Documentation fixes

2026-04-21 23:14:03 +02:00 · 2023-07-25 21:11:49 -04:00
parent b567ec875a
commit 172b8a6967
2 changed files with 3 additions and 2 deletions
--- a/java/ql/lib/semmle/code/java/frameworks/Servlets.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/Servlets.qll
@@ -398,6 +398,7 @@ class GetServletResourceAsStreamMethod extends Method {
  }
 }

+/** The interface `javax.servlet.http.HttpSession` */
 class HttpServletSession extends RefType {
  HttpServletSession() { this.hasQualifiedName("javax.servlet.http", "HttpSession") }
 }
--- a/java/ql/src/Security/CWE/CWE-501/TrustBoundaryViolation.qhelp
+++ b/java/ql/src/Security/CWE/CWE-501/TrustBoundaryViolation.qhelp
@@ -30,12 +30,12 @@
    <p>
      In the first (bad) example, the server accepts a parameter from the user and uses it to set the username without validation.
    </p>
-    <sample src="examples/TrustBoundaryVulnerable.java" />
+    <sample src="TrustBoundaryVulnerable.java" />

    <p>
      In the second (good) example, the server validates the parameter before using it to set the username.
    </p>
-    <sample src="examples/TrustBoundaryFixed.java" />
+    <sample src="TrustBoundaryFixed.java" />

  </example>