From e07dd7aa3e70de58638d3d2f6d941530db95de0e Mon Sep 17 00:00:00 2001
From: Ed Minnix <egregius313@github.com>
Date: Thu, 15 Jun 2023 10:04:59 -0400
Subject: [PATCH] Comments and import fixes

---
 .../security/TrustBoundaryViolationQuery.qll  | 22 ++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/java/ql/lib/semmle/code/java/security/TrustBoundaryViolationQuery.qll b/java/ql/lib/semmle/code/java/security/TrustBoundaryViolationQuery.qll
index 2037abadaac0b..39e0fb3fef1f5 100644
--- a/java/ql/lib/semmle/code/java/security/TrustBoundaryViolationQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/TrustBoundaryViolationQuery.qll
@@ -4,16 +4,29 @@ import java
 private import semmle.code.java.dataflow.DataFlow
 private import semmle.code.java.dataflow.ExternalFlow
 private import semmle.code.java.dataflow.FlowSources
-private import semmle.code.java.frameworks.Servlets
 
-class TrustBoundaryViolationSource extends DataFlow::Node {
-  TrustBoundaryViolationSource() { this.asExpr().getType() instanceof HttpServletRequest }
+/**
+ * A source of data that crosses a trust boundary.
+ */
+abstract class TrustBoundaryViolationSource extends DataFlow::Node { }
+
+/**
+ * A node representing a servlet request.
+ */
+private class ServletRequestSource extends TrustBoundaryViolationSource {
+  ServletRequestSource() { this.asExpr().getType() instanceof HttpServletRequest }
 }
 
+/**
+ * A sink for data that crosses a trust boundary.
+ */
 class TrustBoundaryViolationSink extends DataFlow::Node {
   TrustBoundaryViolationSink() { sinkNode(this, "trust-boundary") }
 }
 
+/**
+ * Taint tracking for data that crosses a trust boundary.
+ */
 module TrustBoundaryConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { source instanceof TrustBoundaryViolationSource }
 
@@ -24,4 +37,7 @@ module TrustBoundaryConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) { sink instanceof TrustBoundaryViolationSink }
 }
 
+/**
+ * Taint-tracking flow for values which cross a trust boundary.
+ */
 module TrustBoundaryFlow = TaintTracking::Global<TrustBoundaryConfig>;