Remove non-breaking spaces from code

2025-12-16 16:53:25 +01:00 · 2025-09-05 09:41:15 +02:00
parent 2100dc1288
commit 5d3ec35e29
26 changed files with 43 additions and 43 deletions
--- a/.github/workflows/query-list.yml
+++ b/.github/workflows/query-list.yml
@@ -31,7 +31,7 @@ jobs:
      with:
        python-version: 3.8
    - name: Download CodeQL CLI
-      # Look under the `codeql` directory, as this is where we checked out the `github/codeql` repo
+      # Look under the `codeql` directory, as this is where we checked out the `github/codeql` repo
      uses: ./codeql/.github/actions/fetch-codeql
    - name: Build code scanning query list
      run: |
--- a/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.md
+++ b/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.md
@@ -32,7 +32,7 @@ jobs:
      - uses: actions/setup-node@v1
      - run: |
-          npm install # scripts in package.json from PR would be executed here
+          npm install # scripts in package.json from PR would be executed here
          npm build
      - uses: completely/fakeaction@v2
--- a/actions/ql/src/Security/CWE-829/UntrustedCheckoutHigh.md
+++ b/actions/ql/src/Security/CWE-829/UntrustedCheckoutHigh.md
@@ -32,7 +32,7 @@ jobs:
      - uses: actions/setup-node@v1
      - run: |
-          npm install # scripts in package.json from PR would be executed here
+          npm install # scripts in package.json from PR would be executed here
          npm build
      - uses: completely/fakeaction@v2
--- a/actions/ql/src/Security/CWE-829/UntrustedCheckoutMedium.md
+++ b/actions/ql/src/Security/CWE-829/UntrustedCheckoutMedium.md
@@ -32,7 +32,7 @@ jobs:
      - uses: actions/setup-node@v1
      - run: |
-          npm install # scripts in package.json from PR would be executed here
+          npm install # scripts in package.json from PR would be executed here
          npm build
      - uses: completely/fakeaction@v2
--- a/docs/codeql/ql-language-reference/expressions.rst
+++ b/docs/codeql/ql-language-reference/expressions.rst
@@ -625,7 +625,7 @@ Then the evaluation of the ``depth`` predicate proceeds as follows:
 +-----------+--------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
 | **Stage** | **depth**                                  | **Comments**                                                                                                                                                             |
 +===========+============================================+==========================================================================================================================================================================+
-| 0         |                                            | We always begin with the empty set.                                                                                                                                      |
+| 0         |                                            | We always begin with the empty set.                                                                                                                                      |
 +-----------+--------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
 | 1         | ``(0, b), (0, d), (0, e)``                 | The nodes with no children have depth 0. The recursive step for **a** and **c** fails to produce a value, since some of their children do not have values for ``depth``. |
 +-----------+--------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
--- a/go/old-change-notes/2020-10-01-gomod-extraction.md
+++ b/go/old-change-notes/2020-10-01-gomod-extraction.md
@@ -1,2 +1,2 @@
 lgtm,codescanning
-* The extractor now only extracts go.mod files belonging to extracted packages. In particular, vendored go.mod files will no longer be extracted unless the vendored package is explicitly passed to the extractor. This will remove unexpected `GoModExpr` and similar expressions seen by queries.
+* The extractor now only extracts go.mod files belonging to extracted packages. In particular, vendored go.mod files will no longer be extracted unless the vendored package is explicitly passed to the extractor. This will remove unexpected `GoModExpr` and similar expressions seen by queries.
--- a/go/ql/lib/semmle/go/Architectures.qll
+++ b/go/ql/lib/semmle/go/Architectures.qll
@@ -28,7 +28,7 @@ class Architecture extends string {
  }
  /**
-   * Gets the integer and pointer type width for this architecture.
+   * Gets the integer and pointer type width for this architecture.
   *
   * As of the time of writing, this appears to always be identical -- there aren't
   * Go architectures with 64-bit pointers but 32-bit ints, for example.
--- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll
+++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll
@@ -994,7 +994,7 @@ module Public {
  class ComponentReadNode extends ReadNode {
    override IR::ComponentReadInstruction insn;
-    /** Gets the data-flow node representing the base from which the field or element is read. */
+    /** Gets the data-flow node representing the base from which the field or element is read. */
    Node getBase() { result = DataFlow::instructionNode(insn.getBase()) }
  }
--- a/go/ql/lib/semmle/go/frameworks/Beego.qll
+++ b/go/ql/lib/semmle/go/frameworks/Beego.qll
@@ -109,7 +109,7 @@ module Beego {
    override string getAContentType() {
      // Super-method provides content-types for `Body`, which requires us to search
-      // for `ContentType` and `Header` calls against the same `BeegoOutput` instance
+      // for `ContentType` and `Header` calls against the same `BeegoOutput` instance
      result = super.getAContentType()
      or
      // Specifically describe methods that set the content-type and body in one operation:
--- a/go/ql/src/InconsistentCode/MissingErrorCheck.qhelp
+++ b/go/ql/src/InconsistentCode/MissingErrorCheck.qhelp
@@ -22,7 +22,7 @@ the returned pointer.</p>
 <sample src="MissingErrorCheck.go" />
-<p>The corrected version of <code>user</code> checks <code>err</code> before using <code>ptr</code>.</p>
+<p>The corrected version of <code>user</code> checks <code>err</code> before using <code>ptr</code>.</p>
 <sample src="MissingErrorCheckGood.go" />
--- a/go/ql/src/InconsistentCode/MissingErrorCheck.ql
+++ b/go/ql/src/InconsistentCode/MissingErrorCheck.ql
@@ -22,7 +22,7 @@ predicate isNil(DataFlow::Node node) { node = Builtin::nil().getARead() }
 /**
 * Matches if `call` may return a nil pointer alongside an error value.
 *
- * This is both an over- and under-estimate: over in that we assume opaque functions may use this
+ * This is both an over- and under-estimate: over in that we assume opaque functions may use this
 * convention, and under in that functions with bodies are only recognized if they use a literal
 * `nil` for the pointer return value at some return site.
 */
--- a/go/ql/src/Security/CWE-327/InsecureTLS.ql
+++ b/go/ql/src/Security/CWE-327/InsecureTLS.ql
@@ -211,7 +211,7 @@ module TlsInsecureCipherSuitesFlow = TaintTracking::Global<TlsInsecureCipherSuit
 /**
 * Holds if an insecure TLS cipher suite flows from `source` to `sink`, where `sink`
- * is written to the CipherSuites list of a `tls.Config` instance. `message` describes
+ * is written to the CipherSuites list of a `tls.Config` instance. `message` describes
 * the exact problem found.
 */
 predicate isInsecureTlsCipherFlow(
--- a/go/ql/test/library-tests/semmle/go/frameworks/Beego/test.go
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Beego/test.go
@@ -297,7 +297,7 @@ func testUtilsPropagators(c *beego.Controller) {
 	c.CustomAbort(500, utils.SlicePad(untainted, 10, genericFiles[0])[0].(*multipart.FileHeader).Filename)
 	c.CustomAbort(500, utils.SlicePad(genericFiles, 10, untainted[0])[0].(*multipart.FileHeader).Filename)
 	c.CustomAbort(500, utils.SliceRand(genericFiles).(*multipart.FileHeader).Filename)
-	// Note this is misnamed -- it's a map operation, not a reduce
+	// Note this is misnamed -- it's a map operation, not a reduce
 	c.CustomAbort(500, utils.SliceReduce(genericFiles, func(x interface{}) interface{} { return x })[0].(*multipart.FileHeader).Filename)
 	c.CustomAbort(500, utils.SliceShuffle(genericFiles)[0].(*multipart.FileHeader).Filename)
 	c.CustomAbort(500, utils.SliceUnique(genericFiles)[0].(*multipart.FileHeader).Filename)
--- a/go/ql/test/library-tests/semmle/go/frameworks/Revel/EndToEnd.go
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Revel/EndToEnd.go
@@ -26,19 +26,19 @@ type MyRoute struct {
 // Implement some request handlers on that Controller exhibiting some common problems:
 func (c MyRoute) Handler1() revel.Result {
-	// GOOD: the Render function is likely to properly escape the user-controlled parameter.
