JS: fix most ql/missing-parameter-qldoc issues

2025-12-21 19:26:31 +01:00 · 2021-12-19 23:01:53 +01:00
parent ecd3aceb07
commit efba220b45
25 changed files with 55 additions and 55 deletions
--- a/javascript/ql/lib/semmle/javascript/BasicBlocks.qll
+++ b/javascript/ql/lib/semmle/javascript/BasicBlocks.qll
@@ -146,7 +146,7 @@ class BasicBlock extends @cfg_node, NodeInStmtContainer {
  /** Holds if this basic block uses variable `v` in its `i`th node `u`. */
  predicate useAt(int i, Variable v, VarUse u) { useAt(this, i, v, u) }

-  /** Holds if this basic block defines variable `v` in its `i`th node `u`. */
+  /** Holds if this basic block defines variable `v` in its `i`th node `d`. */
  predicate defAt(int i, Variable v, VarDef d) { defAt(this, i, v, d) }

  /**
--- a/javascript/ql/lib/semmle/javascript/CharacterEscapes.qll
+++ b/javascript/ql/lib/semmle/javascript/CharacterEscapes.qll
@@ -75,7 +75,7 @@ module CharacterEscapes {
  }

  /**
-   * Gets a character in `n` that is preceded by a single useless backslash, resulting in a likely regular expression mistake explained by `mistake`.
+   * Gets a character in `src` that is preceded by a single useless backslash, resulting in a likely regular expression mistake explained by `mistake`.
   *
   * The character is the `i`th character of the raw string value of `rawStringNode`.
   */
--- a/javascript/ql/lib/semmle/javascript/ES2015Modules.qll
+++ b/javascript/ql/lib/semmle/javascript/ES2015Modules.qll
@@ -337,7 +337,7 @@ class BulkReExportDeclaration extends ReExportDeclaration, @export_all_declarati
 }

 /**
- * Holds if the given bulk export should not re-export `name` because there is an explicit export
+ * Holds if the given bulk export `reExport` should not re-export `name` because there is an explicit export
 * of that name in the same module.
 *
 * At compile time, shadowing works across declaration spaces.
--- a/javascript/ql/lib/semmle/javascript/Paths.qll
+++ b/javascript/ql/lib/semmle/javascript/Paths.qll
@@ -180,7 +180,7 @@ private Path resolveUpTo(PathString p, int n, Folder root, boolean inTS) {
 }

 /**
- * Gets the `i`th component of the path `str`, where `base` is the resolved path one level up.
+ * Gets the `n`th component of the path `str`, where `base` is the resolved path one level up.
 * Supports that the root directory might be compiled output from TypeScript.
 * `inTS` is true if the result is TypeScript that is compiled into the path specified by `str`.
 */
@@ -227,7 +227,7 @@ private module TypeScriptOutDir {
  }

  /**
-   * Gets the `outDir` option from a tsconfig file from the folder `parent`.
+   * Gets the "outDir" option from a `tsconfig` file from the folder `parent`.
   */
  private string getOutDir(JsonObject tsconfig, Folder parent) {
    tsconfig.getFile().getBaseName().regexpMatch("tsconfig.*\\.json") and
--- a/javascript/ql/lib/semmle/javascript/RangeAnalysis.qll
+++ b/javascript/ql/lib/semmle/javascript/RangeAnalysis.qll
@@ -260,7 +260,7 @@ module RangeAnalysis {
  }

