From efba220b45f42f6643fdc55b4714cbb269535ee2 Mon Sep 17 00:00:00 2001 From: Erik Krogh Kristensen Date: Sun, 19 Dec 2021 23:01:53 +0100 Subject: [PATCH] JS: fix most `ql/missing-parameter-qldoc` issues --- .../ql/lib/semmle/javascript/BasicBlocks.qll | 2 +- .../semmle/javascript/CharacterEscapes.qll | 2 +- .../lib/semmle/javascript/ES2015Modules.qll | 2 +- javascript/ql/lib/semmle/javascript/Paths.qll | 4 ++-- .../lib/semmle/javascript/RangeAnalysis.qll | 22 +++++++++---------- javascript/ql/lib/semmle/javascript/SSA.qll | 2 +- .../javascript/dataflow/Configuration.qll | 12 +++++----- .../semmle/javascript/dataflow/DataFlow.qll | 2 +- .../semmle/javascript/dataflow/Portals.qll | 2 +- .../javascript/dataflow/TaintTracking.qll | 2 +- .../AngularJS/AngularJSExpressions.qll | 6 ++--- .../AngularJS/ServiceDefinitions.qll | 4 ++-- .../semmle/javascript/frameworks/Fastify.qll | 2 +- .../javascript/frameworks/NodeJSLib.qll | 8 +++---- .../security/performance/ReDoSUtil.qll | 2 +- .../src/Declarations/DeadStoreOfProperty.ql | 4 ++-- .../TemplateSyntaxInStringLiteral.ql | 4 ++-- javascript/ql/src/Metrics/ES20xxFeatures.qll | 2 +- javascript/ql/src/NodeJS/InvalidExport.ql | 8 +++---- .../Security/CWE-020/HostnameRegexpShared.qll | 2 +- .../CWE-020/IncompleteUrlSchemeCheck.ql | 4 ++-- .../Security/CWE-020/IncorrectSuffixCheck.ql | 2 +- javascript/ql/src/definitions.qll | 2 +- javascript/ql/src/external/DefectFilter.qll | 4 ++-- javascript/ql/src/external/MetricFilter.qll | 4 ++-- 25 files changed, 55 insertions(+), 55 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/BasicBlocks.qll b/javascript/ql/lib/semmle/javascript/BasicBlocks.qll index 2b02b6b6486..6e6579d6f7e 100644 --- a/javascript/ql/lib/semmle/javascript/BasicBlocks.qll +++ b/javascript/ql/lib/semmle/javascript/BasicBlocks.qll @@ -146,7 +146,7 @@ class BasicBlock extends @cfg_node, NodeInStmtContainer { /** Holds if this basic block uses variable `v` in its `i`th node `u`. */ predicate useAt(int i, Variable v, VarUse u) { useAt(this, i, v, u) } - /** Holds if this basic block defines variable `v` in its `i`th node `u`. */ + /** Holds if this basic block defines variable `v` in its `i`th node `d`. */ predicate defAt(int i, Variable v, VarDef d) { defAt(this, i, v, d) } /** diff --git a/javascript/ql/lib/semmle/javascript/CharacterEscapes.qll b/javascript/ql/lib/semmle/javascript/CharacterEscapes.qll index 1a19112cee3..5c8dd2bdd06 100644 --- a/javascript/ql/lib/semmle/javascript/CharacterEscapes.qll +++ b/javascript/ql/lib/semmle/javascript/CharacterEscapes.qll @@ -75,7 +75,7 @@ module CharacterEscapes { } /** - * Gets a character in `n` that is preceded by a single useless backslash, resulting in a likely regular expression mistake explained by `mistake`. + * Gets a character in `src` that is preceded by a single useless backslash, resulting in a likely regular expression mistake explained by `mistake`. * * The character is the `i`th character of the raw string value of `rawStringNode`. */ diff --git a/javascript/ql/lib/semmle/javascript/ES2015Modules.qll b/javascript/ql/lib/semmle/javascript/ES2015Modules.qll index 7ee6311393b..e584167a73b 100644 --- a/javascript/ql/lib/semmle/javascript/ES2015Modules.qll +++ b/javascript/ql/lib/semmle/javascript/ES2015Modules.qll @@ -337,7 +337,7 @@ class BulkReExportDeclaration extends ReExportDeclaration, @export_all_declarati } /** - * Holds if the given bulk export should not re-export `name` because there is an explicit export + * Holds if the given bulk export `reExport` should not