Merge pull request #10801 from jsoref/spelling-ruby

Spelling ruby

csharp/ql/lib/semmle/code/csharp/controlflow/internal/ControlFlowGraphImplShared.qll

@@ -885,7 +885,7 @@ module TestOutput {
     /**
      * Gets a string used to resolve ties in node and edge ordering.
      */
-    string getOrderDisambuigation() { result = "" }
+    string getOrderDisambiguation() { result = "" }
   }
 
   query predicate nodes(RelevantNode n, string attr, string val) {
@@ -900,7 +900,7 @@ module TestOutput {
             order by
               l.getFile().getBaseName(), l.getFile().getAbsolutePath(), l.getStartLine(),
               l.getStartColumn(), l.getEndLine(), l.getEndColumn(), p.toString(),
-              p.getOrderDisambuigation()
+              p.getOrderDisambiguation()
           )
       ).toString()
   }
@@ -923,7 +923,7 @@ module TestOutput {
             order by
               l.getFile().getBaseName(), l.getFile().getAbsolutePath(), l.getStartLine(),
               l.getStartColumn(), l.getEndLine(), l.getEndColumn(), t.toString(), s.toString(),
-              s.getOrderDisambuigation()
+              s.getOrderDisambiguation()
           )
       ).toString()
   }

java/ql/lib/semmle/code/java/security/regexp/ExponentialBackTracking.qll

@@ -202,7 +202,7 @@ private predicate isFork(State q, InputSymbol s1, InputSymbol s2, State r1, Stat
     //
     // We additionally require that the there exists another InfiniteRepetitionQuantifier `mid` on the path from `q` to itself.
     // This is done to avoid flagging regular expressions such as `/(a?)*b/` - that only has polynomial runtime, and is detected by `js/polynomial-redos`.
-    // The below code is therefore a heuritic, that only flags regular expressions such as `/(a*)*b/`,
+    // The below code is therefore a heuristic, that only flags regular expressions such as `/(a*)*b/`,
     // and does not flag regular expressions such as `/(a?b?)c/`, but the latter pattern is not used frequently.
     r1 = r2 and
     q1 = q2 and

java/ql/lib/semmle/code/java/security/regexp/SuperlinearBackTracking.qll

@@ -76,7 +76,7 @@ class StateTuple extends TStateTuple {
   StateTuple() { this = MkStateTuple(q1, q2, q3) }
 
   /**
-   * Gest a string repesentation of this tuple.
+   * Gest a string representation of this tuple.
    */
   string toString() { result = "(" + q1 + ", " + q2 + ", " + q3 + ")" }
 

javascript/ql/lib/semmle/javascript/security/BadTagFilterQuery.qll

@@ -1,5 +1,5 @@
 /**
- * Provides precicates for reasoning about bad tag filter vulnerabilities.
+ * Provides predicates for reasoning about bad tag filter vulnerabilities.
  */
 
 import regexp.RegexpMatching
@@ -65,7 +65,7 @@ predicate isBadRegexpFilter(HtmlMatchingRegExp regexp, string msg) {
   regexp.matches("<!-- foo --!>") and
   exists(int a, int b | a != b |
     regexp.fillsCaptureGroup("<!-- foo -->", a) and
-    // <!-- foo --> might be ambigously parsed (matching both capture groups), and that is ok here.
+    // <!-- foo --> might be ambiguously parsed (matching both capture groups), and that is ok here.
     regexp.fillsCaptureGroup("<!-- foo --!>", b) and
     not regexp.fillsCaptureGroup("<!-- foo --!>", a) and
     msg =

javascript/ql/lib/semmle/javascript/security/regexp/ExponentialBackTracking.qll

@@ -202,7 +202,7 @@ private predicate isFork(State q, InputSymbol s1, InputSymbol s2, State r1, Stat
     //
     // We additionally require that the there exists another InfiniteRepetitionQuantifier `mid` on the path from `q` to itself.
     // This is done to avoid flagging regular expressions such as `/(a?)*b/` - that only has polynomial runtime, and is detected by `js/polynomial-redos`.
-    // The below code is therefore a heuritic, that only flags regular expressions such as `/(a*)*b/`,
+    // The below code is therefore a heuristic, that only flags regular expressions such as `/(a*)*b/`,
     // and does not flag regular expressions such as `/(a?b?)c/`, but the latter pattern is not used frequently.
     r1 = r2 and
     q1 = q2 and

