Apply suggestions from code review

Co-authored-by: Harry Maclean <hmac@github.com>

ruby/ql/src/queries/security/cwe-209/StackTraceExposure.qhelp

@@ -33,7 +33,7 @@ Either suppress the stack trace entirely, or log it only on the server.
 <example>
 <p>
 In the following example, an exception is handled in two different ways. In the
-first version, labeled BAD, the exception is exposted to the remote user by
+first version, labeled BAD, the exception is exposed to the remote user by
 rendering it as an HTTP response. As such, the user is able to see a detailed
 stack trace, which may contain sensitive information. In the second version, the
 error message is logged only on the server, and a generic error message is

ruby/ql/src/queries/security/cwe-209/examples/StackTraceExposure.rb

@@ -4,15 +4,15 @@ class UsersController < ApplicationController
     do_computation()
   rescue => e
     # BAD
-    render e.backtrace, content_type: "text/plain"
+    render body: e.backtrace, content_type: "text/plain"
   end
 
   def update_good(id)
     do_computation()
   rescue => e
     # GOOD
-    log e.backtrace
-    redner "Computation failed", content_type: "text/plain"
+    logger.error e.backtrace
+    render body: "Computation failed", content_type: "text/plain"
   end
 
 end

ruby/ql/test/query-tests/security/cwe-209/StackTraceExposure.expected

@@ -1,10 +1,10 @@
 edges
-| StackTraceExposure.rb:11:10:11:17 | call to caller :  | StackTraceExposure.rb:12:12:12:13 | bt |
+| StackTraceExposure.rb:11:10:11:17 | call to caller :  | StackTraceExposure.rb:12:18:12:19 | bt |
 nodes
-| StackTraceExposure.rb:6:12:6:22 | call to backtrace | semmle.label | call to backtrace |
+| StackTraceExposure.rb:6:18:6:28 | call to backtrace | semmle.label | call to backtrace |
 | StackTraceExposure.rb:11:10:11:17 | call to caller :  | semmle.label | call to caller :  |
-| StackTraceExposure.rb:12:12:12:13 | bt | semmle.label | bt |
+| StackTraceExposure.rb:12:18:12:19 | bt | semmle.label | bt |
 subpaths
 #select
-| StackTraceExposure.rb:6:12:6:22 | call to backtrace | StackTraceExposure.rb:6:12:6:22 | call to backtrace | StackTraceExposure.rb:6:12:6:22 | call to backtrace | $@ can be exposed to an external user. | StackTraceExposure.rb:6:12:6:22 | call to backtrace | Error information |
-| StackTraceExposure.rb:12:12:12:13 | bt | StackTraceExposure.rb:11:10:11:17 | call to caller :  | StackTraceExposure.rb:12:12:12:13 | bt | $@ can be exposed to an external user. | StackTraceExposure.rb:11:10:11:17 | call to caller | Error information |
+| StackTraceExposure.rb:6:18:6:28 | call to backtrace | StackTraceExposure.rb:6:18:6:28 | call to backtrace | StackTraceExposure.rb:6:18:6:28 | call to backtrace | $@ can be exposed to an external user. | StackTraceExposure.rb:6:18:6:28 | call to backtrace | Error information |
+| StackTraceExposure.rb:12:18:12:19 | bt | StackTraceExposure.rb:11:10:11:17 | call to caller :  | StackTraceExposure.rb:12:18:12:19 | bt | $@ can be exposed to an external user. | StackTraceExposure.rb:11:10:11:17 | call to caller | Error information |

ruby/ql/test/query-tests/security/cwe-209/StackTraceExposure.rb

@@ -3,13 +3,13 @@ class FooController < ApplicationController
   def show
     something_that_might_fail()
   rescue => e
-    render e.backtrace, content_type: "text/plain"
+    render body: e.backtrace, content_type: "text/plain"
   end
 
 
   def show2
     bt = caller()
-    render bt, content_type: "text/plain"
+    render body: bt, content_type: "text/plain"
   end
 
 end