Fix formatting of QLDocs

go/ql/lib/printAst.ql

@@ -12,12 +12,12 @@ import semmle.go.PrintAst
 import ideContextual
 
 /**
- * The source file to generate an AST from.
+ * Gets the source file to generate an AST from.
  */
 external string selectedSourceFile();
 
 /**
- * Hook to customize the functions printed by this query.
+ * A hook to customize the functions printed by this query.
  */
 class Cfg extends PrintAstConfiguration {
   override predicate shouldPrintFunction(FuncDecl func) { shouldPrintFile(func.getFile()) }

go/ql/lib/semmle/go/Concepts.qll

@@ -115,7 +115,7 @@ module FileSystemAccess {
 /** A function that escapes meta-characters to prevent injection attacks. */
 class EscapeFunction extends Function instanceof EscapeFunction::Range {
   /**
-   * The context that this function escapes for.
+   * Gets the context that this function escapes for.
    *
    * Currently, this can be "js", "html", or "url".
    */
@@ -132,7 +132,7 @@ module EscapeFunction {
    */
   abstract class Range extends Function {
     /**
-     * The context that this function escapes for.
+     * Gets the context that this function escapes for.
      *
      * Currently, this can be `js', `html', or `url'.
      */

go/ql/lib/semmle/go/Files.qll

@@ -181,7 +181,7 @@ class Folder extends Container, @folder {
   override string getURL() { result = "folder://" + this.getAbsolutePath() }
 }
 
-/** Any file, including files that have not been extracted but are referred to as locations for errors. */
+/** A file, including files that have not been extracted but are referred to as locations for errors. */
 class ExtractedOrExternalFile extends Container, @file, Documentable, ExprParent, GoModExprParent,
   DeclParent, ScopeNode
 {

go/ql/lib/semmle/go/PrintAst.ql

@@ -9,7 +9,7 @@ import go
 import PrintAst
 
 /**
- * Hook to customize the functions printed by this query.
+ * A hook to customize the functions printed by this query.
  */
 class Cfg extends PrintAstConfiguration {
   override predicate shouldPrintFunction(FuncDecl func) { any() }

go/ql/lib/semmle/go/PrintAst.qll

@@ -5,7 +5,7 @@
 import go
 
 /**
- * Hook to customize the files and functions printed by this module.
+ * A hook to customize the files and functions printed by this module.
  *
  * For an AstNode to be printed, it always requires `shouldPrintFile(f)` to hold
  * for its containing file `f`, and additionally requires `shouldPrintFunction(fun)`

go/ql/lib/semmle/go/Scopes.qll

@@ -602,7 +602,7 @@ private newtype TCallable =
   TFuncLitCallable(FuncLit l)
 
 /**
- * This is either a `Function` or a `FuncLit`, because of limitations of both
+ * A `Function` or a `FuncLit`. We do it this way because of limitations of both
  * `Function` and `FuncDef`:
  *   - `Function` is an entity, and therefore does not include function literals, and
  *   - `FuncDef` is an AST node, and so is not extracted for functions from external libraries.

go/ql/lib/semmle/go/StringOps.qll

@@ -581,7 +581,7 @@ module StringOps {
   }
 
   /**
-   * One of the operands in a string concatenation.
+   * An operand in a string concatenation.
    *
    * See `ConcatenationElement` for more information.
    */

go/ql/lib/semmle/go/Types.qll

@@ -172,7 +172,7 @@ class InvalidType extends @invalidtype, Type {
 /** A basic type. */
 class BasicType extends @basictype, Type { }
 
-/** Either the normal or literal boolean type */
+/** The normal boolean type or the literal boolean type */
 class BoolType extends @booltype, BasicType { }
 
 /** The `bool` type of a non-literal expression */
@@ -317,7 +317,7 @@ class Complex128Type extends @complex128type, ComplexType {
   override string getName() { result = "complex128" }
 }
 
-/** Either the normal or literal string type */
+/** The normal string type or the literal string type */
 class StringType extends @stringtype, BasicType { }
 
