From 929090a8470dc790a455f068d9bd9fbca62e0126 Mon Sep 17 00:00:00 2001
From: Edward Minnix III <egregius313@github.com>
Date: Wed, 26 Jul 2023 09:58:56 -0400
Subject: [PATCH] Typos and style fixes

Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
---
 java/ql/src/Security/CWE/CWE-501/TrustBoundaryFixed.java    | 2 +-
 .../src/Security/CWE/CWE-501/TrustBoundaryVulnerable.java   | 2 +-
 .../2023-07-25-trust-boundary-violation-query.md            | 2 +-
 .../security/CWE-501/TrustBoundaryViolations.java           | 6 +++---
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/java/ql/src/Security/CWE/CWE-501/TrustBoundaryFixed.java b/java/ql/src/Security/CWE/CWE-501/TrustBoundaryFixed.java
index d9d3a29f314..50f14c0bc4f 100644
--- a/java/ql/src/Security/CWE/CWE-501/TrustBoundaryFixed.java
+++ b/java/ql/src/Security/CWE/CWE-501/TrustBoundaryFixed.java
@@ -2,7 +2,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response) {
     String username = request.getParameter("username");
 
     if (validator.isValidInput("HTTP parameter", username, "username", 20, false)) {
-        // GOOD: The input is sanitized before being written to the response.
+        // GOOD: The input is sanitized before being written to the session.
         request.getSession().setAttribute("username", username);
     }
 }
\ No newline at end of file
diff --git a/java/ql/src/Security/CWE/CWE-501/TrustBoundaryVulnerable.java b/java/ql/src/Security/CWE/CWE-501/TrustBoundaryVulnerable.java
index f3a38f8e22f..c6174b7113e 100644
--- a/java/ql/src/Security/CWE/CWE-501/TrustBoundaryVulnerable.java
+++ b/java/ql/src/Security/CWE/CWE-501/TrustBoundaryVulnerable.java
@@ -1,6 +1,6 @@
 public void doGet(HttpServletRequest request, HttpServletResponse response) {
     String username = request.getParameter("username");
 
-    // BAD: The input is written to the response without being sanitized.
+    // BAD: The input is written to the session without being sanitized.
     request.getSession().setAttribute("username", username);
 }
\ No newline at end of file
diff --git a/java/ql/src/change-notes/2023-07-25-trust-boundary-violation-query.md b/java/ql/src/change-notes/2023-07-25-trust-boundary-violation-query.md
index 42ee360ec1a..df2e8aecf79 100644
--- a/java/ql/src/change-notes/2023-07-25-trust-boundary-violation-query.md
+++ b/java/ql/src/change-notes/2023-07-25-trust-boundary-violation-query.md
@@ -1,5 +1,5 @@
 ---
 category: newQuery
 ---
-* Added the `java/trust-boundary-violation` query to detect trust boundary violations between http requests and the http session.
+* Added the `java/trust-boundary-violation` query to detect trust boundary violations between HTTP requests and the HTTP session.
 
diff --git a/java/ql/test/query-tests/security/CWE-501/TrustBoundaryViolations.java b/java/ql/test/query-tests/security/CWE-501/TrustBoundaryViolations.java
index 9f9be44c972..dc45f7e6604 100644
--- a/java/ql/test/query-tests/security/CWE-501/TrustBoundaryViolations.java
+++ b/java/ql/test/query-tests/security/CWE-501/TrustBoundaryViolations.java
@@ -10,14 +10,14 @@ public class TrustBoundaryViolations extends HttpServlet {
     public void doGet(HttpServletRequest request, HttpServletResponse response) {
         String input = request.getParameter("input");
 
-        // BAD: The input is written to the response without being sanitized.
+        // BAD: The input is written to the session without being sanitized.
         request.getSession().setAttribute("input", input); // $ hasTaintFlow
 
         String input2 = request.getParameter("input2");
 
         try {
             String sanitized = validator.getValidInput("HTTP parameter", input2, "HTTPParameterValue", 100, false);
-            // GOOD: The input is sanitized before being written to the response.
+            // GOOD: The input is sanitized before being written to the session.
             request.getSession().setAttribute("input2", sanitized);
 
         } catch (Exception e) {
@@ -26,7 +26,7 @@ public class TrustBoundaryViolations extends HttpServlet {
         try {
             String input3 = request.getParameter("input3");
             if (validator.isValidInput("HTTP parameter", input3, "HTTPParameterValue", 100, false)) {
-                // GOOD: The input is sanitized before being written to the response.
+                // GOOD: The input is sanitized before being written to the session.
                 request.getSession().setAttribute("input3", input3);
             }
         } catch (Exception e) {