javascript/ql/lib/semmle/javascript/security/regexp/RegexpMatching.qll

@@ -1,5 +1,5 @@
 /**
- * Provides precicates for reasoning about which strings are matched by a regular expression,
+ * Provides predicates for reasoning about which strings are matched by a regular expression,
  * and for testing which capture groups are filled when a particular regexp matches a string.
  */
 

javascript/ql/lib/semmle/javascript/security/regexp/SuperlinearBackTracking.qll

@@ -76,7 +76,7 @@ class StateTuple extends TStateTuple {
   StateTuple() { this = MkStateTuple(q1, q2, q3) }
 
   /**
-   * Gest a string repesentation of this tuple.
+   * Gest a string representation of this tuple.
    */
   string toString() { result = "(" + q1 + ", " + q2 + ", " + q3 + ")" }
 

python/ql/lib/semmle/python/security/BadTagFilterQuery.qll

@@ -1,5 +1,5 @@
 /**
- * Provides precicates for reasoning about bad tag filter vulnerabilities.
+ * Provides predicates for reasoning about bad tag filter vulnerabilities.
  */
 
 import regexp.RegexpMatching
@@ -65,7 +65,7 @@ predicate isBadRegexpFilter(HtmlMatchingRegExp regexp, string msg) {
   regexp.matches("<!-- foo --!>") and
   exists(int a, int b | a != b |
     regexp.fillsCaptureGroup("<!-- foo -->", a) and
-    // <!-- foo --> might be ambigously parsed (matching both capture groups), and that is ok here.
+    // <!-- foo --> might be ambiguously parsed (matching both capture groups), and that is ok here.
     regexp.fillsCaptureGroup("<!-- foo --!>", b) and
     not regexp.fillsCaptureGroup("<!-- foo --!>", a) and
     msg =

python/ql/lib/semmle/python/security/regexp/ExponentialBackTracking.qll

@@ -202,7 +202,7 @@ private predicate isFork(State q, InputSymbol s1, InputSymbol s2, State r1, Stat
     //
     // We additionally require that the there exists another InfiniteRepetitionQuantifier `mid` on the path from `q` to itself.
     // This is done to avoid flagging regular expressions such as `/(a?)*b/` - that only has polynomial runtime, and is detected by `js/polynomial-redos`.
-    // The below code is therefore a heuritic, that only flags regular expressions such as `/(a*)*b/`,
+    // The below code is therefore a heuristic, that only flags regular expressions such as `/(a*)*b/`,
     // and does not flag regular expressions such as `/(a?b?)c/`, but the latter pattern is not used frequently.
     r1 = r2 and
     q1 = q2 and

python/ql/lib/semmle/python/security/regexp/RegexpMatching.qll

@@ -1,5 +1,5 @@
 /**
- * Provides precicates for reasoning about which strings are matched by a regular expression,
+ * Provides predicates for reasoning about which strings are matched by a regular expression,
  * and for testing which capture groups are filled when a particular regexp matches a string.
  */
 

python/ql/lib/semmle/python/security/regexp/SuperlinearBackTracking.qll

@@ -76,7 +76,7 @@ class StateTuple extends TStateTuple {
   StateTuple() { this = MkStateTuple(q1, q2, q3) }
 
   /**
-   * Gest a string repesentation of this tuple.
+   * Gest a string representation of this tuple.
    */
   string toString() { result = "(" + q1 + ", " + q2 + ", " + q3 + ")" }
 

ruby/extractor/src/extractor.rs

@@ -216,7 +216,7 @@ struct Visitor<'a> {
     schema: &'a NodeTypeMap,
     /// A stack for gathering information from child nodes. Whenever a node is
     /// entered the parent's [Label], child counter, and an empty list is pushed.
-    /// All children append their data to the the list. When the visitor leaves a
+    /// All children append their data to the list. When the visitor leaves a
     /// node the list containing the child data is popped from the stack and
     /// matched against the dbscheme for the node. If the expectations are met
     /// the corresponding row definitions are added to the trap_output.

