Format the code and update qldoc

Author: luchua-bc

java/ql/src/experimental/Security/CWE/CWE-555/PasswordInConfigurationFile.qhelp

@@ -30,7 +30,7 @@
     </li>
     <li>
       RedHat Security Guide:
-      <a href="https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform/6.1/html/security_guide/Store_and_Retrieve_Encrypted_Sensitive_Strings_in_the_Java_Keystore">STORE AND RETRIEVE ENCRYPTED SENSITIVE STRINGS IN THE JAVA KEYSTORE</a>
+      <a href="https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform/6.1/html/security_guide/Store_and_Retrieve_Encrypted_Sensitive_Strings_in_the_Java_Keystore">Store and Retrieve Encrypted Sensitive Strings in the Java Keystore</a>
     </li>
     <li>
       SonarSource:

java/ql/src/experimental/Security/CWE/CWE-555/PasswordInConfigurationFile.ql

@@ -34,4 +34,4 @@ where
   )
   or
   a.getValue().regexpMatch("(?is).*(pwd|password)\\s*=(?!\\s*;).*") // Attribute value matches password pattern
-select a, "Avoid plaintext passwords in configuration files."
+select a, "Plaintext passwords in configuration files."

java/ql/src/experimental/Security/CWE/CWE-555/context.xml

@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <Context>
-    <!-- BAD: Password of datasource is in not encrypted -->
+    <!-- BAD: Password of datasource is not encrypted -->
     <Resource name="jdbc/exampleDS" auth="Container" type="javax.sql.DataSource"
                maxTotal="100" maxIdle="30" maxWaitMillis="10000"
                username="root" password="1234"

java/ql/test/experimental/query-tests/security/CWE-555/PasswordInConfigurationFile.expected

@@ -1,2 +1,2 @@
-| applicationContext.xml:11:6:11:50 | name=password | Avoid plaintext passwords in configuration files. |
-| context.xml:4:5:8:63 | password=1234 | Avoid plaintext passwords in configuration files. |
+| applicationContext.xml:9:3:9:48 | name=password | Plaintext passwords in configuration files. |
+| context.xml:4:5:4:253 | password=1234 | Plaintext passwords in configuration files. |

java/ql/test/experimental/query-tests/security/CWE-555/applicationContext.xml

@@ -1,39 +1,37 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
-       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-       xsi:schemaLocation="http://www.springframework.org/schema/beans
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans
            http://www.springframework.org/schema/beans/spring-beans-2.5.xsd">
 
-<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
-	    <property name="driverClassName" value="com.mysql.jdbc.Driver"/>
-	    <property name="url" value="jdbc:mysql://www.example.com:3306/test"/>
-	    <property name="username" value="root"/>
-	    <property name="password" value="mysecret"/>
-		<property name="initialSize" value="30"/>
-		
-	 	<property name="maxActive" value="500"/> 
-		<property name="maxIdle" value="2"/>
-		<property name="minIdle" value="1"/>
-</bean>
+	<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
+		<property name="driverClassName" value="com.mysql.jdbc.Driver" />
+		<property name="url" value="jdbc:mysql://www.example.com:3306/test" />
+		<property name="username" value="root" />
+		<property name="password" value="mysecret" />
+		<property name="initialSize" value="30" />
 
-<bean id="sessionFactory"  class="org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean">
-     <property name="dataSource" ref="dataSource"/>
-     
-	    <property name="annotatedClasses">
-	       <list>
-	           <value>com.example.entity.Users</value>
-	        </list>
-	    </property>
-    
-     <property name="hibernateProperties">
-	    <value>
+		<property name="maxActive" value="500" />
+		<property name="maxIdle" value="2" />
+		<property name="minIdle" value="1" />
+	</bean>
+
+	<bean id="sessionFactory" class="org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean">
+		<property name="dataSource" ref="dataSource" />
+
+		<property name="annotatedClasses">
+			<list>
+				<value>com.example.entity.Users</value>
+			</list>
+		</property>
+
+		<property name="hibernateProperties">
+			<value>
 	        	hibernate.dialect=org.hibernate.dialect.MySQLDialect
 	        	hibernate.hbm2ddl.auto=update
 				hibernate.show_sql=true
 				hibernate.cache.use_second_level_cache=false
         	    hibernate.cache.provider_class=org.hibernate.cache.internal.NoCacheProvider
         	    hibernate.generate_statistics=true	      
 	    </value>
-    </property>
-</bean>
+		</property>
+	</bean>
 </beans>

