Documentation fixes

egregius313 · egregius313 · commit 4eb1035dfef2 · 2023-08-17T13:05:38.000-04:00
diff --git a/docs/codeql/codeql-language-guides/customizing-library-models-for-java.rst b/docs/codeql/codeql-language-guides/customizing-library-models-for-java.rst
@@ -349,7 +349,7 @@ The following sink kinds are supported:
 - **response-splitting**: A sink that can be used for HTTP response splitting, such as in calls to **HttpServletResponse.setHeader**.
 - **sql-injection**: A sink that can be used for SQL injection, such as in a **Statement.executeQuery** call.
 - **template-injection**: A sink that can be used for server side template injection, such as in a **Velocity.evaluate** call.
-- **trust-boundary-violation**: A sink that can be used to cross a trust boundary, such as a server's HTTP Session.
+- **trust-boundary-violation**: A sink that can be used to cross a trust boundary, such as in a **HttpSession.setAttribute** call.
 - **url-redirection**: A sink that can be used to redirect the user to a malicious URL, such as in a **Response.temporaryRedirect** call.
 - **xpath-injection**: A sink that can be used for XPath injection, such as in a **XPath.evaluate** call.
 - **xslt-injection**: A sink that can be used for XSLT injection, such as in a **Transformer.transform** call.
diff --git a/java/ql/src/change-notes/2023-07-25-trust-boundary-violation-query.md b/java/ql/src/change-notes/2023-07-25-trust-boundary-violation-query.md
@@ -1,5 +1,5 @@
 ---
 category: newQuery
 ---
-* Added the `java/trust-boundary-violation` query to detect trust boundary violations between HTTP requests and the HTTP session.
+* Added the `java/trust-boundary-violation` query to detect trust boundary violations between HTTP requests and the HTTP session. Also added the `trust-boundary-violation` sink kind for sinks which may cross a trust boundary, such as calls to the `HttpSession#setAttribute` method.
 
