Update java/ql/test/query-tests/security/CWE-501/TrustBoundaryViolations.java

MarkLee131 · Copilot · web-flow · commit 258a53e146c7 · 2026-04-04T22:02:00.000+08:00
Co-authored-by: Copilot &lt;175728472+Copilot@users.noreply.github.com&gt;
diff --git a/java/ql/test/query-tests/security/CWE-501/TrustBoundaryViolations.java b/java/ql/test/query-tests/security/CWE-501/TrustBoundaryViolations.java
@@ -32,7 +32,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response) {
         } catch (Exception e) {
         }
 
-        // GOOD: Bean Validation @Pattern annotation constrains the input via regex.
+        // GOOD: A direct String.matches(...) regex check constrains the input before it is written to the session.
         String input4 = request.getParameter("input4");
         if (input4.matches("[a-zA-Z0-9]+")) {
             request.getSession().setAttribute("input4", input4);

Original file line number	Diff line number	Diff line change
`@@ -32,7 +32,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response) {`
`32`	`32`	`} catch (Exception e) {`
`33`	`33`	`}`
`34`	`34`
`35`		`- // GOOD: Bean Validation @Pattern annotation constrains the input via regex.`
	`35`	`+ // GOOD: A direct String.matches(...) regex check constrains the input before it is written to the session.`
`36`	`36`	`String input4 = request.getParameter("input4");`
`37`	`37`	`if (input4.matches("[a-zA-Z0-9]+")) {`
`38`	`38`	`request.getSession().setAttribute("input4", input4);`