Update documentation before release

build.gradle

@@ -7,7 +7,7 @@ plugins {
 }
 
 group 'org.tonybaloney.security'
-version '1.13.0'
+version '1.14.0'
 
 repositories {
     mavenCentral()

src/main/resources/docs/STR100.html

@@ -1,9 +1,8 @@
 <h1>STR100</h1>
 <p>String format function allows access to protected attributes, is someone are able to manage the format string can access to sensible information.</p>
 <h2>Example</h2>
-<pre><code class="python">
-CONFIG = {
-    'SECRET_KEY': 'super secret key'
+<pre><code class="python">CONFIG = {
+    &#39;SECRET_KEY&#39;: &#39;super secret key&#39;
 }
 
 class Event(object):
@@ -15,14 +14,14 @@ <h2>Example</h2>
 def format_event(format_string, event):
     return format_string.format(event=event)
 </code></pre>
-<p>If <code>format_event</code> is executed with <code>format_string = "{event.__init__.__globals__[CONFIG][SECRET_KEY]}"</code>, the secret_key will be read</p>
+<p>If <code>format_event</code> is executed with <code>format_string = &quot;{event.__init__.__globals__[CONFIG][SECRET_KEY]}&quot;</code>, the secret_key will be read</p>
 <h2>Fixes</h2>
 <ul>
   <li>Replace using string.Template</li>
   <li>Replace using CustomFormatter(string.Formatter) overwriting the get_field function and disable the access to protected attributes (all with _ at the beginning)</li>
 </ul>
 <h2>See Also</h2>
 <ul>
-    <li><a href="https://lucumr.pocoo.org/2016/12/29/careful-with-str-format/">Be Careful with Python's New-Style String Format</a></li>
-    <li><a href="https://palletsprojects.com/blog/jinja-281-released/">Jinja 2.8.1 Security Release</a>
-</ul>
+  <li><a href="https://lucumr.pocoo.org/2016/12/29/careful-with-str-format/">Be Careful with Python's New-Style String Format</a></li>
+  <li><a href="https://palletsprojects.com/blog/jinja-281-released/">Jinja 2.8.1 Security Release</a></li>
+</ul>

src/main/resources/docs/TRY101.html

@@ -1,10 +1,20 @@
 <h1>TRY100</h1>
 <p>Use of a <code>try</code> ... <code>except</code> block where the except block does not contain anything other than comments and a <code>continue</code> statement is considered bad security practice.</p>
 <p>Whilst an attacker may be trying to exploit exceptions in your code, you should, at the very least, log these exceptions.</p>
+<p>Some runtime errors that may be caused by insufficient permissions should not be allowed to continue control flow, and should stop execution of the program.</p>
+<p>This will only apply to the generic explicit <code>Exception</code> except type, or an empty except type.</p>
 <h2>Example</h2>
+<p>This is bad</p>
 <pre><code class="python">try:
     do_things
-except ThisBadException:
+except Exception:
+    # do nothing!
+    continue
+</code></pre>
+<p>This is also bad</p>
+<pre><code class="python">try:
+    do_things
+except:
     # do nothing!
     continue
 </code></pre>