re-export `name` because there is an explicit export * of that name in the same module. * * At compile time, shadowing works across declaration spaces. diff --git a/javascript/ql/lib/semmle/javascript/Paths.qll b/javascript/ql/lib/semmle/javascript/Paths.qll index e22d5ad6132..7574fe1e301 100644 --- a/javascript/ql/lib/semmle/javascript/Paths.qll +++ b/javascript/ql/lib/semmle/javascript/Paths.qll @@ -180,7 +180,7 @@ private Path resolveUpTo(PathString p, int n, Folder root, boolean inTS) { } /** - * Gets the `i`th component of the path `str`, where `base` is the resolved path one level up. + * Gets the `n`th component of the path `str`, where `base` is the resolved path one level up. * Supports that the root directory might be compiled output from TypeScript. * `inTS` is true if the result is TypeScript that is compiled into the path specified by `str`. */ @@ -227,7 +227,7 @@ private module TypeScriptOutDir { } /** - * Gets the `outDir` option from a tsconfig file from the folder `parent`. + * Gets the "outDir" option from a `tsconfig` file from the folder `parent`. */ private string getOutDir(JsonObject tsconfig, Folder parent) { tsconfig.getFile().getBaseName().regexpMatch("tsconfig.*\\.json") and diff --git a/javascript/ql/lib/semmle/javascript/RangeAnalysis.qll b/javascript/ql/lib/semmle/javascript/RangeAnalysis.qll index 5c15ea3d3aa..9d8b3967b1c 100644 --- a/javascript/ql/lib/semmle/javascript/RangeAnalysis.qll +++ b/javascript/ql/lib/semmle/javascript/RangeAnalysis.qll @@ -260,7 +260,7 @@ module RangeAnalysis { } /** - * Holds if the given comparison can be modeled as `A B + bias` where `` is the comparison operator, + * Holds if the given `comparison` can be modeled as `A B + bias` where `` is the comparison operator, * and `A` is `a * asign` and likewise `B` is `b * bsign`. */ predicate linearComparison( @@ -310,18 +310,18 @@ module RangeAnalysis { * Holds if `guard` asserts that the outcome of `A B + bias` is true, where `` is a comparison operator. */ predicate linearComparisonGuard( - ConditionGuardNode guard, DataFlow::Node a, int asign, string operator, DataFlow::Node b, - int bsign, Bias bias + ConditionGuardNode guard, DataFlow::Node a, int asign, string op, DataFlow::Node b, int bsign, + Bias bias ) { exists(Comparison compare | compare = guard.getTest().flow().getImmediatePredecessor*().asExpr() and linearComparison(compare, a, asign, b, bsign, bias) and ( - guard.getOutcome() = true and operator = compare.getOperator() + guard.getOutcome() = true and op = compare.getOperator() or not hasNaNIndicator(guard.getContainer()) and guard.getOutcome() = false and - operator = negateOperator(compare.getOperator()) + op = negateOperator(compare.getOperator()) ) ) } @@ -657,13 +657,13 @@ module RangeAnalysis { */ pragma[noopt] private predicate reachableByNegativeEdges( - DataFlow::Node a, int asign, DataFlow::Node b, int bsign, ControlFlowNode cfg + DataFlow::Node src, int asign, DataFlow::Node dst, int bsign, ControlFlowNode cfg ) { - negativeEdge(a, asign, b, bsign, cfg) + negativeEdge(src, asign, dst, bsign, cfg) or exists(DataFlow::Node mid, int midx, ControlFlowNode midcfg | - reachableByNegativeEdges(a, asign, mid, midx, cfg) and - negativeEdge(mid, midx, b, bsign, midcfg) and + reachableByNegativeEdges(src, asign, mid, midx, cfg) and + negativeEdge(mid, midx, dst, bsign, midcfg) and exists(BasicBlock bb, int i, int j | bb.getNode(i) = midcfg and bb.getNode(j) = cfg and @@ -676,8 +676,8 @@ module RangeAnalysis { DataFlow::Node mid, int midx, ControlFlowNode midcfg, BasicBlock midBB, ReachableBasicBlock midRBB, BasicBlock cfgBB | - reachableByNegativeEdges(a, asign, mid, midx, cfg) and - negativeEdge(mid, midx, b, bsign, midcfg) and + reachableByNegativeEdges(src, asign, mid, midx, cfg) and + negativeEdge(mid, midx, dst, bsign, midcfg) and midBB = midcfg.getBasicBlock() and midRBB = midBB.