Include suggestions from review

Author: Porcupiney Hairs

java/ql/src/experimental/Security/CWE/CWE-094/TemplateInjection.qhelp

@@ -16,14 +16,14 @@
       <code>code</code>
       is used as a Velocity template string. This can lead to remote code execution.
     </p>
-    <sample src="SSTIBad.py" />
+    <sample src="SSTIBad.java" />
 
     <p>
       In the next example the problem is avoided by using a fixed template string
       <code>s</code>
       . Since, the template is not attacker controlled in this case, we prevent untrusted code execution.
     </p>
-    <sample src="SSTIGood.py" />
+    <sample src="SSTIGood.java" />
   </example>
   <references>
     <li>Portswigger : [Server Side Template Injection](https://portswigger.net/web-security/server-side-template-injection)</li>

java/ql/test/experimental/query-tests/security/CWE-094/JinJavaSSTI.java

@@ -21,7 +21,7 @@ public void bad1(HttpServletRequest request) {
 		String template = request.getParameter("template");
 		Jinjava jinjava = new Jinjava();
 		Map<String, Object> context = new HashMap<>();
-		// String render​(String template, Map<String,​?> bindings)
+		// String render(String template, Map<String,​?> bindings)
 		String renderedTemplate = jinjava.render(template, context);
 	}