
 
-	<references>
-		<li>Mitre.org: <a href="https://cwe.mitre.org/data/definitions/20.html">CWE-020</a></li>
-		<li>github.com: <a href="https://github.com/advisories/GHSA-g4rg-993r-mgx7">CVE-2021-42740</a></li>
-		<li>wh0.github.io: <a href="https://wh0.github.io/2021/10/28/shell-quote-rce-exploiting.html">Exploiting CVE-2021-42740</a></li>
-	</references>
+    <references>
+        <li>Mitre.org: <a href="https://cwe.mitre.org/data/definitions/20.html">CWE-020</a></li>
+        <li>github.com: <a href="https://github.com/advisories/GHSA-g4rg-993r-mgx7">CVE-2021-42740</a></li>
+        <li>wh0.github.io: <a href="https://wh0.github.io/2021/10/28/shell-quote-rce-exploiting.html">Exploiting CVE-2021-42740</a></li>
+    </references>
 </qhelp>
diff --git a/javascript/ql/src/Security/CWE-020/OverlyLargeRange.qhelp b/javascript/ql/src/Security/CWE-020/OverlyLargeRange.qhelp
@@ -3,13 +3,13 @@
 "qhelp.dtd">
 <qhelp>
 
-	<overview>
-		<p>
-			A regexp range can by accident match more than was intended.
+    <overview>
+        <p>
+            A regexp range can by accident match more than was intended.
             For example, the regular expression <code>/[a-zA-z]/</code> will 
             match every lowercase and uppercase letters, but the same regular 
             expression will also match the chars: <code>[\]^_`</code>.  
-		</p>
+        </p>
         <p>
             On other occasions it can happen that the dash in a regular 
             expression is not escaped, which will cause it to be interpreted 
@@ -18,30 +18,30 @@
             <code>,</code> and <code>_</code> (both included), which overlaps with the 
             range <code>[0-9]</code> and is thus clearly not intended.
         </p>
-	</overview>
+    </overview>
 
-	<recommendation>
-		<p>
+    <recommendation>
+        <p>
 
-			Don't write character ranges were there might be confusion as to
+            Don't write character ranges were there might be confusion as to
             which characters are included in the range.
 
-		</p>
-	</recommendation>
+        </p>
+    </recommendation>
 
-	<example>
+    <example>
 
-		<p>
+        <p>
             The following example code checks whether a string is a valid 6 digit hex color. 
-		</p>
+        </p>
 
 <sample language="javascript">
 function isValidHexColor(color) {
     return /^#[0-9a-fA-f]{6}$/i.test(color);
 }
 </sample>
 
-		<p>
+        <p>
             However, the <code>A-f</code> range matches every uppercase character, and
             thus a "color" like <code>#XYZ</code> is considered valid.
         </p>
@@ -56,11 +56,11 @@ function isValidHexColor(color) {
 }
 </sample>
 
-	</example>
+    </example>
 
-	<references>
-		<li>Mitre.org: <a href="https://cwe.mitre.org/data/definitions/20.html">CWE-020</a></li>
-		<li>github.com: <a href="https://github.com/advisories/GHSA-g4rg-993r-mgx7">CVE-2021-42740</a></li>
-		<li>wh0.github.io: <a href="https://wh0.github.io/2021/10/28/shell-quote-rce-exploiting.html">Exploiting CVE-2021-42740</a></li>
-	</references>
+    <references>
+        <li>Mitre.org: <a href="https://cwe.mitre.org/data/definitions/20.html">CWE-020</a></li>
+        <li>github.com: <a href="https://github.com/advisories/GHSA-g4rg-993r-mgx7">CVE-2021-42740</a></li>
+        <li>wh0.github.io: <a href="https://wh0.github.io/2021/10/28/shell-quote-rce-exploiting.html">Exploiting CVE-2021-42740</a></li>
+    </references>
 </qhelp>
diff --git a/python/ql/src/Security/CWE-020/OverlyLargeRange.qhelp b/python/ql/src/Security/CWE-020/OverlyLargeRange.qhelp
@@ -3,13 +3,13 @@
 "qhelp.dtd">
 <qhelp>
 
-	<overview>
-		<p>
-			A regexp range can by accident match more than was intended.
+    <overview>
+        <p>
+            A regexp range can by accident match more than was intended.
             For example, the regular expression <code>/[a-zA-z]/</code> will 
             match every lowercase and uppercase letters, but the same regular 
             expression will also match the chars: <code>[\]^_`</code>.  
-		</p>
+        </p>
         <p>
             On other occasions it can happen that the dash in a regular 
             expression is not escaped, which will cause it to be interpreted 
@@ -18,30 +18,30 @@
             <code>,</code> and <code>_</code> (both included), which overlaps with the 
             range <code>[0-9]</code> and is thus clearly not intended.
         </p>
-	</overview>
+    </overview>
 
-	<recommendation>
-		<p>
+    <recommendation>
+        <p>
 
-			Don't write character ranges were there might be confusion as to
+            Don't write character ranges were there might be confusion as to
             which characters are included in the range.
 
