Comments and import fixes

egregius313 · egregius313 · commit b9f2da787540 · 2023-08-17T13:05:36.000-04:00
diff --git a/java/ql/lib/semmle/code/java/security/TrustBoundaryViolationQuery.qll b/java/ql/lib/semmle/code/java/security/TrustBoundaryViolationQuery.qll
@@ -4,16 +4,29 @@ import java
 private import semmle.code.java.dataflow.DataFlow
 private import semmle.code.java.dataflow.ExternalFlow
 private import semmle.code.java.dataflow.FlowSources
-private import semmle.code.java.frameworks.Servlets
 
-class TrustBoundaryViolationSource extends DataFlow::Node {
-  TrustBoundaryViolationSource() { this.asExpr().getType() instanceof HttpServletRequest }
+/**
+ * A source of data that crosses a trust boundary.
+ */
+abstract class TrustBoundaryViolationSource extends DataFlow::Node { }
+
+/**
+ * A node representing a servlet request.
+ */
+private class ServletRequestSource extends TrustBoundaryViolationSource {
+  ServletRequestSource() { this.asExpr().getType() instanceof HttpServletRequest }
 }
 
+/**
+ * A sink for data that crosses a trust boundary.
+ */
 class TrustBoundaryViolationSink extends DataFlow::Node {
   TrustBoundaryViolationSink() { sinkNode(this, "trust-boundary") }
 }
 
+/**
+ * Taint tracking for data that crosses a trust boundary.
+ */
 module TrustBoundaryConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { source instanceof TrustBoundaryViolationSource }
 
@@ -24,4 +37,7 @@ module TrustBoundaryConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) { sink instanceof TrustBoundaryViolationSink }
 }
 
+/**
+ * Taint-tracking flow for values which cross a trust boundary.
+ */
 module TrustBoundaryFlow = TaintTracking::Global<TrustBoundaryConfig>;
