Suggestions from code review

atorralba · atorralba · commit 023264660b73 · 2021-09-15T17:20:28.000+02:00
diff --git a/java/ql/src/Security/CWE/CWE-522/InsecureBasicAuth.qhelp b/java/ql/src/Security/CWE/CWE-522/InsecureBasicAuth.qhelp
@@ -2,7 +2,7 @@
 <qhelp>
 
   <overview>
-    <p>Basic authentication only obfuscates usernames and passwords in Base64 encoding, which can be easily recognized and reversed, thus it must not be transmitted over the cleartext HTTP channel. Transmission of sensitive information not in HTTPS is vulnerable to packet sniffing.</p>
+    <p>Basic authentication only obfuscates usernames and passwords in Base64 encoding, which can be easily recognized and reversed, thus it must not be transmitted over the cleartext HTTP channel. Transmitting sensitive information without using HTTPS makes the data vulnerable to packet sniffing.</p>
   </overview>
 
   <recommendation>
diff --git a/java/ql/src/Security/CWE/CWE-522/InsecureBasicAuth.ql b/java/ql/src/Security/CWE/CWE-522/InsecureBasicAuth.ql
@@ -2,8 +2,8 @@
  * @name Insecure basic authentication
  * @description Basic authentication only obfuscates username/password in
  *              Base64 encoding, which can be easily recognized and reversed.
- *              Transmission of sensitive information not over HTTPS is
- *              vulnerable to packet sniffing.
+ *              Transmitting sensitive information without using HTTPS makes
+ *              the data vulnerable to packet sniffing.
  * @kind path-problem
  * @problem.severity warning
  * @precision medium