 /** The `string` type of a non-literal expression */

go/ql/lib/semmle/go/dataflow/barrierguardutil/RegexpCheck.qll

@@ -5,7 +5,7 @@
 import go
 
 /**
- * A call to a regexp match function, considered as a barrier guard for sanitizing untrusted URLs.
+ * Holds if `resultNode` comes from a call to a regexp match function, considered as a barrier guard for sanitizing untrusted URLs.
  *
  * This is overapproximate: we do not attempt to reason about the correctness of the regexp.
  *

go/ql/lib/semmle/go/security/InsecureFeatureFlag.qll

@@ -71,7 +71,7 @@ module InsecureFeatureFlag {
   }
 
   /**
-   * Flags suggesting an optional feature, perhaps deliberately insecure.
+   * A flag suggesting an optional feature, perhaps deliberately insecure.
    */
   class SecurityFeatureFlag extends FlagKind {
     SecurityFeatureFlag() { this = "securityFeature" }

go/ql/lib/semmle/go/security/SafeUrlFlowCustomizations.qll

@@ -19,7 +19,7 @@ module SafeUrlFlow {
   /** An outgoing sanitizer edge for safe URL flow. */
   abstract class SanitizerEdge extends DataFlow::Node { }
 
-  /** Standard library safe URL sources. */
+  /** A standard library safe URL source. */
   class StdlibSource extends Source, DataFlow::FieldReadNode {
     StdlibSource() { this.getField().hasQualifiedName("net/http", "Request", ["Host", "URL"]) }
   }

go/ql/lib/semmle/go/security/UnsafeUnzipSymlink.qll

@@ -14,7 +14,7 @@ module UnsafeUnzipSymlink {
   import UnsafeUnzipSymlinkCustomizations::UnsafeUnzipSymlink
 
   /**
-   * Taint-flow configuration tracking archive header fields flowing to a `path/filepath.EvalSymlinks` call.
+   * A taint-flow configuration tracking archive header fields flowing to a `path/filepath.EvalSymlinks` call.
    */
   class EvalSymlinksConfiguration extends TaintTracking2::Configuration {
     EvalSymlinksConfiguration() { this = "Archive header field symlinks resolved" }
@@ -41,7 +41,7 @@ module UnsafeUnzipSymlink {
   }
 
   /**
-   * Taint-flow configuration tracking archive header fields flowing to an `os.Symlink` call,
+   * A taint-flow configuration tracking archive header fields flowing to an `os.Symlink` call,
    * which never flow to a `path/filepath.EvalSymlinks` call.
    */
   class SymlinkConfiguration extends TaintTracking::Configuration {

go/ql/lib/semmle/go/security/ZipSlipCustomizations.qll

@@ -61,7 +61,7 @@ module ZipSlip {
   }
 
   /**
-   * Excludes zipped file data from consideration for zip slip.
+   * A zipped file, excluded from for zip slip.
    */
   class ZipFileOpen extends Sanitizer {
     ZipFileOpen() {

go/ql/src/InconsistentCode/WrappedErrorAlwaysNil.ql

@@ -16,7 +16,8 @@ import go
 string packagePath() { result = package("github.com/pkg/errors", "") }
 
 /**
- * An equality test which guarantees that an expression is always `nil`.
+ * Holds if `g` is an equality test which guarantees that the expression `e` is
+ * either `nil` or not `nil`, depending on `outcome`.
  */
 predicate nilTestGuard(DataFlow::Node g, Expr e, boolean outcome) {
   exists(DataFlow::EqualityTestNode eq, DataFlow::Node otherNode |

go/ql/src/RedundantCode/Clones.qll

@@ -19,7 +19,7 @@ class HashableNode extends AstNode {
   }
 
   /**
-   * An opaque integer describing the type of this AST node.
+   * Gets an opaque integer describing the type of this AST node.
    */
   int getKind() {
     exists(int baseKind |

go/ql/src/Security/CWE-295/DisabledCertificateCheck.ql

@@ -38,7 +38,7 @@ predicate becomesPartOf(DataFlow::Node part, DataFlow::Node whole) {
 }
 
 /**
- * Flags suggesting a deliberately insecure certificate setup.
+ * A flag suggesting a deliberately insecure certificate setup.
  */
 class InsecureCertificateFlag extends FlagKind {
   InsecureCertificateFlag() { this = "insecureCertificate" }

go/ql/src/Security/CWE-326/InsufficientKeySize.ql

@@ -14,7 +14,8 @@ import go
 import DataFlow::PathGraph
 
 /**
- * RSA key length data flow tracking configuration.
+ * A data flow tracking configuration for tracking flow from RSA key length to
+ * calls to RSA key generation functions.
  */
 class RsaKeyTrackingConfiguration extends DataFlow::Configuration {
   RsaKeyTrackingConfiguration() { this = "RsaKeyTrackingConfiguration" }

go/ql/src/Security/CWE-327/InsecureTLS.ql

@@ -52,7 +52,8 @@ int getASecureTlsVersion() {
 int getATlsVersion() { result = getASecureTlsVersion() or isInsecureTlsVersion(result, _, _) }
 