(ReachableBasicBlock) and cfgBB = cfg.getBasicBlock() and diff --git a/javascript/ql/lib/semmle/javascript/SSA.qll b/javascript/ql/lib/semmle/javascript/SSA.qll index 41831a282ac..8e60fb0c3e4 100644 --- a/javascript/ql/lib/semmle/javascript/SSA.qll +++ b/javascript/ql/lib/semmle/javascript/SSA.qll @@ -501,7 +501,7 @@ class SsaExplicitDefinition extends SsaDefinition, TExplicitDef { } /** This SSA definition corresponds to the definition of `v` at `def`. */ - predicate defines(VarDef d, SsaSourceVariable v) { this = TExplicitDef(_, _, d, v) } + predicate defines(VarDef def, SsaSourceVariable v) { this = TExplicitDef(_, _, def, v) } /** Gets the variable definition wrapped by this SSA definition. */ VarDef getDef() { this = TExplicitDef(_, _, result, _) } diff --git a/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll b/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll index 5a9b3de4a9b..48ebd583c83 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll @@ -353,7 +353,7 @@ abstract class BarrierGuardNode extends DataFlow::Node { } /** - * Holds if data flow node `nd` acts as a barrier for data flow. + * Holds if data flow node `guard` acts as a barrier for data flow. * * `label` is bound to the blocked label, or the empty string if all labels should be blocked. */ @@ -382,7 +382,7 @@ private predicate barrierGuardIsRelevant(BarrierGuardNode guard) { } /** - * Holds if data flow node `nd` acts as a barrier for data flow due to aliasing through + * Holds if data flow node `guard` acts as a barrier for data flow due to aliasing through * an access path. * * `label` is bound to the blocked label, or the empty string if all labels should be blocked. @@ -1155,7 +1155,7 @@ private predicate appendStep( } /** - * Holds if a function invoked at `invk` may return an expression into which `input`, + * Holds if a function invoked at `output` may return an expression into which `input`, * which is either an argument or a definition captured by the function, flows under * configuration `cfg`, possibly through callees. */ @@ -1391,7 +1391,7 @@ private predicate reachableFromStoreBase( } /** - * Holds if `base` is the base of a write to property `prop`, and `nd` is reachable + * Holds if `base` is the base of a write to property `endProp`, and `nd` is reachable * from `base` under configuration `cfg` (possibly through callees) along a path whose * last step is summarized by `newSummary`, and the previous steps are summarized * by `oldSummary`. @@ -1752,7 +1752,7 @@ class PathNode extends TPathNode { this = MkSinkNode(nd, cfg) } - /** Holds if this path node wraps data-flow node `nd` and configuration `c`. */ + /** Holds if this path node wraps data-flow node `n` and configuration `c`. */ predicate wraps(DataFlow::Node n, DataFlow::Configuration c) { nd = n and cfg = c } /** Gets the underlying configuration of this path node. */ @@ -1867,7 +1867,7 @@ class MidPathNode extends PathNode, MkMidNode { MidPathNode() { this = MkMidNode(nd, cfg, summary) } - /** Holds if this path node wraps data-flow node `nd`, configuration `c` and summary `s`. */ + /** Holds if this path node wraps data-flow node `n`, configuration `c` and summary `s`. */ predicate