mirror of
https://github.com/github/codeql.git
synced 2026-04-30 11:15:13 +02:00
JS: fix typos in comments
This commit is contained in:
Nick Rolfe
@@ -34,7 +34,7 @@ class IdorTaint extends TaintTracking::Configuration {
|
||||
}
|
||||
|
||||
/**
|
||||
* A sanitizer for values that have succesfully been compared to another value.
|
||||
* A sanitizer for values that have successfully been compared to another value.
|
||||
*/
|
||||
class EqualityGuard extends TaintTracking::SanitizerGuardNode, ValueNode {
|
||||
override EqualityTest astNode;
|
||||
|
||||
@@ -68,7 +68,7 @@ private predicate hasDefaultExport(ES2015Module mod) {
|
||||
* Holds if `mod` contains both named and `default` exports.
|
||||
*
|
||||
* This is used to determine whether a default-import of the module should be reinterpreted
|
||||
* as a namespace-import, to accomodate the non-standard behavior implemented by some compilers.
|
||||
* as a namespace-import, to accommodate the non-standard behavior implemented by some compilers.
|
||||
*/
|
||||
private predicate hasBothNamedAndDefaultExports(ES2015Module mod) {
|
||||
hasNamedExports(mod) and
|
||||
@@ -615,7 +615,7 @@ class ReExportDefaultSpecifier extends ExportDefaultSpecifier {
|
||||
}
|
||||
|
||||
/**
|
||||
* A namespace export specifier, that is `*` or `* as x` occuring in an export declaration.
|
||||
* A namespace export specifier, that is `*` or `* as x` occurring in an export declaration.
|
||||
*
|
||||
* Examples:
|
||||
*
|
||||
|
||||
@@ -2904,7 +2904,7 @@ class ImportMetaExpr extends @import_meta_expr, Expr {
|
||||
* let data2 = {{{ user_data2 }}};
|
||||
* ```
|
||||
*
|
||||
* Note that templating placeholders occuring inside strings literals are not parsed,
|
||||
* Note that templating placeholders occurring inside strings literals are not parsed,
|
||||
* and are simply seen as being part of the string literal.
|
||||
* For example, following snippet does not contain any `GeneratedCodeExpr` nodes:
|
||||
* ```js
|
||||
|
||||
@@ -420,7 +420,7 @@ module AccessPath {
|
||||
*/
|
||||
module DominatingPaths {
|
||||
/**
|
||||
* A classification of acccess paths into reads and writes.
|
||||
* A classification of access paths into reads and writes.
|
||||
*/
|
||||
private newtype AccessPathKind =
|
||||
AccessPathRead() or
|
||||
|
||||
@@ -193,7 +193,7 @@ private module PrintJavaScript {
|
||||
|
||||
/**
|
||||
* Gets the `i`th child of `element`.
|
||||
* Can be overriden in subclasses to get more specific behavior for `getChild()`.
|
||||
* Can be overridden in subclasses to get more specific behavior for `getChild()`.
|
||||
*/
|
||||
AstNode getChildNode(int childIndex) { result = getLocationSortedChild(element, childIndex) }
|
||||
}
|
||||
|
||||
@@ -1309,7 +1309,7 @@ module RegExp {
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `term` can match any occurence of `char` within a string (not taking into account
|
||||
* Holds if `term` can match any occurrence of `char` within a string (not taking into account
|
||||
* the context in which `term` appears).
|
||||
*
|
||||
* This predicate is under-approximate and never considers sequences to guarantee a match.
|
||||
|
||||
@@ -226,7 +226,7 @@ class ArgumentsVariable extends Variable {
|
||||
*/
|
||||
class VarRef extends @varref, Identifier, BindingPattern, LexicalRef {
|
||||
/** Gets the variable this identifier refers to. */
|
||||
override Variable getVariable() { none() } // Overriden in VarAccess and VarDecl
|
||||
override Variable getVariable() { none() } // Overridden in VarAccess and VarDecl
|
||||
|
||||
override string getName() { result = Identifier.super.getName() }
|
||||
|
||||
|
||||
@@ -413,7 +413,7 @@ module Fastify {
|
||||
/**
|
||||
* A call to `rep.view('file', { ... })`, seen as a template instantiation.
|
||||
*
|
||||
* Assumes the presense of a plugin that provides the `view` method, such as the `point-of-view` plugin.
|
||||
* Assumes the presence of a plugin that provides the `view` method, such as the `point-of-view` plugin.
