From 258a53e146c7d3ad2fd007c154935e5477e2c13a Mon Sep 17 00:00:00 2001
From: Kaixuan Li <kaixuan.li@ntu.edu.sg>
Date: Sat, 4 Apr 2026 22:02:00 +0800
Subject: [PATCH] Update
 java/ql/test/query-tests/security/CWE-501/TrustBoundaryViolations.java

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 .../query-tests/security/CWE-501/TrustBoundaryViolations.java   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/java/ql/test/query-tests/security/CWE-501/TrustBoundaryViolations.java b/java/ql/test/query-tests/security/CWE-501/TrustBoundaryViolations.java
index 1934e7f5598..f81da8ac8cf 100644
--- a/java/ql/test/query-tests/security/CWE-501/TrustBoundaryViolations.java
+++ b/java/ql/test/query-tests/security/CWE-501/TrustBoundaryViolations.java
@@ -32,7 +32,7 @@ public class TrustBoundaryViolations extends HttpServlet {
         } catch (Exception e) {
         }
 
-        // GOOD: Bean Validation @Pattern annotation constrains the input via regex.
+        // GOOD: A direct String.matches(...) regex check constrains the input before it is written to the session.
         String input4 = request.getParameter("input4");
         if (input4.matches("[a-zA-Z0-9]+")) {
             request.getSession().setAttribute("input4", input4);