java/ql/test/experimental/query-tests/security/CWE-555/context.xml

@@ -1,31 +1,15 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <Context>
-    <!-- BAD: Password of datasource is in not encrypted -->
-    <Resource name="jdbc/exampleDS1" auth="Container" type="javax.sql.DataSource"
-               maxTotal="100" maxIdle="30" maxWaitMillis="10000"
-               username="root" password="1234"
-               driverClassName="com.mysql.jdbc.Driver"
-               url="jdbc:mysql://www.example1.com:3306/proj"/>
+    <!-- BAD: Password of datasource is not encrypted -->
+    <Resource name="jdbc/exampleDS1" auth="Container" type="javax.sql.DataSource" maxTotal="100" maxIdle="30" maxWaitMillis="10000" username="root" password="1234" driverClassName="com.mysql.jdbc.Driver" url="jdbc:mysql://www.example1.com:3306/proj" />
 
     <!-- GOOD: Password is encrypted and stored in a password vault -->
-    <Resource name="jdbc/exampleDS2" auth="Container" type="javax.sql.DataSource"
-               maxTotal="100" maxIdle="30" maxWaitMillis="10000"
-               username="root" password="${VAULT::exampleDS2::password::N2NhZDYzOTMtNWE0OS00ZGQ0LWE4MmEtMWNlMDMyNDdmNmI2TElORV9CUkVBS3ZhdWx0}"
-               driverClassName="com.mysql.jdbc.Driver"
-               url="jdbc:mysql://www.example2.com:3306/proj"/>
+    <Resource name="jdbc/exampleDS2" auth="Container" type="javax.sql.DataSource" maxTotal="100" maxIdle="30" maxWaitMillis="10000" username="root" password="${VAULT::exampleDS2::password::N2NhZDYzOTMtNWE0OS00ZGQ0LWE4MmEtMWNlMDMyNDdmNmI2TElORV9CUkVBS3ZhdWx0}" driverClassName="com.mysql.jdbc.Driver" url="jdbc:mysql://www.example2.com:3306/proj" />
 
     <!-- GOOD: Password is not stored in the configuration file -->
-    <Resource name="jdbc/exampleDS3" auth="Container" type="javax.sql.DataSource"
-               maxTotal="100" maxIdle="30" maxWaitMillis="10000"
-               username="root" password="${jdbc.password}"
-               driverClassName="com.mysql.jdbc.Driver"
-               url="jdbc:mysql://www.example3.com:3306/proj"/>
+    <Resource name="jdbc/exampleDS3" auth="Container" type="javax.sql.DataSource" maxTotal="100" maxIdle="30" maxWaitMillis="10000" username="root" password="${jdbc.password}" driverClassName="com.mysql.jdbc.Driver" url="jdbc:mysql://www.example3.com:3306/proj" />
 
     <!-- GOOD: Password is encrypted -->
-    <Resource name="jdbc/exampleDS4" auth="Container" type="javax.sql.DataSource"
-               maxTotal="100" maxIdle="30" maxWaitMillis="10000"
-               username="root" password="Tg2Nn7wUZOQ6Xc+1lenkZTQ9ZDf9a2/RBRiqJBCIX6o="
-               driverClassName="com.mysql.jdbc.Driver"
-               url="jdbc:mysql://www.example4.com:3306/proj"/>
-               
+    <Resource name="jdbc/exampleDS4" auth="Container" type="javax.sql.DataSource" maxTotal="100" maxIdle="30" maxWaitMillis="10000" username="root" password="Tg2Nn7wUZOQ6Xc+1lenkZTQ9ZDf9a2/RBRiqJBCIX6o=" driverClassName="com.mysql.jdbc.Driver" url="jdbc:mysql://www.example4.com:3306/proj" />
+
 </Context>