-		</p>
-	</recommendation>
+        </p>
+    </recommendation>
 
-	<example>
+    <example>
 
-		<p>
+        <p>
             The following example code checks whether a string is a valid 6 digit hex color. 
-		</p>
+        </p>
 
 <sample language="python">
 import re
 def is_valid_hex_color(color):
     return re.match(r'^#[0-9a-fA-f]{6}$', color) is not None
 </sample>
 
-		<p>
+        <p>
             However, the <code>A-f</code> range matches every uppercase character, and
             thus a "color" like <code>#XYZ</code> is considered valid.
         </p>
@@ -56,11 +56,11 @@ def is_valid_hex_color(color):
     return re.match(r'^#[0-9a-fA-F]{6}$', color) is not None
 </sample>
 
-	</example>
+    </example>
 
-	<references>
-		<li>Mitre.org: <a href="https://cwe.mitre.org/data/definitions/20.html">CWE-020</a></li>
-		<li>github.com: <a href="https://github.com/advisories/GHSA-g4rg-993r-mgx7">CVE-2021-42740</a></li>
-		<li>wh0.github.io: <a href="https://wh0.github.io/2021/10/28/shell-quote-rce-exploiting.html">Exploiting CVE-2021-42740</a></li>
-	</references>
+    <references>
+        <li>Mitre.org: <a href="https://cwe.mitre.org/data/definitions/20.html">CWE-020</a></li>
+        <li>github.com: <a href="https://github.com/advisories/GHSA-g4rg-993r-mgx7">CVE-2021-42740</a></li>
+        <li>wh0.github.io: <a href="https://wh0.github.io/2021/10/28/shell-quote-rce-exploiting.html">Exploiting CVE-2021-42740</a></li>
+    </references>
 </qhelp>
diff --git a/ruby/ql/src/queries/security/cwe-020/OverlyLargeRange.qhelp b/ruby/ql/src/queries/security/cwe-020/OverlyLargeRange.qhelp
@@ -3,13 +3,13 @@
 "qhelp.dtd">
 <qhelp>
 
-	<overview>
-		<p>
-			A regexp range can by accident match more than was intended.
+    <overview>
+        <p>
+            A regexp range can by accident match more than was intended.
             For example, the regular expression <code>/[a-zA-z]/</code> will 
             match every lowercase and uppercase letters, but the same regular 
             expression will also match the chars: <code>[\]^_`</code>.  
-		</p>
+        </p>
         <p>
             On other occasions it can happen that the dash in a regular 
             expression is not escaped, which will cause it to be interpreted 
@@ -18,30 +18,30 @@
             <code>,</code> and <code>_</code> (both included), which overlaps with the 
             range <code>[0-9]</code> and is thus clearly not intended.
         </p>
-	</overview>
+    </overview>
 
-	<recommendation>
-		<p>
+    <recommendation>
+        <p>
 
-			Don't write character ranges were there might be confusion as to
+            Don't write character ranges were there might be confusion as to
             which characters are included in the range.
 
-		</p>
-	</recommendation>
+        </p>
+    </recommendation>
 
-	<example>
+    <example>
 
-		<p>
+        <p>
             The following example code checks whether a string is a valid 6 digit hex color. 
-		</p>
+        </p>
 
 <sample language="ruby">
 def is_valid_hex_color(color)
     /^#[0-9a-fA-f]{6}$/.match(color)
 end
 </sample>
 
-		<p>
+        <p>
             However, the <code>A-f</code> range matches every uppercase character, and
             thus a "color" like <code>#XYZ</code> is considered valid.
         </p>
@@ -56,11 +56,11 @@ def is_valid_hex_color(color)
 end
 </sample>
 
-	</example>
+    </example>
 
-	<references>
-		<li>Mitre.org: <a href="https://cwe.mitre.org/data/definitions/20.html">CWE-020</a></li>
-		<li>github.com: <a href="https://github.com/advisories/GHSA-g4rg-993r-mgx7">CVE-2021-42740</a></li>
-		<li>wh0.github.io: <a href="https://wh0.github.io/2021/10/28/shell-quote-rce-exploiting.html">Exploiting CVE-2021-42740</a></li>
-	</references>
+    <references>
+        <li>Mitre.org: <a href="https://cwe.mitre.org/data/definitions/20.html">CWE-020</a></li>
+        <li>github.com: <a href="https://github.com/advisories/GHSA-g4rg-993r-mgx7">CVE-2021-42740</a></li>
+        <li>wh0.github.io: <a href="https://wh0.github.io/2021/10/28/shell-quote-rce-exploiting.html">Exploiting CVE-2021-42740</a></li>
+    </references>
 </qhelp>