+	// GOOD: the Render function is likely to properly escape the user-controlled parameter.
 	return c.Render("someviewparam", c.Params.Form.Get("someField"))
 }
 func (c MyRoute) Handler2() revel.Result {
-	// BAD: the RenderBinary function copies an `io.Reader` to the user's browser.
+	// BAD: the RenderBinary function copies an `io.Reader` to the user's browser.
 	buf := &bytes.Buffer{}
 	buf.WriteString(c.Params.Form.Get("someField"))
 	return c.RenderBinary(buf, "index.html", revel.Inline, time.Now()) // $ responsebody='buf'
 }
 func (c MyRoute) Handler3() revel.Result {
-	// GOOD: the RenderBinary function copies an `io.Reader` to the user's browser, but the filename
+	// GOOD: the RenderBinary function copies an `io.Reader` to the user's browser, but the filename
 	// means it will be given a safe content-type.
 	buf := &bytes.Buffer{}
 	buf.WriteString(c.Params.Form.Get("someField"))
--- a/javascript/documentation/library-customization.rst
+++ b/javascript/documentation/library-customization.rst
@@ -178,7 +178,7 @@ added by extending ``Dataflow::SourceNode::Range``. Some of its subclasses can s
 extended. For example, ``DataFlow::ModuleImportNode`` models module imports, and ``DataFlow::ClassNode`` models
 class definitions. The former provides default implementations covering CommonJS, AMD, and ECMAScript
 2015 modules, while the latter handles ECMAScript 2015 classes, as well as traditional function-based
-classes. You can extend their corresponding ``::Range`` classes to add support for other module or
+classes. You can extend their corresponding ``::Range`` classes to add support for other module or
 class systems.
 Type inference
--- a/javascript/ql/src/experimental/Security/CWE-918/SSRF.js
+++ b/javascript/ql/src/experimental/Security/CWE-918/SSRF.js
@@ -1,7 +1,7 @@
 const axios = require('axios');
 export const handler = async (req, res, next) => {
-  const { target } = req.body;
+  const { target } = req.body;
  try {
    // BAD: `target` is controlled by the attacker
--- a/javascript/ql/src/experimental/Security/CWE-918/SSRFGood.js
+++ b/javascript/ql/src/experimental/Security/CWE-918/SSRFGood.js
@@ -2,7 +2,7 @@ const axios = require('axios');
 const validator = require('validator');
 export const handler = async (req, res, next) => {
-  const { target } = req.body;
+  const { target } = req.body;
  if (!validator.isAlphanumeric(target)) {
    return next(new Error('Bad request'));
--- a/javascript/ql/test/library-tests/TypeScript/RegressionTests/EmptyName/test.ts
+++ b/javascript/ql/test/library-tests/TypeScript/RegressionTests/EmptyName/test.ts
@@ -1,9 +1,9 @@
 type Mapped<MK extends string = ''> = {
-        [mk in MK]: string
+        [mk in MK]: string
    };
 export function fn(ev: Mapped) {
-    const props: Mapped = {
+    const props: Mapped = {
-        ...ev
+        ...ev
-    };
+    };
 }
--- a/javascript/ql/test/library-tests/TypeScript/RegressionTests/SemicolonInName/test.ts
+++ b/javascript/ql/test/library-tests/TypeScript/RegressionTests/SemicolonInName/test.ts
@@ -1,9 +1,9 @@
 type Mapped<MK extends string = ';'> = {
-        [mk in MK]: string
+        [mk in MK]: string
    };
 export function fn(ev: Mapped) {
-    const props: Mapped = {
+    const props: Mapped = {
-        ...ev
+        ...ev
-    };
+    };
 }
--- a/misc/scripts/shared-code-metrics.py
+++ b/misc/scripts/shared-code-metrics.py
@@ -159,7 +159,7 @@ class Package(SharedAsset):
    def containsDirectory(self, dir):
        return self.path.parent.parts == dir.parts[:len(self.path.parent.parts)]
-        # dir.startsWith(self.path.parent)
+        # dir.startsWith(self.path.parent)
