Java: Apply suggestions from code review

Co-authored-by: Chris Smowton <[email protected]>

Author: 2 people

java/ql/src/Security/CWE/CWE-295/InsecureTrustManager.java

@@ -25,7 +25,7 @@ public void checkClientTrusted(X509Certificate[] chain, String authType) throws
 		File certificateFile = new File("path/to/self-signed-certificate");
 		// Create a `KeyStore` with default type
 		KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
-		// This causes `keyStore` to be empty
+		// `keyStore` is initially empty
 		keyStore.load(null, null);
 		X509Certificate generatedCertificate;
 		try (InputStream cert = new FileInputStream(certificateFile)) {
@@ -36,7 +36,7 @@ public void checkClientTrusted(X509Certificate[] chain, String authType) throws
 		keyStore.setCertificateEntry(certificateFile.getName(), generatedCertificate);
 		// Get default `TrustManagerFactory`
 		TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
-		// Use it with our modified key store that trusts our self-signed certificate
+		// Use it with our key store that trusts our self-signed certificate
 		tmf.init(keyStore);
 		TrustManager[] trustManagers = tmf.getTrustManagers();
 		context.init(null, trustManagers, null); // GOOD, we are not using a custom `TrustManager` but instead have

java/ql/src/Security/CWE/CWE-295/InsecureTrustManager.ql

@@ -1,5 +1,5 @@
 /**
- * @name Everything trusting `TrustManager`
+ * @name `TrustManager` that accepts all certificates
  * @description Trusting all certificates allows an attacker to perform a machine-in-the-middle attack.
  * @kind path-problem
  * @problem.severity error