wraps(DataFlow::Node n, DataFlow::Configuration c, PathSummary s) { nd = n and cfg = c and summary = s } diff --git a/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll b/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll index 247c9dfd319..eda5c2ff54f 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll @@ -1613,7 +1613,7 @@ module DataFlow { } /** - * Holds if the flow information for this node is incomplete. + * Holds if the flow information for the node `nd`. * * This predicate holds if there may be a source flow node from which data flows into * this node, but that node is not a result of `getALocalSource()` due to analysis incompleteness. diff --git a/javascript/ql/lib/semmle/javascript/dataflow/Portals.qll b/javascript/ql/lib/semmle/javascript/dataflow/Portals.qll index 299819de4cd..3a8e0b477fb 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/Portals.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/Portals.qll @@ -498,7 +498,7 @@ private module ReturnPortal { invk = callee.getAnExitNode(isRemote).getAnInvocation() } - /** Holds if `ret` is a return node of a function flowing through `callee`. */ + /** Holds if `ret` is a return node of a function flowing through `base`. */ predicate returns(Portal base, DataFlow::Node ret, boolean escapes) { ret = base.getAnEntryNode(escapes).getALocalSource().(DataFlow::FunctionNode).getAReturn() } diff --git a/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll b/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll index 184e8a255a7..45a8920cfd8 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll @@ -831,7 +831,7 @@ module TaintTracking { } /** - * Holds if the property `loadStep` should be copied from the object `pred` to the property `storeStep` of object `succ`. + * Holds if the property `loadProp` should be copied from the object `pred` to the property `storeProp` of object `succ`. * * This step is used to copy the value of our pseudo-property that can later be accessed using a `get` or `getAll` call. * For an expression `url.searchParams`, the property `hiddenUrlPseudoProperty()` from the `url` object is stored in the property `getableUrlPseudoProperty()` on `url.searchParams`. diff --git a/javascript/ql/lib/semmle/javascript/frameworks/AngularJS/AngularJSExpressions.qll b/javascript/ql/lib/semmle/javascript/frameworks/AngularJS/AngularJSExpressions.qll index 56fca49cd10..050c123e30a 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/AngularJS/AngularJSExpressions.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/AngularJS/AngularJSExpressions.qll @@ -15,11 +15,11 @@ import javascript abstract class NgSourceProvider extends Locatable { /** * Holds if this element provides the source as `src` for an AngularJS expression at the specified location. - * The location spans column `startcolumn` of line `startline` to - * column `endcolumn` of line `endline` in file `filepath`. + * The location spans column `startColumn` of line `startLine` to + * column `endColumn` of line `endLine` in file `filepath`. */ abstract predicate providesSourceAt( - string src, string path, int startLine, int startColumn, int endLine, int endColumn + string src, string filepath, int startLine, int startColumn, int endLine, int endColumn ); /** diff --git a/javascript/ql/lib/semmle/javascript/frameworks/AngularJS/ServiceDefinitions.qll b/javascript/ql/lib/semmle/javascript/frameworks/AngularJS/ServiceDefinitions.qll index dcce784cd1a..6d421de851c 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/AngularJS/ServiceDefinitions.