ruby/node-types/src/lib.rs

@@ -43,7 +43,7 @@ pub enum FieldTypeInfo {
     },
 
     /// The field can be one of several tokens, so the db type will be an `int`
-    /// with a `case @foo.kind` for each possiblity.
+    /// with a `case @foo.kind` for each possibility.
     ReservedWordInt(BTreeMap<String, (usize, String)>),
 }
 

ruby/ql/lib/codeql/ruby/ApiGraphs.qll

@@ -898,7 +898,7 @@ module API {
     /** Gets the `subclass` edge label. */
     LabelSubclass subclass() { any() }
 
-    /** Gets the label representing the given keword argument/parameter. */
+    /** Gets the label representing the given keyword argument/parameter. */
     LabelKeywordParameter keywordParameter(string name) { result.getName() = name }
 
     /** Gets the label representing the `n`th positional argument/parameter. */

ruby/ql/lib/codeql/ruby/ast/Call.qll

@@ -106,7 +106,7 @@ class MethodCall extends Call instanceof MethodCallImpl {
   final Block getBlock() { result = super.getBlockImpl() }
 
   /**
-   * Holds if the safe nagivation operator (`&.`) is used in this call.
+   * Holds if the safe navigation operator (`&.`) is used in this call.
    * ```rb
    * foo&.empty?
    * ```

ruby/ql/lib/codeql/ruby/ast/Constant.qll

@@ -65,7 +65,7 @@ class ConstantValue extends TConstantValue {
   /** Holds if this is the string value `s`. */
   predicate isString(string s) { s = this.getString() }
 
-  /** Gets the symbol value (exluding the `:` prefix), if this is a symbol. */
+  /** Gets the symbol value (excluding the `:` prefix), if this is a symbol. */
   string getSymbol() { this = TSymbol(result) }
 
   /** Holds if this is the symbol value `:s`. */

ruby/ql/lib/codeql/ruby/ast/internal/Module.qll

@@ -394,7 +394,7 @@ private module ResolveImpl {
 
   /**
    * The qualified names of the ancestors of a class/module. The ancestors should be an ordered list
-   * of the ancestores of `prepend`ed modules, the module itself , the ancestors or `include`d modules
+   * of the ancestors of `prepend`ed modules, the module itself , the ancestors or `include`d modules
    * and the ancestors of the super class. The priority value only distinguishes the kind of ancestor,
    * it does not order the ancestors within a group of the same kind. This is an over-approximation, however,
    * computing the precise order is tricky because it depends on the evaluation/file loading order.

ruby/ql/lib/codeql/ruby/controlflow/internal/ControlFlowGraphImplShared.qll

@@ -885,7 +885,7 @@ module TestOutput {
     /**
      * Gets a string used to resolve ties in node and edge ordering.
      */
-    string getOrderDisambuigation() { result = "" }
+    string getOrderDisambiguation() { result = "" }
   }
 
   query predicate nodes(RelevantNode n, string attr, string val) {
@@ -900,7 +900,7 @@ module TestOutput {
             order by
               l.getFile().getBaseName(), l.getFile().getAbsolutePath(), l.getStartLine(),
               l.getStartColumn(), l.getEndLine(), l.getEndColumn(), p.toString(),
-              p.getOrderDisambuigation()
+              p.getOrderDisambiguation()
           )
       ).toString()
   }
@@ -923,7 +923,7 @@ module TestOutput {
             order by
               l.getFile().getBaseName(), l.getFile().getAbsolutePath(), l.getStartLine(),
               l.getStartColumn(), l.getEndLine(), l.getEndColumn(), t.toString(), s.toString(),
-              s.getOrderDisambuigation()
+              s.getOrderDisambiguation()
           )
       ).toString()
   }

ruby/ql/lib/codeql/ruby/dataflow/FlowSummary.qll

@@ -46,7 +46,7 @@ module SummaryComponent {
 
   /**
    * Gets a summary component that represents an element in a collection at a specific
-   * known index `cv`, or an uknown index.
+   * known index `cv`, or an unknown index.
    */
   SummaryComponent elementKnownOrUnknown(ConstantValue cv) {
     result = SC::content(TKnownOrUnknownElementContent(TKnownElementContent(cv)))

ruby/ql/lib/codeql/ruby/dataflow/RemoteFlowSources.qll

@@ -1,5 +1,5 @@
 /**
- * Provides an extension point for for modeling user-controlled data.
+ * Provides an extension point for modeling user-controlled data.
  * Such data is often used as data-flow sources in security queries.
  */
 

ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll

@@ -1165,8 +1165,8 @@ private module PostUpdateNodes {
     ExprPostUpdateNode() { this = TExprPostUpdateNode(e) }
 
     override ExprNode getPreUpdateNode() {
-      // For compund arguments, such as `m(if b then x else y)`, we want the leaf nodes
-      // `[post] x` and `[post] y` to have two pre-update nodes: (1) the compund argument,
+      // For compound arguments, such as `m(if b then x else y)`, we want the leaf nodes
+      // `[post] x` and `[post] y` to have two pre-update nodes: (1) the compound argument,
       // `if b then x else y`; and the (2) the underlying expressions; `x` and `y`,
       // respectively.
       //

ruby/ql/lib/codeql/ruby/dataflow/internal/SsaImpl.qll

@@ -64,7 +64,7 @@ predicate uninitializedWrite(Cfg::EntryBasicBlock bb, int i, LocalVariable v) {
   i = -1
 }
 
-/** Holds if `bb` contains a caputured read of variable `v`. */
+/** Holds if `bb` contains a captured read of variable `v`. */
 pragma[noinline]
 private predicate hasCapturedVariableRead(Cfg::BasicBlock bb, LocalVariable v) {
   exists(LocalVariableReadAccess read |
@@ -74,7 +74,7 @@ private predicate hasCapturedVariableRead(Cfg::BasicBlock bb, LocalVariable v) {
   )
 }
 
-/** Holds if `bb` contains a caputured write to variable `v`. */
+/** Holds if `bb` contains a captured write to variable `v`. */
 pragma[noinline]
 private predicate writesCapturedVariable(Cfg::BasicBlock bb, LocalVariable v) {
   exists(LocalVariableWriteAccess write |

ruby/ql/lib/codeql/ruby/experimental/Rbi.qll

@@ -417,7 +417,7 @@ module Rbi {
     override ReturnType getReturnType() { result = ReturnsCall.super.getReturnType() }
   }
 
-  /** A call to `void` that spcifies that a given method does not return a useful value. */
+  /** A call to `void` that specifies that a given method does not return a useful value. */
   class MethodVoidCall extends MethodReturnsTypeCall instanceof VoidCall {
     override ReturnType getReturnType() { result = VoidCall.super.getReturnType() }
   }
@@ -448,7 +448,7 @@ module Rbi {
   }
 
   /**
-   * A call to `void` that spcifies that a given proc or block does not return
+   * A call to `void` that specifies that a given proc or block does not return
    * a useful value.
    */
   class ProcVoidCall extends ProcReturnsTypeCall instanceof VoidCall {

ruby/ql/lib/codeql/ruby/filters/GeneratedCode.qll

@@ -6,7 +6,7 @@ private import codeql.ruby.ast.internal.TreeSitter
 /** A source file that contains generated code. */
 abstract class GeneratedCodeFile extends RubyFile { }
 
-/** A file contining comments suggesting it contains generated code. */
+/** A file continuing comments suggesting it contains generated code. */
 class GeneratedCommentFile extends GeneratedCodeFile {
   GeneratedCommentFile() { this = any(GeneratedCodeComment c).getLocation().getFile() }
 }