 /**
- * Flow of TLS versions into a `tls.Config` struct, to the `MinVersion` and `MaxVersion` fields.
+ * A taint-tracking configuration for tracking flow from TLS versions to the
+ * `tls.Config.MinVersion` and `tls.Config.MaxVersion` fields.
  */
 class TlsVersionFlowConfig extends TaintTracking::Configuration {
   TlsVersionFlowConfig() { this = "TlsVersionFlowConfig" }
@@ -152,8 +153,8 @@ predicate isInsecureTlsVersionFlow(
 }
 
 /**
- * Flow of unsecure TLS cipher suites into a `tls.Config` struct,
- * to the `CipherSuites` field.
+ * A taint-tracking configuration for tracking flow from insecure TLS cipher
+ * suites into a `tls.Config` struct, to the `CipherSuites` field.
  */
 class TlsInsecureCipherSuitesFlowConfig extends TaintTracking::Configuration {
   TlsInsecureCipherSuitesFlowConfig() { this = "TlsInsecureCipherSuitesFlowConfig" }
@@ -229,7 +230,7 @@ predicate isInsecureTlsCipherFlow(DataFlow::PathNode source, DataFlow::PathNode
 }
 
 /**
- * Flags suggesting support for an old or legacy TLS version.
+ * A flag suggesting support for an old or legacy TLS version.
  *
  * We accept 'intermediate' because it appears to be common for TLS users
  * to define three profiles: modern, intermediate, legacy/old, perhaps based

go/ql/src/experimental/CWE-1004/AuthCookie.qll

@@ -65,7 +65,8 @@ private class SetCookieSink extends DataFlow::Node {
 }
 
 /**
- * Tracks sensitive name to `net/http.SetCookie`.
+ * A taint-tracking configuration for tracking flow from sensitive names to
+ * `net/http.SetCookie`.
  */
 class NameToNetHttpCookieTrackingConfiguration extends TaintTracking::Configuration {
   NameToNetHttpCookieTrackingConfiguration() { this = "NameToNetHttpCookieTrackingConfiguration" }
@@ -84,7 +85,8 @@ class NameToNetHttpCookieTrackingConfiguration extends TaintTracking::Configurat
 }
 
 /**
- * Tracks `bool` assigned to `HttpOnly` that flows into `net/http.SetCookie`.
+ * A taint-tracking configuration for tracking flow from `bool` assigned to
+ * `HttpOnly` that flows into `net/http.SetCookie`.
  */
 class BoolToNetHttpCookieTrackingConfiguration extends TaintTracking::Configuration {
   BoolToNetHttpCookieTrackingConfiguration() { this = "BoolToNetHttpCookieTrackingConfiguration" }
@@ -105,7 +107,8 @@ class BoolToNetHttpCookieTrackingConfiguration extends TaintTracking::Configurat
 }
 
 /**
- * Tracks `HttpOnly` set to `false` to `gin-gonic/gin.Context.SetCookie`.
+ * A taint-tracking configuration for tracking flow from `HttpOnly` set to
+ * `false` to `gin-gonic/gin.Context.SetCookie`.
  */
 class BoolToGinSetCookieTrackingConfiguration extends DataFlow::Configuration {
   BoolToGinSetCookieTrackingConfiguration() { this = "BoolToGinSetCookieTrackingConfiguration" }
@@ -125,7 +128,8 @@ class BoolToGinSetCookieTrackingConfiguration extends DataFlow::Configuration {
 }
 
 /**
- * Tracks sensitive name to `gin-gonic/gin.Context.SetCookie`.
+ * A taint-tracking configuration for tracking flow from sensitive names to
+ * `gin-gonic/gin.Context.SetCookie`.
  */
 private class NameToGinSetCookieTrackingConfiguration extends DataFlow2::Configuration {
   NameToGinSetCookieTrackingConfiguration() { this = "NameToGinSetCookieTrackingConfiguration" }
@@ -164,7 +168,8 @@ private class GorillaStoreSaveSink extends DataFlow::Node {
 }
 
 /**
- * Tracks from gorilla cookie store creation to `gorilla/sessions.Session.Save`.
+ * A taint-tracking configuration for tracking flow from gorilla cookie store
+ * creation to `gorilla/sessions.Session.Save`.
  */
 class GorillaCookieStoreSaveTrackingConfiguration extends DataFlow::Configuration {
   GorillaCookieStoreSaveTrackingConfiguration() {
@@ -194,7 +199,8 @@ class GorillaCookieStoreSaveTrackingConfiguration extends DataFlow::Configuratio
 }
 