    # Constructs a list of transitive depedencies of this package.
    def calculateDependencies(self, packageNameMap):
--- a/python/extractor/tsg-python/python.tsg
+++ b/python/extractor/tsg-python/python.tsg
@@ -174,7 +174,7 @@
 { let @unaryop.node = (ast-node @unaryop "UnaryOp") }
 (exec_statement) @exec
-{ let @exec.node = (ast-node @exec "Exec") }
+{ let @exec.node = (ast-node @exec "Exec") }
 (print_statement) @print
 { let @print.node = (ast-node @print "Print") }
@@ -3040,7 +3040,7 @@
    if some @is_kwarg {
        attr (@lambda.function -> @name.node) kwonlyargs = (named-child-index @param)
    }
-    else { 
+    else { 
        attr (@lambda.function -> @name.node) args = (named-child-index @param)
    }
@@ -3153,7 +3153,7 @@
    if some @is_kwarg {
        attr (@funcdef.function -> @name.node) kwonlyargs = (named-child-index @param)
    }
-    else { 
+    else { 
        attr (@funcdef.function -> @name.node) args = (named-child-index @param)
    }
@@ -3284,7 +3284,7 @@
    attr (@last.node) func = @exp.node
    edge @last.node -> @funcdef.funcexpr
    attr (@last.node -> @funcdef.funcexpr) positional_args = 0
-    attr (@last.node) _location_end = (location-end @exp)
+    attr (@last.node) _location_end = (location-end @exp)
 }
 (decorated_definition
@@ -3296,7 +3296,7 @@
    attr (@last.node) func = @exp.node
    edge @last.node -> @class.class_expr
    attr (@last.node -> @class.class_expr) positional_args = 0
-    attr (@last.node) _location_end = (location-end @exp)
+    attr (@last.node) _location_end = (location-end @exp)
 }
 ;;; Type parameters
--- a/python/ql/test/library-tests/dataflow/global-flow/known.py
+++ b/python/ql/test/library-tests/dataflow/global-flow/known.py
@@ -1 +1 @@
-known_attr = [1000] #$ writes=known_attr
+known_attr = [1000] #$ writes=known_attr
--- a/python/ql/test/library-tests/dataflow/typetracking/attribute_tests.py
+++ b/python/ql/test/library-tests/dataflow/typetracking/attribute_tests.py
@@ -35,7 +35,7 @@ def set_foo(some_class_instance): # $ tracked=foo
    some_class_instance.foo = tracked # $ tracked=foo tracked
 def test_set_x():
-    x = SomeClass() # $ MISSING: tracked=foo
+    x = SomeClass() # $ MISSING: tracked=foo
    set_foo(x) # $ MISSING: tracked=foo
    print(x.foo) # $ MISSING: tracked=foo tracked
@@ -51,7 +51,7 @@ def test_create_with_foo():
 def test_global_attribute_assignment():
    global global_var
-    global_var.foo = tracked # $ tracked tracked=foo
+    global_var.foo = tracked # $ tracked tracked=foo
 def test_global_attribute_read():
    x = global_var.foo # $ tracked tracked=foo
@@ -61,7 +61,7 @@ def test_local_attribute_assignment():
