Fixed typos

artem-smotrakov · Marcono1234 · web-flow · commit 80ac2aff268c · 2021-04-07T20:55:03.000+03:00
Co-authored-by: Marcono1234 &lt;Marcono1234@users.noreply.github.com&gt;
diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/JakartaExpressionInjection.qhelp b/java/ql/src/experimental/Security/CWE/CWE-094/JakartaExpressionInjection.qhelp
@@ -4,22 +4,22 @@
 <overview>
 <p>
 Jakarta Expression Language (EL) is an expression language for Java applications.
-There are a single language specification and multiple implementations
+There is a single language specification and multiple implementations
 such as Glassfish, Juel, Apache Commons EL, etc.
 The language allows invocation of methods available in the JVM.
 If an expression is built using attacker-controlled data,
-and then evaluated, then it may allow the attacker to run arbitrary code.
+and then evaluated, it may allow the attacker to run arbitrary code.
 </p>
 </overview>
 
 <recommendation>
 <p>
 It is generally recommended to avoid using untrusted data in an EL expression.
-Before using untrusted data to build an EL expressoin, the data should be validated
-to ensure it is not evaluated as expression language. If the EL implementaion offers
-configuring a sandbox for EL expression, they should be run in a restircitive sandbox
+Before using untrusted data to build an EL expression, the data should be validated
+to ensure it is not evaluated as expression language. If the EL implementation offers
+configuring a sandbox for EL expressions, they should be run in a restrictive sandbox
 that allows accessing only explicitly allowed classes. If the EL implementation
-does not allow sandboxing, consider using other expressiong language implementations
+does not support sandboxing, consider using other expression language implementations
 with sandboxing capabilities such as Apache Commons JEXL or the Spring Expression Language.
 </p>
 </recommendation>
@@ -32,9 +32,9 @@ using the JUEL interpreter:
 <sample src="UnsafeExpressionEvaluationWithJUEL.java" />
 
 <p>
-JUEL does not allow to run expression in a sandbox. To prevent running arbitrary code,
-incoming data has to be checked before including to an expression. The next example
-uses a Regex pattern to check whether a user tries to run an allowed exression or not:
+JUEL does not support to run expressions in a sandbox. To prevent running arbitrary code,
+incoming data has to be checked before including it in an expression. The next example
+uses a Regex pattern to check whether a user tries to run an allowed expression or not:
 </p>
 <sample src="SaferExpressionEvaluationWithJUEL.java" />
 
diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/SaferExpressionEvaluationWithJuel.java b/java/ql/src/experimental/Security/CWE/CWE-094/SaferExpressionEvaluationWithJuel.java
@@ -1,10 +1,10 @@
 String input = getRemoteUserInput();
 String pattern = "(inside|outside)\\.(temperature|humidity)";
 if (!input.matches(pattern)) {
-    throw new IllegalArgumentException("Unexpected exression");
+    throw new IllegalArgumentException("Unexpected expression");
 }
 String expression = "${" + input + "}";
 ExpressionFactory factory = new de.odysseus.el.ExpressionFactoryImpl();
 ValueExpression e = factory.createValueExpression(context, expression, Object.class);
 SimpleContext context = getContext();
-Object result = e.getValue(context);
+Object result = e.getValue(context);
