Update qldoc

Author: luchua-bc

java/ql/src/experimental/Security/CWE/CWE-297/InsecureLdapEndpoint.qhelp

@@ -4,20 +4,27 @@
 <qhelp>
 
 <overview>
-<p>Java versions 8u181 or greater have enabled LDAPS endpoint identification by default. Nowadays infrastructure services like LDAP are commonly deployed behind load balancers therefore the LDAP server name can be different from the FQDN of the LDAPS endpoint. If a service certificate does not properly contain a matching DNS name as part of the certificate, Java will reject it by default.</p>
-<p>Instead of addressing the issue properly by having a compliant certificate deployed, frequently developers simply disable the LDAPS endpoint check.</p>
-<p>Failing to validate the certificate makes the SSL session susceptible to a man-in-the-middle attack. This query checks whether the LDAPS endpoint check is disabled in system properties.</p>
+<p>Java versions 8u181 or greater have enabled LDAPS endpoint identification by default. Nowadays 
+  infrastructure services like LDAP are commonly deployed behind load balancers therefore the LDAP 
+  server name can be different from the FQDN of the LDAPS endpoint. If a service certificate does not 
+  properly contain a matching DNS name as part of the certificate, Java will reject it by default.</p>
+<p>Instead of addressing the issue properly by having a compliant certificate deployed, frequently 
+  developers simply disable the LDAPS endpoint check.</p>
+<p>Failing to validate the certificate makes the SSL session susceptible to a man-in-the-middle attack. 
+  This query checks whether the LDAPS endpoint check is disabled in system properties.</p>
 </overview>
 
 <recommendation>
-<p>Replace any non-conforming LDAP server certificates to include a DNS name in the subjectAltName field of the certificate that matches the FQDN of the service.</p>
+<p>Replace any non-conforming LDAP server certificates to include a DNS name in the subjectAltName field 
+  of the certificate that matches the FQDN of the service.</p>
 </recommendation>
 
 <example>
-<p>The following two examples show two ways of configuring LDAPS endpoint. In the 'BAD' case,
-endpoint check is disabled. In the 'GOOD' case, endpoint check is left enabled through the default Java configuration.</p>
+<p>The following two examples show two ways of configuring LDAPS endpoint. In the 'BAD' case, 
+  endpoint check is disabled. In the 'GOOD' case, endpoint check is left enabled through the 
+  default Java configuration.</p>
 <sample src="InsecureLdapEndpoint.java" />
-<sample src="InsecureLdapEndpoint2.java" />>
+<sample src="InsecureLdapEndpoint2.java" />
 </example>
 
 <references>

java/ql/src/experimental/Security/CWE/CWE-297/InsecureLdapEndpoint.ql

@@ -1,6 +1,7 @@
 /**
  * @name Insecure LDAPS Endpoint Configuration
- * @description Java application configured to disable LDAPS endpoint identification does not validate the SSL certificate to properly ensure that it is actually associated with that host.
+ * @description Java application configured to disable LDAPS endpoint identification does not validate
+ *              the SSL certificate to properly ensure that it is actually associated with that host.
  * @kind problem
  * @id java/insecure-ldaps-endpoint
  * @tags security
@@ -23,7 +24,8 @@ class TypeHashtable extends Class {
 }
 
 /**
- * The method to set Java properties either through `setProperty` declared in the class `Properties` or `put` declared in its parent class `HashTable`.
+ * The method to set Java properties either through `setProperty` declared in the class `Properties`
+ * or `put` declared in its parent class `HashTable`.
  */
 class SetPropertyMethod extends Method {
   SetPropertyMethod() {
@@ -40,7 +42,10 @@ class SetSystemPropertiesMethod extends Method {
   }
 }
 
-/** Holds if `expr` is evaluated to the string literal `com.sun.jndi.ldap.object.disableEndpointIdentification`. */
+/**
+ * Holds if `Expr` expr is evaluated to the string literal
+ * `com.sun.jndi.ldap.object.disableEndpointIdentification`.
+ */
 predicate isPropertyDisableLdapEndpointId(Expr expr) {
   expr.(CompileTimeConstantExpr).getStringValue() =
     "com.sun.jndi.ldap.object.disableEndpointIdentification"