    # In this case, we don't want flow going to the `ModuleVariableNode` for `local_var` 
    # (which is referenced in `test_local_attribute_read`).
    local_var = object() # $ tracked=foo
-    local_var.foo = tracked # $ tracked tracked=foo
+    local_var.foo = tracked # $ tracked tracked=foo
 def test_local_attribute_read():
    x = local_var.foo
@@ -129,7 +129,7 @@ def dunder_dict_indirect_write():
    x = SomeClass() # $ MISSING: tracked=foo
    x.__dict__[attr] = tracked # $tracked MISSING: tracked=foo
    y = x.foo # $ MISSING: tracked tracked=foo
-    do_stuff(y) # $ MISSING: tracked
+    do_stuff(y) # $ MISSING: tracked
 def dunder_dict_indirect_read():
    attr = "foo"
@@ -153,7 +153,7 @@ class MyClass2(object):
    def print_foo(self): # $ MISSING: tracked=foo
        print(self.foo) # $ MISSING: tracked=foo tracked
-    def possibly_uncalled_method(self): # $ MISSING: tracked=foo
+    def possibly_uncalled_method(self): # $ MISSING: tracked=foo
        print(self.foo) # $ MISSING: tracked=foo tracked
 instance = MyClass2()
@@ -170,7 +170,7 @@ class MyClass3(object):
    def print_foo(self): # $ tracked=foo
        print(self.foo) # $ tracked=foo tracked
-    def possibly_uncalled_method(self): # $ MISSING: tracked=foo
+    def possibly_uncalled_method(self): # $ MISSING: tracked=foo
        print(self.foo) # $ MISSING: tracked=foo tracked
 instance = MyClass3() # $ tracked=foo
--- a/ruby/ql/src/experimental/insecure-randomness/examples/InsecureRandomnessBad.rb
+++ b/ruby/ql/src/experimental/insecure-randomness/examples/InsecureRandomnessBad.rb
@@ -1,6 +1,6 @@
 def generate_password()
  chars = ('a'..'z').to_a + ('A'..'Z').to_a + ('0'..'9').to_a + ['!', '@', '#', '$', '%']
-  # BAD: rand is not cryptographically secure
+  # BAD: rand is not cryptographically secure
  password = (1..10).collect { chars[rand(chars.size)] }.join
 end
--- a/ruby/ql/test/query-tests/experimental/InsecureRandomness/InsecureRandomness.rb
+++ b/ruby/ql/test/query-tests/experimental/InsecureRandomness/InsecureRandomness.rb
@@ -2,7 +2,7 @@ require 'securerandom'
 def generate_password_1(length)
  chars = ('a'..'z').to_a + ('A'..'Z').to_a + ('0'..'9').to_a + ['!', '@', '#', '$', '%']
-  # BAD: rand is not cryptographically secure
+  # BAD: rand is not cryptographically secure
  password = (1..length).collect { chars[rand(chars.size)] }.join
 end
--- a/ruby/ql/test/query-tests/security/cwe-915/test.rb
+++ b/ruby/ql/test/query-tests/security/cwe-915/test.rb
@@ -46,7 +46,7 @@ class UserController < ActionController::Base
    def create4
        x = params[:user]
        x.permit!
-        User.new(x) # BAD
+        User.new(x) # BAD
        User.new(x.permit(:name,:address)) # GOOD
        User.new(params.permit(user: {})) # BAD
        User.new(params.permit(user: [:name, :address, {friends:{}}])) # BAD
`@@ -1,2 +1,2 @@`
	`lgtm,codescanning`	`lgtm,codescanning`
	* The extractor now only extracts go.mod files belonging to extracted packages. In particular, vendored go.mod files will no longer be extracted unless the vendored package is explicitly passed to the extractor. This will remove unexpected `GoModExpr` and similar expressions seen by queries.	* The extractor now only extracts go.mod files belonging to extracted packages. In particular, vendored go.mod files will no longer be extracted unless the vendored package is explicitly passed to the extractor. This will remove unexpected `GoModExpr` and similar expressions seen by queries.
`@@ -1 +1 @@`
	`known_attr = [1000] #$ writes=known_attr`	`known_attr = [1000] #$ writes=known_attr`