Rust: Cut down the example for readability.

Author: geoffw0

rust/ql/src/queries/security/CWE-295/DisabledCertificateCheck.qhelp

@@ -17,11 +17,11 @@ Do not set <code>danger_accept_invalid_certs</code> or <code>danger_accept_inval
 
 <example>
 <p>
-The following code snippet shows a function that creates a TLS or HTTP client with certificate verification disabled:
+The following code snippet shows a function that creates an HTTP client with certificate verification disabled:
 </p>
 <sample src="DisabledCertificateCheckBad.rs"/>
 <p>
-In production code, always configure clients to verify certificates and hostnames:
+In production code, always configure clients to verify certificates:
 </p>
 <sample src="DisabledCertificateCheckGood.rs"/>
 </example>

rust/ql/src/queries/security/CWE-295/DisabledCertificateCheckBad.rs

@@ -1,12 +1,5 @@
 // BAD: Disabling certificate validation in Rust
 
-// Using native_tls
-let _client = native_tls::TlsConnector::builder()
-    .danger_accept_invalid_certs(true) // disables certificate validation
-    .build()
-    .unwrap();
-
-// Using reqwest
 let _client = reqwest::Client::builder()
     .danger_accept_invalid_certs(true) // disables certificate validation
     .build()

rust/ql/src/queries/security/CWE-295/DisabledCertificateCheckGood.rs

@@ -1,18 +1,10 @@
 // GOOD: Certificate validation is enabled (default)
 
-// Using native_tls
-let _client = native_tls::TlsConnector::builder()
-    .danger_accept_invalid_certs(false) // certificate validation enabled
-    .build()
-    .unwrap();
-
-// Using reqwest
 let _client = reqwest::Client::builder()
-    .danger_accept_invalid_certs(false) // certificate validation enabled
+    .danger_accept_invalid_certs(false) // certificate validation enabled explicitly
     .build()
     .unwrap();
 
-// Or simply use the default builder (safe)
-let _client = native_tls::TlsConnector::builder()
+let _client = native_tls::TlsConnector::builder() // certificate validation enabled by default
     .build()
     .unwrap();