|
||||
*/
|
||||
private class ViewCall extends Templating::TemplateInstantiation::Range, DataFlow::CallNode {
|
||||
ViewCall() { this = any(ReplySource rep).ref().getAMethodCall("view") }
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
import javascript
|
||||
|
||||
/**
|
||||
* Provides classes and predicates modeling the `jwt-decode` libary.
|
||||
* Provides classes and predicates modeling the `jwt-decode` library.
|
||||
*/
|
||||
private module JwtDecode {
|
||||
/**
|
||||
@@ -23,7 +23,7 @@ private module JwtDecode {
|
||||
}
|
||||
|
||||
/**
|
||||
* Provides classes and predicates modeling the `jsonwebtoken` libary.
|
||||
* Provides classes and predicates modeling the `jsonwebtoken` library.
|
||||
*/
|
||||
private module JsonWebToken {
|
||||
/**
|
||||
|
||||
@@ -74,7 +74,7 @@ module Koa {
|
||||
* Gets a reference to a request parameter defined by this route handler.
|
||||
*/
|
||||
DataFlow::Node getARequestParameterAccess() {
|
||||
none() // overriden in subclasses.
|
||||
none() // overridden in subclasses.
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -951,7 +951,7 @@ module Redux {
|
||||
)
|
||||
}
|
||||
|
||||
/** Gets the block to execute when `case` matches sucessfully. */
|
||||
/** Gets the block to execute when `case` matches successfully. */
|
||||
private BasicBlock getCaseBlock(SwitchCase case) {
|
||||
result = case.getBodyStmt(0).getBasicBlock()
|
||||
or
|
||||
|
||||
@@ -45,7 +45,7 @@ private DataFlow::Node pipeOutput(DataFlow::CallNode pipe) {
|
||||
/**
|
||||
* Holds if `pipe` acts as the identity function for success values.
|
||||
*
|
||||
* We currently lack a data-flow node to represent its input/ouput so it must
|
||||
* We currently lack a data-flow node to represent its input/output so it must
|
||||
* be special-cased.
|
||||
*/
|
||||
private predicate isIdentityPipe(DataFlow::CallNode pipe) {
|
||||
|
||||
@@ -227,7 +227,7 @@ module Vuex {
|
||||
result = getAMappedAccess(getMapHelperForCommitKind(kind), name).getParameter(0).getARhs()
|
||||
}
|
||||
|
||||
/** Gets a node that refers the payload of a comitted mutation with the given `name.` */
|
||||
/** Gets a node that refers the payload of a committed mutation with the given `name.` */
|
||||
private DataFlow::Node committedPayloadSucc(string kind, string name) {
|
||||
// mutations: {
|
||||
// name: (state, payload) => { ... }
|
||||
|
||||
@@ -59,7 +59,7 @@
|
||||
* A `(package,type)` pair may refer to a static type or a synthetic type name used internally in the model.
|
||||
* Synthetic type names can be used to reuse intermediate sub-paths, when there are multiple ways to access the same
|
||||
* element.
|
||||
* See `ModelsAsData.qll` for the langauge-specific interpretation of packages and static type names.
|
||||
* See `ModelsAsData.qll` for the language-specific interpretation of packages and static type names.
|
||||
*
|
||||
* By convention, if one wants to avoid clashes with static types from the package, the type name
|
||||
* should be prefixed with a tilde character (`~`). For example, `(foo, ~Bar)` can be used to indicate that
|
||||
@@ -396,7 +396,7 @@ predicate isValidTokenNameInIdentifyingAccessPath(string name) {
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `name` is a valid name for an access path token with no arguments, occuring
|
||||
* Holds if `name` is a valid name for an access path token with no arguments, occurring
|
||||
* in an identifying access path.
|
||||
*/
|
||||
bindingset[name]
|
||||
|
||||
@@ -233,7 +233,7 @@ predicate isExtraValidTokenNameInIdentifyingAccessPath(string name) {
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `name` is a valid name for an access path token with no arguments, occuring
|
||||
* Holds if `name` is a valid name for an access path token with no arguments, occurring
|
||||
* in an identifying access path.
|
||||
*/
|
||||
predicate isExtraValidNoArgumentTokenInIdentifyingAccessPath(string name) {
|
||||
|
||||
@@ -307,7 +307,7 @@ private module JQueryClientRequest {
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets a node refering to the response contained in an `jqXHR` object.
|
||||
* Gets a node referring to the response contained in an `jqXHR` object.
|
||||
*/
|
||||
private DataFlow::SourceNode getAResponseNodeFromAnXHRObject(DataFlow::SourceNode obj) {
|
||||
result =
|
||||
|
||||
@@ -28,14 +28,14 @@ private module RegexpMatching {
|
||||
* but if `ignorePrefix` is true, it will only match "foo".