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/AngularJS/ServiceDefinitions.qll @@ -278,11 +278,11 @@ abstract private class CustomSpecialServiceDefinition extends CustomServiceDefin bindingset[moduleMethodName] private predicate isCustomServiceDefinitionOnModule( DataFlow::CallNode mce, string moduleMethodName, string serviceName, - DataFlow::Node factoryArgument + DataFlow::Node factoryFunction ) { mce = moduleRef(_).getAMethodCall(moduleMethodName) and mce.getArgument(0).asExpr().mayHaveStringValue(serviceName) and - factoryArgument = mce.getArgument(1) + factoryFunction = mce.getArgument(1) } pragma[inline] diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Fastify.qll b/javascript/ql/lib/semmle/javascript/frameworks/Fastify.qll index a0007de194d..3516935cf54 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/Fastify.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/Fastify.qll @@ -299,7 +299,7 @@ module Fastify { } /** - * Holds if `rh` uses `plugin`. + * Holds if `rh` uses `middleware`. */ private predicate usesMiddleware(RouteHandler rh, DataFlow::SourceNode middleware) { exists(RouteSetup setup | diff --git a/javascript/ql/lib/semmle/javascript/frameworks/NodeJSLib.qll b/javascript/ql/lib/semmle/javascript/frameworks/NodeJSLib.qll index 8f2576d58d4..0c5b9bcdfa2 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/NodeJSLib.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/NodeJSLib.qll @@ -474,17 +474,17 @@ module NodeJSLib { * that receives the data. * * We determine this by looking for an externs declaration for - * `fs.methodName` where the `i`th parameter's name is `data` or + * `fs.methodName` where the `i`th parameter's name (`paramName`) is `data` or * `buffer` or a `callback`. */ - private predicate fsDataParam(string methodName, int i, string n) { + private predicate fsDataParam(string methodName, int i, string paramName) { exists(ExternalMemberDecl decl, Function f, JSDocParamTag p | decl.hasQualifiedName("fs", methodName) and f = decl.getInit() and p.getDocumentedParameter() = f.getParameter(i).getAVariable() and - n = p.getName().toLowerCase() + paramName = p.getName().toLowerCase() | - n = "data" or n = "buffer" or n = "callback" + paramName = ["data", "buffer", "callback"] ) } diff --git a/javascript/ql/lib/semmle/javascript/security/performance/ReDoSUtil.qll b/javascript/ql/lib/semmle/javascript/security/performance/ReDoSUtil.qll index 91b2d1d0378..b05435cf1f4 100644 --- a/javascript/ql/lib/semmle/javascript/security/performance/ReDoSUtil.qll +++ b/javascript/ql/lib/semmle/javascript/security/performance/ReDoSUtil.qll @@ -32,7 +32,7 @@ abstract class ReDoSConfiguration extends string { } /** - * Holds if repeating `pump' starting at `state` is a candidate for causing backtracking. + * Holds if repeating `pump` starting at `state` is a candidate for causing backtracking. * No check whether a rejected suffix exists has been made. */ private predicate isReDoSCandidate(State state, string pump) { diff --git a/javascript/ql/src/Declarations/DeadStoreOfProperty.ql b/javascript/ql/src/Declarations/DeadStoreOfProperty.ql index 48b574f8cd1..c8cb0d8536e 100644 --- a/javascript/ql/src/Declarations/DeadStoreOfProperty.ql +++ b/javascript/ql/src/Declarations/DeadStoreOfProperty.ql @@ -154,7 +154,7 @@ predicate maybeAssignsAccessedPropInBlock(DataFlow::PropWrite assign, boolean af */ private module PurityCheck { /** - * Holds if a ControlFlowNode `c` is before an impure expression inside `bb`. + * Holds if `write` is before an impure expression inside `bb`. */ predicate isBeforeImpure(DataFlow::PropWrite write, ReachableBasicBlock bb) { getANodeAfterWrite(write, bb).