ruby/ql/lib/codeql/ruby/frameworks/GraphQL.qll

@@ -120,7 +120,7 @@ class GraphqlSchemaObjectClass extends ClassDeclaration {
  * `GraphQL::Schema::RelayClassicMutation` or
  * `GraphQL::Schema::Resolver`.
  *
- * Both of these classes have an overrideable `resolve` instance
+ * Both of these classes have an overridable `resolve` instance
  * method which can receive user input in order to resolve a query or mutation.
  */
 private class GraphqlResolvableClass extends ClassDeclaration {
@@ -144,7 +144,7 @@ private class GraphqlResolvableClass extends ClassDeclaration {
  *
  * ```rb
  * module Mutation
- *   class NameAnInstrument < BaseMutationn
+ *   class NameAnInstrument < BaseMutation
  *     argument :instrument_uuid, Types::Uuid,
  *              required: true,
  *              loads: ::Instrument,
@@ -188,7 +188,7 @@ class GraphqlResolveMethod extends Method, Http::Server::RequestHandler::Range {
  *
  * ```rb
  * module Mutation
- *   class NameAnInstrument < BaseMutationn
+ *   class NameAnInstrument < BaseMutation
  *     argument :instrument_uuid, Types::Uuid,
  *              required: true,
  *              loads: ::Instrument,

ruby/ql/lib/codeql/ruby/frameworks/core/IO.qll

@@ -95,7 +95,7 @@ module IO {
    * popen([env,] cmd, mode="r" [, opt]) -> io
    * popen([env,] cmd, mode="r" [, opt]) {|io| block } -> obj
    * ```
-   * `IO.popen` does different things based on the the value of `cmd`:
+   * `IO.popen` does different things based on the value of `cmd`:
    * ```
    * "-"                                      : fork
    * commandline                              : command line string which is passed to a shell

ruby/ql/lib/codeql/ruby/frameworks/http_clients/HttpClient.qll

@@ -25,7 +25,7 @@ class HttpClientRequest extends Http::Client::Request::Range, DataFlow::CallNode
       [
         // One-off requests
         API::getTopLevelMember("HTTPClient"),
-        // Conncection re-use
+        // Connection re-use
         API::getTopLevelMember("HTTPClient").getInstance()
       ] and
     requestNode = connectionNode.getReturn(method) and

ruby/ql/lib/codeql/ruby/regexp/internal/ParseRegExp.qll

@@ -241,7 +241,7 @@ abstract class RegExp extends Ast::StringlikeLiteral {
 
   /**
    * Helper predicate for `escapingChar`.
-   * In order to avoid negative recusrion, we return a boolean.
+   * In order to avoid negative recursion, we return a boolean.
    * This way, we can refer to `escaping(pos - 1).booleanNot()`
    * rather than to a negated version of `escaping(pos)`.
    */

ruby/ql/lib/codeql/ruby/security/BadTagFilterQuery.qll

@@ -1,5 +1,5 @@
 /**
- * Provides precicates for reasoning about bad tag filter vulnerabilities.
+ * Provides predicates for reasoning about bad tag filter vulnerabilities.
  */
 
 import regexp.RegexpMatching
@@ -65,7 +65,7 @@ predicate isBadRegexpFilter(HtmlMatchingRegExp regexp, string msg) {
   regexp.matches("<!-- foo --!>") and
   exists(int a, int b | a != b |
     regexp.fillsCaptureGroup("<!-- foo -->", a) and
-    // <!-- foo --> might be ambigously parsed (matching both capture groups), and that is ok here.
+    // <!-- foo --> might be ambiguously parsed (matching both capture groups), and that is ok here.
     regexp.fillsCaptureGroup("<!-- foo --!>", b) and
     not regexp.fillsCaptureGroup("<!-- foo --!>", a) and
     msg =

ruby/ql/lib/codeql/ruby/security/regexp/ExponentialBackTracking.qll

@@ -202,7 +202,7 @@ private predicate isFork(State q, InputSymbol s1, InputSymbol s2, State r1, Stat
     //
     // We additionally require that the there exists another InfiniteRepetitionQuantifier `mid` on the path from `q` to itself.
     // This is done to avoid flagging regular expressions such as `/(a?)*b/` - that only has polynomial runtime, and is detected by `js/polynomial-redos`.
-    // The below code is therefore a heuritic, that only flags regular expressions such as `/(a*)*b/`,
+    // The below code is therefore a heuristic, that only flags regular expressions such as `/(a*)*b/`,
     // and does not flag regular expressions such as `/(a?b?)c/`, but the latter pattern is not used frequently.
     r1 = r2 and
     q1 = q2 and

ruby/ql/lib/codeql/ruby/security/regexp/RegexpMatching.qll

@@ -1,5 +1,5 @@
 /**
- * Provides precicates for reasoning about which strings are matched by a regular expression,
+ * Provides predicates for reasoning about which strings are matched by a regular expression,
  * and for testing which capture groups are filled when a particular regexp matches a string.
  */
 

ruby/ql/lib/codeql/ruby/security/regexp/SuperlinearBackTracking.qll

@@ -76,7 +76,7 @@ class StateTuple extends TStateTuple {
   StateTuple() { this = MkStateTuple(q1, q2, q3) }
 
