From 172b8a6967d1371b71dfd9017b1e8a3792284c01 Mon Sep 17 00:00:00 2001
From: Ed Minnix <egregius313@github.com>
Date: Tue, 25 Jul 2023 21:11:49 -0400
Subject: [PATCH] Documentation fixes

---
 java/ql/lib/semmle/code/java/frameworks/Servlets.qll          | 1 +
 java/ql/src/Security/CWE/CWE-501/TrustBoundaryViolation.qhelp | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/java/ql/lib/semmle/code/java/frameworks/Servlets.qll b/java/ql/lib/semmle/code/java/frameworks/Servlets.qll
index bc080fcb48f..9c195ecea8d 100644
--- a/java/ql/lib/semmle/code/java/frameworks/Servlets.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/Servlets.qll
@@ -398,6 +398,7 @@ class GetServletResourceAsStreamMethod extends Method {
   }
 }
 
+/** The interface `javax.servlet.http.HttpSession` */
 class HttpServletSession extends RefType {
   HttpServletSession() { this.hasQualifiedName("javax.servlet.http", "HttpSession") }
 }
diff --git a/java/ql/src/Security/CWE/CWE-501/TrustBoundaryViolation.qhelp b/java/ql/src/Security/CWE/CWE-501/TrustBoundaryViolation.qhelp
index d4a5af8ed38..e3491e9bcf8 100644
--- a/java/ql/src/Security/CWE/CWE-501/TrustBoundaryViolation.qhelp
+++ b/java/ql/src/Security/CWE/CWE-501/TrustBoundaryViolation.qhelp
@@ -30,12 +30,12 @@
     <p>
       In the first (bad) example, the server accepts a parameter from the user and uses it to set the username without validation.
     </p>
-    <sample src="examples/TrustBoundaryVulnerable.java" />
+    <sample src="TrustBoundaryVulnerable.java" />
 
     <p>
       In the second (good) example, the server validates the parameter before using it to set the username.
     </p>
-    <sample src="examples/TrustBoundaryFixed.java" />
+    <sample src="TrustBoundaryFixed.java" />
 
   </example>