(Expr).isImpure() @@ -181,7 +181,7 @@ private module PurityCheck { } /** - * Holds if a ControlFlowNode `c` is after an impure expression inside `bb`. + * Holds if `write` is after an impure expression inside `bb`. */ predicate isAfterImpure(DataFlow::PropWrite write, ReachableBasicBlock bb) { getANodeBeforeWrite(write, bb).(Expr).isImpure() diff --git a/javascript/ql/src/LanguageFeatures/TemplateSyntaxInStringLiteral.ql b/javascript/ql/src/LanguageFeatures/TemplateSyntaxInStringLiteral.ql index daa34825939..f22b9779560 100644 --- a/javascript/ql/src/LanguageFeatures/TemplateSyntaxInStringLiteral.ql +++ b/javascript/ql/src/LanguageFeatures/TemplateSyntaxInStringLiteral.ql @@ -84,10 +84,10 @@ predicate hasObjectProvidingTemplateVariables(CandidateStringLiteral lit) { * Gets a declaration of variable `v` in `tl`, where `v` has the given `name` and * belongs to `scope`. */ -VarDecl getDeclIn(Variable v, Scope s, string name, CandidateTopLevel tl) { +VarDecl getDeclIn(Variable v, Scope scope, string name, CandidateTopLevel tl) { v.getName() = name and v.getADeclaration() = result and - v.getScope() = s and + v.getScope() = scope and result.getTopLevel() = tl } diff --git a/javascript/ql/src/Metrics/ES20xxFeatures.qll b/javascript/ql/src/Metrics/ES20xxFeatures.qll index 8069ba5e50f..4aaed2d0fda 100644 --- a/javascript/ql/src/Metrics/ES20xxFeatures.qll +++ b/javascript/ql/src/Metrics/ES20xxFeatures.qll @@ -6,7 +6,7 @@ import javascript /** - * Holds if `nd` is a use of a feature introduced in ECMAScript version `ver` + * Holds if `nd` is a use of a feature introduced in ECMAScript `version` * from the given category. * * Categories are taken from Kangax' [ECMAScript 6 compatibility table] diff --git a/javascript/ql/src/NodeJS/InvalidExport.ql b/javascript/ql/src/NodeJS/InvalidExport.ql index 9daa363e888..e0b4a73fd69 100644 --- a/javascript/ql/src/NodeJS/InvalidExport.ql +++ b/javascript/ql/src/NodeJS/InvalidExport.ql @@ -16,14 +16,14 @@ import javascript /** * Holds if `assign` assigns the value of `nd` to `exportsVar`, which is an `exports` variable */ -predicate exportsAssign(Assignment assgn, Variable exportsVar, DataFlow::Node nd) { +predicate exportsAssign(Assignment assign, Variable exportsVar, DataFlow::Node nd) { exists(NodeModule m | exportsVar = m.getScope().getVariable("exports") and - assgn.getLhs() = exportsVar.getAnAccess() and - nd = assgn.getRhs().flow() + assign.getLhs() = exportsVar.getAnAccess() and + nd = assign.getRhs().flow() ) or - exportsAssign(assgn, exportsVar, nd.getASuccessor()) + exportsAssign(assign, exportsVar, nd.getASuccessor()) } /** diff --git a/javascript/ql/src/Security/CWE-020/HostnameRegexpShared.qll b/javascript/ql/src/Security/CWE-020/HostnameRegexpShared.qll index 97d75d4a524..428f8992bc7 100644 --- a/javascript/ql/src/Security/CWE-020/HostnameRegexpShared.qll +++ b/javascript/ql/src/Security/CWE-020/HostnameRegexpShared.qll @@ -53,7 +53,7 @@ predicate matchesBeginningOfString(RegExpTerm term) { } /** - * Holds if the given sequence contains top-level domain preceded by a dot, such as `.com`, + * Holds if the given sequence `seq` contains top-level domain preceded by a dot, such as `.com`, * excluding cases where this is at the very beginning of the regexp. * * `i` is bound to the index of the last child in the top-level domain part. diff --git a/javascript/ql/src/Security/CWE-020/IncompleteUrlSchemeCheck.ql