  /**
-   * Holds if the given comparison can be modeled as `A <op> B + bias` where `<op>` is the comparison operator,
+   * Holds if the given `comparison` can be modeled as `A <op> B + bias` where `<op>` is the comparison operator,
   * and `A` is `a * asign` and likewise `B` is `b * bsign`.
   */
  predicate linearComparison(
@@ -310,18 +310,18 @@ module RangeAnalysis {
   * Holds if `guard` asserts that the outcome of `A <op> B + bias` is true, where `<op>` is a comparison operator.
   */
  predicate linearComparisonGuard(
-    ConditionGuardNode guard, DataFlow::Node a, int asign, string operator, DataFlow::Node b,
-    int bsign, Bias bias
+    ConditionGuardNode guard, DataFlow::Node a, int asign, string op, DataFlow::Node b, int bsign,
+    Bias bias
  ) {
    exists(Comparison compare |
      compare = guard.getTest().flow().getImmediatePredecessor*().asExpr() and
      linearComparison(compare, a, asign, b, bsign, bias) and
      (
-        guard.getOutcome() = true and operator = compare.getOperator()
+        guard.getOutcome() = true and op = compare.getOperator()
        or
        not hasNaNIndicator(guard.getContainer()) and
        guard.getOutcome() = false and
-        operator = negateOperator(compare.getOperator())
+        op = negateOperator(compare.getOperator())
      )
    )
  }
@@ -657,13 +657,13 @@ module RangeAnalysis {
   */
  pragma[noopt]
  private predicate reachableByNegativeEdges(
-    DataFlow::Node a, int asign, DataFlow::Node b, int bsign, ControlFlowNode cfg
+    DataFlow::Node src, int asign, DataFlow::Node dst, int bsign, ControlFlowNode cfg
  ) {
-    negativeEdge(a, asign, b, bsign, cfg)
+    negativeEdge(src, asign, dst, bsign, cfg)
    or
    exists(DataFlow::Node mid, int midx, ControlFlowNode midcfg |
-      reachableByNegativeEdges(a, asign, mid, midx, cfg) and
-      negativeEdge(mid, midx, b, bsign, midcfg) and
+      reachableByNegativeEdges(src, asign, mid, midx, cfg) and
+      negativeEdge(mid, midx, dst, bsign, midcfg) and
      exists(BasicBlock bb, int i, int j |
        bb.getNode(i) = midcfg and
        bb.getNode(j) = cfg and
@@ -676,8 +676,8 @@ module RangeAnalysis {
      DataFlow::Node mid, int midx, ControlFlowNode midcfg, BasicBlock midBB,
      ReachableBasicBlock midRBB, BasicBlock cfgBB
    |
-      reachableByNegativeEdges(a, asign, mid, midx, cfg) and
-      negativeEdge(mid, midx, b, bsign, midcfg) and
+      reachableByNegativeEdges(src, asign, mid, midx, cfg) and
+      negativeEdge(mid, midx, dst, bsign, midcfg) and
      midBB = midcfg.getBasicBlock() and
      midRBB = midBB.(ReachableBasicBlock) and
      cfgBB = cfg.getBasicBlock() and
--- a/javascript/ql/lib/semmle/javascript/SSA.qll
+++ b/javascript/ql/lib/semmle/javascript/SSA.qll
@@ -501,7 +501,7 @@ class SsaExplicitDefinition extends SsaDefinition, TExplicitDef {
  }

  /** This SSA definition corresponds to the definition of `v` at `def`. */
-  predicate defines(VarDef d, SsaSourceVariable v) { this = TExplicitDef(_, _, d, v) }
+  predicate defines(VarDef def, SsaSourceVariable v) { this = TExplicitDef(_, _, def, v) }

  /** Gets the variable definition wrapped by this SSA definition. */
  VarDef getDef() { this = TExplicitDef(_, _, result, _) }
--- a/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll
+++ b/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll
@@ -353,7 +353,7 @@ abstract class BarrierGuardNode extends DataFlow::Node {
 }

 /**
- * Holds if data flow node `nd` acts as a barrier for data flow.
+ * Holds if data flow node `guard` acts as a barrier for data flow.
 *
 * `label` is bound to the blocked label, or the empty string if all labels should be blocked.
 */
@@ -382,7 +382,7 @@ private predicate barrierGuardIsRelevant(BarrierGuardNode guard) {
 }

 /**
- * Holds if data flow node `nd` acts as a barrier for data flow due to aliasing through
+ * Holds if data flow node `guard` acts as a barrier for data flow due to aliasing through
 * an access path.
 *
 * `label` is bound to the blocked label, or the empty string if all labels should be blocked.
@@ -1155,7 +1155,7 @@ private predicate appendStep(
 }