   /**
-   * Gest a string repesentation of this tuple.
+   * Gest a string representation of this tuple.
    */
   string toString() { result = "(" + q1 + ", " + q2 + ", " + q3 + ")" }
 

ruby/ql/src/CHANGELOG.md

@@ -23,7 +23,7 @@
 
 ### New Queries
 
-* Added a new query, `rb/log-inection`, to detect cases where a malicious user may be able to forge log entries.
+* Added a new query, `rb/log-injection`, to detect cases where a malicious user may be able to forge log entries.
 * Added a new query, `rb/incomplete-multi-character-sanitization`. The query
   finds string transformations that do not replace all occurrences of a
   multi-character substring.

ruby/ql/src/change-notes/released/0.3.3.md

@@ -2,7 +2,7 @@
 
 ### New Queries
 
-* Added a new query, `rb/log-inection`, to detect cases where a malicious user may be able to forge log entries.
+* Added a new query, `rb/log-injection`, to detect cases where a malicious user may be able to forge log entries.
 * Added a new query, `rb/incomplete-multi-character-sanitization`. The query
   finds string transformations that do not replace all occurrences of a
   multi-character substring.

ruby/ql/src/experimental/manually-check-http-verb/ManuallyCheckHttpVerb.ql

@@ -1,6 +1,6 @@
 /**
  * @name Manually checking http verb instead of using built in rails routes and protections
- * @description Manually checking HTTP verbs is an indication that multiple requests are routed to the same controller action. This could lead to bypassing necessary authorization methods and other protections, like CSRF protection. Prefer using different controller actions for each HTTP method and relying Rails routing to handle mappting resources and verbs to specific methods.
+ * @description Manually checking HTTP verbs is an indication that multiple requests are routed to the same controller action. This could lead to bypassing necessary authorization methods and other protections, like CSRF protection. Prefer using different controller actions for each HTTP method and relying Rails routing to handle mapping resources and verbs to specific methods.
  * @kind path-problem
  * @problem.severity error
  * @security-severity 5.0
@@ -93,4 +93,4 @@ class HttpVerbConfig extends TaintTracking::Configuration {
 from HttpVerbConfig config, DataFlow::PathNode source, DataFlow::PathNode sink
 where config.hasFlowPath(source, sink)
 select sink.getNode(), source, sink,
-  "Manually checking HTTP verbs is an indication that multiple requests are routed to the same controller action. This could lead to bypassing necessary authorization methods and other protections, like CSRF protection. Prefer using different controller actions for each HTTP method and relying Rails routing to handle mappting resources and verbs to specific methods."
+  "Manually checking HTTP verbs is an indication that multiple requests are routed to the same controller action. This could lead to bypassing necessary authorization methods and other protections, like CSRF protection. Prefer using different controller actions for each HTTP method and relying Rails routing to handle mapping resources and verbs to specific methods."

ruby/ql/test/query-tests/experimental/manually-check-http-verb/ManuallyCheckHttpVerb.expected