|
||||
*/
|
||||
predicate test(string str, boolean ignorePrefix) {
|
||||
none() // maybe overriden in subclasses
|
||||
none() // maybe overridden in subclasses
|
||||
}
|
||||
|
||||
/**
|
||||
* Same as `test(..)`, but where the `fillsCaptureGroup` afterwards tells which capture groups were filled by the given string.
|
||||
*/
|
||||
predicate testWithGroups(string str, boolean ignorePrefix) {
|
||||
none() // maybe overriden in subclasses
|
||||
none() // maybe overridden in subclasses
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -52,7 +52,7 @@ module CodeInjection {
|
||||
}
|
||||
|
||||
/**
|
||||
* A template tag occuring in JS code, viewed as a code injection sink.
|
||||
* A template tag occurring in JS code, viewed as a code injection sink.
|
||||
*/
|
||||
class TemplateTagInScriptSink extends Sink {
|
||||
TemplateTagInScriptSink() {
|
||||
|
||||
@@ -132,7 +132,7 @@ module IndirectCommandInjection {
|
||||
}
|
||||
|
||||
/**
|
||||
* An array of command line arguments (`argv`) parsed by the `yargs` libary.
|
||||
* An array of command line arguments (`argv`) parsed by the `yargs` library.
|
||||
*/
|
||||
class YargsArgv extends Source {
|
||||
YargsArgv() {
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
/**
|
||||
* Provides a taint-tracking configuration for reasoning about code
|
||||
* constructed from libary input vulnerabilities.
|
||||
* constructed from library input vulnerabilities.
|
||||
*
|
||||
* Note, for performance reasons: only import this file if
|
||||
* `UnsafeCodeConstruction::Configuration` is needed, otherwise
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
/**
|
||||
* Provides default sources, sinks and sanitizers for reasoning about code
|
||||
* constructed from libary input vulnerabilities, as well as extension points for
|
||||
* constructed from library input vulnerabilities, as well as extension points for
|
||||
* adding your own.
|
||||
*/
|
||||
|
||||
|
||||
@@ -45,7 +45,7 @@ module UnsafeHtmlConstruction {
|
||||
/**
|
||||
* Gets the kind of vulnerability to report in the alert message.
|
||||
*
|
||||
* Defaults to `Cross-site scripting`, but may be overriden for sinks
|
||||
* Defaults to `Cross-site scripting`, but may be overridden for sinks
|
||||
* that do not allow script injection, but injection of other undesirable HTML elements.
|
||||
*/
|
||||
abstract string getVulnerabilityKind();
|
||||
|
||||
@@ -14,7 +14,7 @@ module Shared {
|
||||
/**
|
||||
* Gets the kind of vulnerability to report in the alert message.
|
||||
*
|
||||
* Defaults to `Cross-site scripting`, but may be overriden for sinks
|
||||
* Defaults to `Cross-site scripting`, but may be overridden for sinks
|
||||
* that do not allow script injection, but injection of other undesirable HTML elements.
|
||||
*/
|
||||
string getVulnerabilityKind() { result = "Cross-site scripting" }
|
||||
|
||||
@@ -51,7 +51,7 @@
|
||||
* either a single character, a set of characters represented by a
|
||||
* character class, or the set of all characters.
|
||||
* * The product automaton is constructed lazily, starting with pair states
|
||||
* `(q, q)` where `q` is a fork, and proceding along an over-approximate
|
||||
* `(q, q)` where `q` is a fork, and proceeding along an over-approximate
|
||||
* step relation.
|
||||
* * The over-approximate step relation allows transitions along pairs of
|
||||
* abstract input symbols where the symbols have overlap in the characters they accept.
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/**
|
||||
* @name Unsafe code constructed from libary input
|
||||
* @name Unsafe code constructed from library input
|
||||
* @description Using externally controlled strings to construct code may allow a malicious
|
||||
* user to execute arbitrary code.
|
||||
* @kind path-problem
|
||||
|
||||
@@ -13,7 +13,7 @@ import javascript
|
||||
|
||||
/**
|
||||
* An operation that inserts or removes elements from an array while shifting all elements
|
||||
* occuring after the insertion/removal point.
|
||||
* occurring after the insertion/removal point.
|
||||
*
|
||||
* Does not include `push` and `pop` since these never shift any elements.
|
||||
*/
|
||||
|
||||
Reference in New Issue
Block a user