You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: java/ql/src/Security/CWE/CWE-295/InsecureTrustManager.qhelp
+3-3Lines changed: 3 additions & 3 deletions
Original file line number
Diff line number
Diff line change
@@ -4,8 +4,8 @@
4
4
<qhelp>
5
5
<overview>
6
6
<p>
7
-
If the <code>checkServerTrusted</code> method of a <code>TrustManager</code> never throws a <code>CertificateException</code> it trusts every certificate.
8
-
This allows an attacker to perform a machine-in-the-middle attack against the application therefore breaking any security Transport Layer Security (TLS) gives.
7
+
If the <code>checkServerTrusted</code> method of a <code>TrustManager</code> never throws a <code>CertificateException</code>, it trusts every certificate.
8
+
This allows an attacker to perform a machine-in-the-middle attack against the application, therefore breaking any security Transport Layer Security (TLS) gives.
9
9
</p>
10
10
11
11
<p>
@@ -42,6 +42,6 @@ is loaded into a <code>KeyStore</code>. This explicitly defines the certificate
42
42
</example>
43
43
44
44
<references>
45
-
<li>Android Develoers:<ahref="https://developer.android.com/training/articles/security-ssl">Security with HTTPS and SSL</a>.</li>
45
+
<li>Android Developers: <ahref="https://developer.android.com/training/articles/security-ssl">Security with HTTPS and SSL</a>.</li>
0 commit comments