@@ -23,10 +23,10 @@ nodes
 | ManuallyCheckHttpVerb.rb:59:10:59:38 | ...[...] | semmle.label | ...[...] |
 subpaths
 #select
-| ManuallyCheckHttpVerb.rb:4:8:4:19 | call to get? | ManuallyCheckHttpVerb.rb:4:8:4:19 | call to get? | ManuallyCheckHttpVerb.rb:4:8:4:19 | call to get? | Manually checking HTTP verbs is an indication that multiple requests are routed to the same controller action. This could lead to bypassing necessary authorization methods and other protections, like CSRF protection. Prefer using different controller actions for each HTTP method and relying Rails routing to handle mappting resources and verbs to specific methods. |
-| ManuallyCheckHttpVerb.rb:12:8:12:22 | ... == ... | ManuallyCheckHttpVerb.rb:11:14:11:24 | call to env :  | ManuallyCheckHttpVerb.rb:12:8:12:22 | ... == ... | Manually checking HTTP verbs is an indication that multiple requests are routed to the same controller action. This could lead to bypassing necessary authorization methods and other protections, like CSRF protection. Prefer using different controller actions for each HTTP method and relying Rails routing to handle mappting resources and verbs to specific methods. |
-| ManuallyCheckHttpVerb.rb:20:8:20:22 | ... == ... | ManuallyCheckHttpVerb.rb:19:14:19:35 | call to request_method :  | ManuallyCheckHttpVerb.rb:20:8:20:22 | ... == ... | Manually checking HTTP verbs is an indication that multiple requests are routed to the same controller action. This could lead to bypassing necessary authorization methods and other protections, like CSRF protection. Prefer using different controller actions for each HTTP method and relying Rails routing to handle mappting resources and verbs to specific methods. |
-| ManuallyCheckHttpVerb.rb:28:8:28:22 | ... == ... | ManuallyCheckHttpVerb.rb:27:14:27:27 | call to method :  | ManuallyCheckHttpVerb.rb:28:8:28:22 | ... == ... | Manually checking HTTP verbs is an indication that multiple requests are routed to the same controller action. This could lead to bypassing necessary authorization methods and other protections, like CSRF protection. Prefer using different controller actions for each HTTP method and relying Rails routing to handle mappting resources and verbs to specific methods. |
-| ManuallyCheckHttpVerb.rb:36:8:36:22 | ... == ... | ManuallyCheckHttpVerb.rb:35:14:35:39 | call to raw_request_method :  | ManuallyCheckHttpVerb.rb:36:8:36:22 | ... == ... | Manually checking HTTP verbs is an indication that multiple requests are routed to the same controller action. This could lead to bypassing necessary authorization methods and other protections, like CSRF protection. Prefer using different controller actions for each HTTP method and relying Rails routing to handle mappting resources and verbs to specific methods. |
-| ManuallyCheckHttpVerb.rb:52:10:52:23 | ... == ... | ManuallyCheckHttpVerb.rb:51:16:51:44 | call to request_method_symbol :  | ManuallyCheckHttpVerb.rb:52:10:52:23 | ... == ... | Manually checking HTTP verbs is an indication that multiple requests are routed to the same controller action. This could lead to bypassing necessary authorization methods and other protections, like CSRF protection. Prefer using different controller actions for each HTTP method and relying Rails routing to handle mappting resources and verbs to specific methods. |
-| ManuallyCheckHttpVerb.rb:59:10:59:38 | ...[...] | ManuallyCheckHttpVerb.rb:59:10:59:20 | call to env :  | ManuallyCheckHttpVerb.rb:59:10:59:38 | ...[...] | Manually checking HTTP verbs is an indication that multiple requests are routed to the same controller action. This could lead to bypassing necessary authorization methods and other protections, like CSRF protection. Prefer using different controller actions for each HTTP method and relying Rails routing to handle mappting resources and verbs to specific methods. |
+| ManuallyCheckHttpVerb.rb:4:8:4:19 | call to get? | ManuallyCheckHttpVerb.rb:4:8:4:19 | call to get? | ManuallyCheckHttpVerb.rb:4:8:4:19 | call to get? | Manually checking HTTP verbs is an indication that multiple requests are routed to the same controller action. This could lead to bypassing necessary authorization methods and other protections, like CSRF protection. Prefer using different controller actions for each HTTP method and relying Rails routing to handle mapping resources and verbs to specific methods. |
+| ManuallyCheckHttpVerb.rb:12:8:12:22 | ... == ... | ManuallyCheckHttpVerb.rb:11:14:11:24 | call to env :  | ManuallyCheckHttpVerb.rb:12:8:12:22 | ... == ... | Manually checking HTTP verbs is an indication that multiple requests are routed to the same controller action. This could lead to bypassing necessary authorization methods and other protections, like CSRF protection. Prefer using different controller actions for each HTTP method and relying Rails routing to handle mapping resources and verbs to specific methods. |
+| ManuallyCheckHttpVerb.rb:20:8:20:22 | ... == ... | ManuallyCheckHttpVerb.rb:19:14:19:35 | call to request_method :  | ManuallyCheckHttpVerb.rb:20:8:20:22 | ... == ... | Manually checking HTTP verbs is an indication that multiple requests are routed to the same controller action. This could lead to bypassing necessary authorization methods and other protections, like CSRF protection. Prefer using different controller actions for each HTTP method and relying Rails routing to handle mapping resources and verbs to specific methods. |
+| ManuallyCheckHttpVerb.rb:28:8:28:22 | ... == ... | ManuallyCheckHttpVerb.rb:27:14:27:27 | call to method :  | ManuallyCheckHttpVerb.rb:28:8:28:22 | ... == ... | Manually checking HTTP verbs is an indication that multiple requests are routed to the same controller action. This could lead to bypassing necessary authorization methods and other protections, like CSRF protection. Prefer using different controller actions for each HTTP method and relying Rails routing to handle mapping resources and verbs to specific methods. |
+| ManuallyCheckHttpVerb.rb:36:8:36:22 | ... == ... | ManuallyCheckHttpVerb.rb:35:14:35:39 | call to raw_request_method :  | ManuallyCheckHttpVerb.rb:36:8:36:22 | ... == ... | Manually checking HTTP verbs is an indication that multiple requests are routed to the same controller action. This could lead to bypassing necessary authorization methods and other protections, like CSRF protection. Prefer using different controller actions for each HTTP method and relying Rails routing to handle mapping resources and verbs to specific methods. |
+| ManuallyCheckHttpVerb.rb:52:10:52:23 | ... == ... | ManuallyCheckHttpVerb.rb:51:16:51:44 | call to request_method_symbol :  | ManuallyCheckHttpVerb.rb:52:10:52:23 | ... == ... | Manually checking HTTP verbs is an indication that multiple requests are routed to the same controller action. This could lead to bypassing necessary authorization methods and other protections, like CSRF protection. Prefer using different controller actions for each HTTP method and relying Rails routing to handle mapping resources and verbs to specific methods. |
+| ManuallyCheckHttpVerb.rb:59:10:59:38 | ...[...] | ManuallyCheckHttpVerb.rb:59:10:59:20 | call to env :  | ManuallyCheckHttpVerb.rb:59:10:59:38 | ...[...] | Manually checking HTTP verbs is an indication that multiple requests are routed to the same controller action. This could lead to bypassing necessary authorization methods and other protections, like CSRF protection. Prefer using different controller actions for each HTTP method and relying Rails routing to handle mapping resources and verbs to specific methods. |

