Python: Correct case of query name and improve help.

markshannon · markshannon · commit 698957e2cf5e · 2018-11-27T11:32:40.000Z
diff --git a/change-notes/1.19/analysis-python.md b/change-notes/1.19/analysis-python.md
@@ -57,7 +57,7 @@ A new predicate `Stmt.getAnEntryNode()` has been added to make it easier to writ
 | **Query**                   | **Tags**  | **Purpose**                                                        |
 |-----------------------------|-----------|--------------------------------------------------------------------|
 | Information exposure through an exception (`py/stack-trace-exposure`) | security, external/cwe/cwe-209, external/cwe/cwe-497 | Finds instances where information about an exception may be leaked to an external user. Enabled on LGTM by default. |
-| Request Without Certificate Validation (`py/request-without-cert-validation`) | security, external/cwe/cwe-295 | Finds requests where certificate verification has been explicitly turned off, possibly allowing man-in-the-middle attacks. Not enabled on LGTM by default. |
+| Request without certificate validation (`py/request-without-cert-validation`) | security, external/cwe/cwe-295 | Finds requests where certificate verification has been explicitly turned off, possibly allowing man-in-the-middle attacks. Not enabled on LGTM by default. |
 
 ## Changes to existing queries
 
diff --git a/python/ql/src/Security/CWE-295/RequestWithoutValidation.qhelp b/python/ql/src/Security/CWE-295/RequestWithoutValidation.qhelp
@@ -6,9 +6,9 @@
 <overview>
 <p>
 Encryption is key to the security of most, if not all, online communication.
-Using TLS can enusre that neither party in the communication is an interloper.
+Using Transport Layer Security (TLS) can ensure that communication cannot be interrupted by an interloper.
 For this reason, is is unwise to disable the verification that TLS provides.
-<code>requests</code> provides verification by default, and it is only when
+Functions in the <code>requests</code> module provide verification by default, and it is only when
 explicitly turned off using <code>verify=False</code> that no verification occurs.
 </p>
 </overview>
@@ -29,10 +29,6 @@ The example shows two unsafe calls to <a href="https://semmle.com">semmle.com</a
 
 <references>
 <li>
-Common Weakness Enumeration:
-<a href="https://cwe.mitre.org/data/definitions/295.html">CWE-295: Improper Certificate Validation</a>.
-</li>
-<li>
 Python requests documentation: <a href="http://docs.python-requests.org/en/master/user/advanced/#ssl-cert-verification">SSL Cert Verification</a>.
 </li>
 </references>
diff --git a/python/ql/src/Security/CWE-295/RequestWithoutValidation.ql b/python/ql/src/Security/CWE-295/RequestWithoutValidation.ql
@@ -1,5 +1,5 @@
 /**
- * @name Request Without Certificate Validation
+ * @name Request without certificate validation
  * @description Making a request without certificate validation can allow man-in-the-middle attacks.
  * @kind problem
  * @problem.severity error
