fix consistency and spelling in the documentation

suggestions from the documentation team Co-Authored-By: shati-patel <42641846+shati-patel@users.noreply.github.com>
2025-12-17 01:03:14 +01:00 · 2019-09-13 14:52:11 +01:00
parent c4f27ed4cc
commit 3fb64abb09
10 changed files with 24 additions and 24 deletions
--- a/change-notes/1.23/analysis-javascript.md
+++ b/change-notes/1.23/analysis-javascript.md
@@ -14,7 +14,7 @@
 | **Query**                                                                 | **Tags**                                                          | **Purpose**                                                                                                                                                                            |
 |---------------------------------------------------------------------------|-------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | Unused index variable (`js/unused-index-variable`)                        | correctness                                                       | Highlights loops that iterate over an array, but do not use the index variable to access array elements, indicating a possible typo or logic error. Results are shown on LGTM by default. |
-| Tainted .length in loop condition (`js/loop-bound-injection`)             | security                                                          | Highlights loops where a user-controlled object with an arbitrary .length value can trick the server to loop infinitely. Results are not shown on LGTM by default. |
+| Tainted .length in loop condition (`js/loop-bound-injection`)             | security                                                          | Highlights loops where a user-controlled object with an arbitrary .length value can trick the server to loop indefinitely. Results are not shown on LGTM by default. |

 ## Changes to existing queries

--- a/javascript/ql/src/Security/CWE-834/LoopBoundInjection.qhelp
+++ b/javascript/ql/src/Security/CWE-834/LoopBoundInjection.qhelp
@@ -36,7 +36,7 @@
 		This is not secure since an attacker can control the value of
 		<code>obj.length</code>, and thereby cause the loop to iterate
 		indefinitely. Here the potential DoS is fixed by enforcing that
-		the user controlled object is an array.
+		the user-controlled object is an array.
 	</p>

 	<sample src="examples/LoopBoundInjection_fixed.js" />
--- a/javascript/ql/src/Security/CWE-834/examples/LoopBoundInjection.js
+++ b/javascript/ql/src/Security/CWE-834/examples/LoopBoundInjection.js
@@ -6,8 +6,8 @@ app.post("/foo", (req, res) => {

    var ret = [];

-    // potential DoS if obj.length is large.
+    // Potential DoS if obj.length is large.
    for (var i = 0; i < obj.length; i++) {
        ret.push(obj[i]);
    }
-});
+});
--- a/javascript/ql/src/Security/CWE-834/examples/LoopBoundInjection_fixed.js
+++ b/javascript/ql/src/Security/CWE-834/examples/LoopBoundInjection_fixed.js
@@ -4,7 +4,7 @@ var app = express();
 app.post("/foo", (req, res) => {
    var obj = req.body;
    
-    if (!(obj instanceof Array)) { // prevents DoS
+    if (!(obj instanceof Array)) { // Prevents DoS.
        return [];
    }

--- a/javascript/ql/src/semmle/javascript/security/dataflow/LoopBoundInjection.qll
+++ b/javascript/ql/src/semmle/javascript/security/dataflow/LoopBoundInjection.qll
@@ -1,6 +1,6 @@
 /**
 * Provides a taint tracking configuration for reasoning about DoS attacks
- * using a user controlled object with an unbounded .length property.
+ * using a user-controlled object with an unbounded .length property.
 *
 * Note, for performance reasons: only import this file if
 * `LoopBoundInjection::Configuration` is needed, otherwise
@@ -14,7 +14,7 @@ module LoopBoundInjection {
  import LoopBoundInjectionCustomizations::LoopBoundInjection

  /**
-   * A taint-tracking configuration for reasoning about looping on tainted objects with unbounded length.
+   * A taint tracking configuration for reasoning about looping on tainted objects with unbounded length.
   */
  class Configuration extends TaintTracking::Configuration {
    Configuration() { this = "LoopBoundInjection" }
--- a/javascript/ql/src/semmle/javascript/security/dataflow/LoopBoundInjectionCustomizations.qll
+++ b/javascript/ql/src/semmle/javascript/security/dataflow/LoopBoundInjectionCustomizations.qll
@@ -1,5 +1,5 @@
 /**
- * Provides default sources, sinks and sanitisers for reasoning about
+ * Provides default sources, sinks, and sanitizers for reasoning about
 * DoS attacks using objects with unbounded length property,
 * as well as extension points for adding your own.
 */
@@ -56,7 +56,7 @@ module LoopBoundInjection {
    }

    /**
-     * Gets the length read in the loop test
+     * Gets the length read in the loop test.
     */
    DataFlow::PropRead getLengthRead() { result = lengthRead }