swift/ql/lib/codeql/swift/controlflow/internal/ControlFlowGraphImplShared.qll

@@ -885,7 +885,7 @@ module TestOutput {
     /**
      * Gets a string used to resolve ties in node and edge ordering.
      */
-    string getOrderDisambuigation() { result = "" }
+    string getOrderDisambiguation() { result = "" }
   }
 
   query predicate nodes(RelevantNode n, string attr, string val) {
@@ -900,7 +900,7 @@ module TestOutput {
             order by
               l.getFile().getBaseName(), l.getFile().getAbsolutePath(), l.getStartLine(),
               l.getStartColumn(), l.getEndLine(), l.getEndColumn(), p.toString(),
-              p.getOrderDisambuigation()
+              p.getOrderDisambiguation()
           )
       ).toString()
   }
@@ -923,7 +923,7 @@ module TestOutput {
             order by
               l.getFile().getBaseName(), l.getFile().getAbsolutePath(), l.getStartLine(),
               l.getStartColumn(), l.getEndLine(), l.getEndColumn(), t.toString(), s.toString(),
-              s.getOrderDisambuigation()
+              s.getOrderDisambiguation()
           )
       ).toString()
   }

swift/ql/test/library-tests/controlflow/graph/Cfg.ql

@@ -11,7 +11,7 @@ class MyRelevantNode extends RelevantNode {
 
   private AstNode asAstNode() { result = this.getNode().asAstNode() }
 
-  override string getOrderDisambuigation() {
+  override string getOrderDisambiguation() {
     result = this.asAstNode().getPrimaryQlClasses()
     or
     not exists(this.asAstNode()) and result = ""