 /**
- * Tracks session options to `gorilla/sessions.Session.Save`.
+ * A taint-tracking configuration for tracking flow from session options to
+ * `gorilla/sessions.Session.Save`.
  */
 class GorillaSessionOptionsTrackingConfiguration extends TaintTracking::Configuration {
   GorillaSessionOptionsTrackingConfiguration() {
@@ -219,7 +225,8 @@ class GorillaSessionOptionsTrackingConfiguration extends TaintTracking::Configur
 }
 
 /**
- * Tracks `bool` assigned to `HttpOnly` that flows into `gorilla/sessions.Session.Save`.
+ * A taint-tracking configuration for tracking flow from a `bool` assigned to
+ * `HttpOnly` to `gorilla/sessions.Session.Save`.
  */
 class BoolToGorillaSessionOptionsTrackingConfiguration extends TaintTracking::Configuration {
   BoolToGorillaSessionOptionsTrackingConfiguration() {

go/ql/src/experimental/CWE-327/CryptoLibraries.qll

@@ -161,7 +161,7 @@ abstract class CryptographicOperation extends DataFlow::Node {
 }
 
 /**
- * Models cryptographic operations of the `crypto/md5` package.
+ * A cryptographic operation from the `crypto/md5` package.
  */
 class Md5 extends CryptographicOperation, DataFlow::CallNode {
   Md5() { this.getTarget().hasQualifiedName("crypto/md5", ["New", "Sum"]) }
@@ -174,7 +174,7 @@ class Md5 extends CryptographicOperation, DataFlow::CallNode {
 }
 
 /**
- * Models cryptographic operations of the `crypto/sha1` package.
+ * A cryptographic operation from the `crypto/sha1` package.
  */
 class Sha1 extends CryptographicOperation, DataFlow::CallNode {
   Sha1() { this.getTarget().hasQualifiedName("crypto/sha1", ["New", "Sum"]) }
@@ -187,7 +187,7 @@ class Sha1 extends CryptographicOperation, DataFlow::CallNode {
 }
 
 /**
- * Models cryptographic operations of the `crypto/des` package.
+ * A cryptographic operation from the `crypto/des` package.
  */
 class Des extends CryptographicOperation, DataFlow::CallNode {
   Des() { this.getTarget().hasQualifiedName("crypto/des", ["NewCipher", "NewTripleDESCipher"]) }
@@ -200,7 +200,7 @@ class Des extends CryptographicOperation, DataFlow::CallNode {
 }
 
 /**
- * Models cryptographic operations of the `crypto/rc4` package.
+ * A cryptographic operation from the `crypto/rc4` package.
  */
 class Rc4 extends CryptographicOperation, DataFlow::CallNode {
   Rc4() { this.getTarget().hasQualifiedName("crypto/rc4", "NewCipher") }

go/ql/src/experimental/CWE-79/HTMLTemplateEscapingPassthrough.ql

@@ -29,7 +29,7 @@ predicate flowsFromUntrustedToConversion(
 }
 
 /**
- * Provides the names of the types that will not be escaped when passed to
+ * A name of a type that will not be escaped when passed to
  * a `html/template` template.
  */
 class PassthroughTypeName extends string {

go/ql/src/experimental/CWE-918/SSRF.qll

@@ -132,7 +132,7 @@ module ServerSideRequestForgery {
   }
 
   /**
-   * If the tainted variable is a boolean or has numeric type is not possible to exploit a SSRF
+   * A value which has boolean or numeric type, considered as a sanitizer for SSRF.
    */
   class NumSanitizer extends Sanitizer {
     NumSanitizer() {
@@ -142,8 +142,8 @@ module ServerSideRequestForgery {
   }
 
   /**
-   * When we receive a body from a request, we can use certain tags on our struct's fields to hint
-   * the binding function to run some validations for that field. If these binding functions returns
+   * A body received from a request, where certain tags on our struct's fields have been used to hint
+   * to the binding function to run some validations for that field. If these binding functions returns
    * no error, then we consider these fields safe for SSRF.
    */
   class BodySanitizer extends Sanitizer instanceof CheckedAlphanumericStructFieldRead { }

go/ql/test/extractor-tests/diagnostics/Diagnostics.ql

@@ -44,7 +44,7 @@ class Diagnostic extends @diagnostic {
 }
 
 /**
- * Wraps `Compilation`, removing the `.exe` suffixes from compilation descriptions
+ * A wrapper around a `Compilation`, removing the `.exe` suffixes from compilation descriptions
  * such that this test produces the same results on Windows and non-Windows platforms.
  */
 class PlatformNeutralCompilation extends Compilation {