Typos and style fixes

Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>

Author: egregius313

java/ql/src/Security/CWE/CWE-501/TrustBoundaryFixed.java

@@ -2,7 +2,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response) {
     String username = request.getParameter("username");
 
     if (validator.isValidInput("HTTP parameter", username, "username", 20, false)) {
-        // GOOD: The input is sanitized before being written to the response.
+        // GOOD: The input is sanitized before being written to the session.
         request.getSession().setAttribute("username", username);
     }
 }

java/ql/src/Security/CWE/CWE-501/TrustBoundaryVulnerable.java

@@ -1,6 +1,6 @@
 public void doGet(HttpServletRequest request, HttpServletResponse response) {
     String username = request.getParameter("username");
 
-    // BAD: The input is written to the response without being sanitized.
+    // BAD: The input is written to the session without being sanitized.
     request.getSession().setAttribute("username", username);
 }

java/ql/src/change-notes/2023-07-25-trust-boundary-violation-query.md

@@ -1,5 +1,5 @@
 ---
 category: newQuery
 ---
-* Added the `java/trust-boundary-violation` query to detect trust boundary violations between http requests and the http session.
+* Added the `java/trust-boundary-violation` query to detect trust boundary violations between HTTP requests and the HTTP session.
 

java/ql/test/query-tests/security/CWE-501/TrustBoundaryViolations.java

@@ -10,14 +10,14 @@ public class TrustBoundaryViolations extends HttpServlet {
     public void doGet(HttpServletRequest request, HttpServletResponse response) {
         String input = request.getParameter("input");
 
-        // BAD: The input is written to the response without being sanitized.
+        // BAD: The input is written to the session without being sanitized.
         request.getSession().setAttribute("input", input); // $ hasTaintFlow
 
         String input2 = request.getParameter("input2");
 
         try {
             String sanitized = validator.getValidInput("HTTP parameter", input2, "HTTPParameterValue", 100, false);
-            // GOOD: The input is sanitized before being written to the response.
+            // GOOD: The input is sanitized before being written to the session.
             request.getSession().setAttribute("input2", sanitized);
 
         } catch (Exception e) {
@@ -26,7 +26,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response) {
         try {
             String input3 = request.getParameter("input3");
             if (validator.isValidInput("HTTP parameter", input3, "HTTPParameterValue", 100, false)) {
-                // GOOD: The input is sanitized before being written to the response.
+                // GOOD: The input is sanitized before being written to the session.
                 request.getSession().setAttribute("input3", input3);
             }
         } catch (Exception e) {