b/javascript/ql/src/Security/CWE-020/IncompleteUrlSchemeCheck.ql index c5fb503d176..b84e9730ed4 100644 --- a/javascript/ql/src/Security/CWE-020/IncompleteUrlSchemeCheck.ql +++ b/javascript/ql/src/Security/CWE-020/IncompleteUrlSchemeCheck.ql @@ -88,8 +88,8 @@ DataFlow::Node schemeCheck(DataFlow::Node nd, DangerousScheme scheme) { } /** Gets a data-flow node that checks an instance of `ap` against the given `scheme`. */ -DataFlow::Node schemeCheckOn(DataFlow::SourceNode root, string path, DangerousScheme scheme) { - result = schemeCheck(AccessPath::getAReferenceTo(root, path), scheme) +DataFlow::Node schemeCheckOn(DataFlow::SourceNode root, string ap, DangerousScheme scheme) { + result = schemeCheck(AccessPath::getAReferenceTo(root, ap), scheme) } from DataFlow::SourceNode root, string path, int n diff --git a/javascript/ql/src/Security/CWE-020/IncorrectSuffixCheck.ql b/javascript/ql/src/Security/CWE-020/IncorrectSuffixCheck.ql index 03a7a75828b..650b71dd62f 100644 --- a/javascript/ql/src/Security/CWE-020/IncorrectSuffixCheck.ql +++ b/javascript/ql/src/Security/CWE-020/IncorrectSuffixCheck.ql @@ -84,7 +84,7 @@ class LiteralLengthExpr extends DotExpr { } /** - * Holds if `length` is derived from the length of the given `indexOf`-operand. + * Holds if `length` is derived from the length of the given indexOf `operand`. */ predicate isDerivedFromLength(DataFlow::Node length, DataFlow::Node operand) { exists(IndexOfCall call | operand = call.getAnOperand() | diff --git a/javascript/ql/src/definitions.qll b/javascript/ql/src/definitions.qll index 4d0c0d50176..7b4806b1478 100644 --- a/javascript/ql/src/definitions.qll +++ b/javascript/ql/src/definitions.qll @@ -45,7 +45,7 @@ private predicate variableDefLookup(VarAccess va, AstNode def, string kind) { /** * Holds if variable access `va` is of kind `kind` and refers to the - * variable declaration. + * variable declaration `decl`. * * For example, in the statement `var x = 42, y = x;`, the initializing * expression of `y` is a variable access `x` of kind `"V"` that refers to diff --git a/javascript/ql/src/external/DefectFilter.qll b/javascript/ql/src/external/DefectFilter.qll index 40c9527e96d..558d5ef77b6 100644 --- a/javascript/ql/src/external/DefectFilter.qll +++ b/javascript/ql/src/external/DefectFilter.qll @@ -5,8 +5,8 @@ import semmle.javascript.Files /** * Holds if `id` in the opaque identifier of a result reported by query `queryPath`, * such that `message` is the associated message and the location of the result spans - * column `startcolumn` of line `startline` to column `endcolumn` of line `endline` - * in file `filepath`. + * column `startcol` of line `startline` to column `endcol` of line `endline` + * in `file`. * * For more information, see [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). */ diff --git a/javascript/ql/src/external/MetricFilter.qll b/javascript/ql/src/external/MetricFilter.qll index a857a4fad3e..f195060b60c 100644 --- a/javascript/ql/src/external/MetricFilter.qll +++ b/javascript/ql/src/external/MetricFilter.qll @@ -5,8 +5,8 @@ import javascript /** * Holds if `id` in the opaque identifier of a result reported by query `queryPath`, * such that `value` is the reported metric value and the location of the result spans - * column `startcolumn` of line `startline` to column `endcolumn` of line `endline` - * in file `filepath`. + * column `startcol` of line `startline` to column `endcol` of line `endline` + * in `file`. * * For more information, see [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). */