@@ -200,7 +200,7 @@ module LoopBoundInjection {
              isCrashingWithNullValues(throws)
            )
            or
-            // similar to the loop sink - the existence of an early-exit usually means that no DoS can happen.
+            // Similar to the loop sink - the existence of an early-exit usually means that no DoS can happen.
            exists(ThrowStmt throw |
              throw.getTarget() = func.asExpr()
            )
@@ -259,7 +259,7 @@ module LoopBoundInjection {
  /**
   * A sanitizer that blocks taint flow if the length of an array is limited.
   *
-   * Also implicitly makes sure that only the first DoS-prone loop is selected by the query. (as the .length test has outcome=false when exiting the loop).
+   * Also implicitly makes sure that only the first DoS-prone loop is selected by the query (as the .length test has outcome=false when exiting the loop).
   */
  class LengthCheckSanitizerGuard extends TaintTracking::LabeledSanitizerGuardNode,
    DataFlow::ValueNode {
--- a/javascript/ql/test/query-tests/Security/CWE-834/LoopBoundInjectionBad.js
+++ b/javascript/ql/test/query-tests/Security/CWE-834/LoopBoundInjectionBad.js
@@ -42,7 +42,7 @@ function useLengthIndirectly(val) {
    }
 }

-// the obvious null-pointer detection should not hit this one.
+// The obvious null-pointer detection should not hit this one.
 function noNullPointer(val) {
    var ret = [];

@@ -50,7 +50,7 @@ function noNullPointer(val) {

    for (var i = 0; i < val.length; i++) { // NOT OK!
        
-        // constantly accessing element 0, therefore not guaranteed null-pointer.
+        // Constantly accessing element 0, therefore not guaranteed null-pointer.
        ret.push(val[c].foo); 
    }
-}
+}
--- a/javascript/ql/test/query-tests/Security/CWE-834/LoopBoundInjectionExitBad.js
+++ b/javascript/ql/test/query-tests/Security/CWE-834/LoopBoundInjectionExitBad.js
@@ -36,7 +36,7 @@ function throws(val) {
 		  try {
 			  throw 2; // Is caught, and therefore the DoS is not prevented.
 		  } catch(e) {
-			  // ignored
+			  // Ignored.
 		  }
 	  }
      ret.push(val[i]);
@@ -60,9 +60,9 @@ function lodashThrow(val) { // NOT OK!
 	_.map(val, function (e) {
 		if (!e) {
 			try {
-				throw new Error(); // Does not prevent DoS
+				throw new Error(); // Does not prevent DoS.
 			} catch(e) {
-				// ignored.
+				// Ignored.
 			}
 		}
 	})
--- a/javascript/ql/test/query-tests/Security/CWE-834/LoopBoundInjectionExitGood.js
+++ b/javascript/ql/test/query-tests/Security/CWE-834/LoopBoundInjectionExitGood.js
@@ -19,7 +19,7 @@ function breaks(val) {
 	
 	for (var i = 0; i < val.length; i++) { // OK
 	  if (val[i] == null) {
-		  break; // prevents DoS.
+		  break; // Prevents DoS.
 	  }
      ret.push(val[i]);
    }
@@ -30,7 +30,7 @@ function throws(val) {
 	
 	for (var i = 0; i < val.length; i++) { // OK
 	  if (val[i] == null) {
-		  throw 2; // prevents DoS.
+		  throw 2; // Prevents DoS.
 	  }
      ret.push(val[i]);
    }
@@ -42,7 +42,7 @@ function returns(val) {
 	
 	for (var i = 0; i < val.length; i++) { // OK
 	  if (val[i] == null) {
-		  return 2; // prevents DoS.
+		  return 2; // Prevents DoS.
 	  }
      ret.push(val[i]);
    }
@@ -51,7 +51,7 @@ function returns(val) {
 function lodashThrow(val) {
 	_.map(val, function (e) { // OK
 		if (!e) {
-			throw new Error(); // prevents DoS.
+			throw new Error(); // Prevents DoS.
 		}
 	})
 }
--- a/javascript/ql/test/query-tests/Security/CWE-834/LoopBoundInjectionGood.js
+++ b/javascript/ql/test/query-tests/Security/CWE-834/LoopBoundInjectionGood.js
@@ -20,7 +20,7 @@ function sanitized(val) {
    if (!Array.isArray(val)) {
        return [];
    }
-    // At this point we know that val must be an Array, and an attacked is
+    // At this point we know that val must be an Array, and an attacker is
    // therefore not able to send a cheap request that spends a lot of time
    // inside the loop.
    for (var i = 0; i < val.length; i++) { // OK
@@ -50,7 +50,7 @@ function sanitized3(val) {
    if (!isArray(val)) {
        return [];
    }
-    // At this point we know that val must be an Array, and an attacked is
+    // At this point we know that val must be an Array, and an attacker is
    // therefore not able to send a cheap request that spends a lot of time
    // inside the loop.
    for (var i = 0; i < val.length; i++) { // OK
@@ -64,7 +64,7 @@ function sanitized4(val) {
    if (!(val instanceof Array)) {
        return [];
    }
-    // At this point we know that val must be an Array, and an attacked is
+    // At this point we know that val must be an Array, and an attacker is
    // therefore not able to send a cheap request that spends a lot of time
    // inside the loop.
    for (var i = 0; i < val.length; i++) { // OK