Update java/ql/test/query-tests/security/CWE-501/TrustBoundaryViolations.java

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2026-05-14 11:19:27 +02:00 · 2026-04-04 22:02:00 +08:00
parent 345b842edc
commit 258a53e146
1 changed files with 1 additions and 1 deletions
--- a/java/ql/test/query-tests/security/CWE-501/TrustBoundaryViolations.java
+++ b/java/ql/test/query-tests/security/CWE-501/TrustBoundaryViolations.java
@@ -32,7 +32,7 @@ public class TrustBoundaryViolations extends HttpServlet {
        } catch (Exception e) {
        }

-        // GOOD: Bean Validation @Pattern annotation constrains the input via regex.
+        // GOOD: A direct String.matches(...) regex check constrains the input before it is written to the session.
        String input4 = request.getParameter("input4");
        if (input4.matches("[a-zA-Z0-9]+")) {
            request.getSession().setAttribute("input4", input4);