 /**
- * Holds if a function invoked at `invk` may return an expression into which `input`,
+ * Holds if a function invoked at `output` may return an expression into which `input`,
 * which is either an argument or a definition captured by the function, flows under
 * configuration `cfg`, possibly through callees.
 */
@@ -1391,7 +1391,7 @@ private predicate reachableFromStoreBase(
 }

 /**
- * Holds if `base` is the base of a write to property `prop`, and `nd` is reachable
+ * Holds if `base` is the base of a write to property `endProp`, and `nd` is reachable
 * from `base` under configuration `cfg` (possibly through callees) along a path whose
 * last step is summarized by `newSummary`, and the previous steps are summarized
 * by `oldSummary`.
@@ -1752,7 +1752,7 @@ class PathNode extends TPathNode {
    this = MkSinkNode(nd, cfg)
  }

-  /** Holds if this path node wraps data-flow node `nd` and configuration `c`. */
+  /** Holds if this path node wraps data-flow node `n` and configuration `c`. */
  predicate wraps(DataFlow::Node n, DataFlow::Configuration c) { nd = n and cfg = c }

  /** Gets the underlying configuration of this path node. */
@@ -1867,7 +1867,7 @@ class MidPathNode extends PathNode, MkMidNode {

  MidPathNode() { this = MkMidNode(nd, cfg, summary) }

-  /** Holds if this path node wraps data-flow node `nd`, configuration `c` and summary `s`. */
+  /** Holds if this path node wraps data-flow node `n`, configuration `c` and summary `s`. */
  predicate wraps(DataFlow::Node n, DataFlow::Configuration c, PathSummary s) {
    nd = n and cfg = c and summary = s
  }
--- a/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll
+++ b/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll
@@ -1613,7 +1613,7 @@ module DataFlow {
  }

  /**
-   * Holds if the flow information for this node is incomplete.
+   * Holds if the flow information for the node `nd`.
   *
   * This predicate holds if there may be a source flow node from which data flows into
   * this node, but that node is not a result of `getALocalSource()` due to analysis incompleteness.
--- a/javascript/ql/lib/semmle/javascript/dataflow/Portals.qll
+++ b/javascript/ql/lib/semmle/javascript/dataflow/Portals.qll
@@ -498,7 +498,7 @@ private module ReturnPortal {
    invk = callee.getAnExitNode(isRemote).getAnInvocation()
  }

-  /** Holds if `ret` is a return node of a function flowing through `callee`. */
+  /** Holds if `ret` is a return node of a function flowing through `base`. */
  predicate returns(Portal base, DataFlow::Node ret, boolean escapes) {
    ret = base.getAnEntryNode(escapes).getALocalSource().(DataFlow::FunctionNode).getAReturn()
  }
--- a/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll
+++ b/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll
@@ -831,7 +831,7 @@ module TaintTracking {
    }

    /**
-     * Holds if the property `loadStep` should be copied from the object `pred` to the property `storeStep` of object `succ`.
+     * Holds if the property `loadProp` should be copied from the object `pred` to the property `storeProp` of object `succ`.
     *
     * This step is used to copy the value of our pseudo-property that can later be accessed using a `get` or `getAll` call.
     * For an expression `url.searchParams`, the property `hiddenUrlPseudoProperty()` from the `url` object is stored in the property `getableUrlPseudoProperty()` on `url.searchParams`.
--- a/javascript/ql/lib/semmle/javascript/frameworks/AngularJS/AngularJSExpressions.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/AngularJS/AngularJSExpressions.qll
@@ -15,11 +15,11 @@ import javascript
 abstract class NgSourceProvider extends Locatable {
  /**
   * Holds if this element provides the source as `src` for an AngularJS expression at the specified location.
-   * The location spans column `startcolumn` of line `startline` to
-   * column `endcolumn` of line `endline` in file `filepath`.
+   * The location spans column `startColumn` of line `startLine` to
+   * column `endColumn` of line `endLine` in file `filepath`.
   */
  abstract predicate providesSourceAt(
-    string src, string path, int startLine, int startColumn, int endLine, int endColumn
+    string src, string filepath, int startLine, int startColumn, int endLine, int endColumn
  );

  /**
--- a/javascript/ql/lib/semmle/javascript/frameworks/AngularJS/ServiceDefinitions.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/AngularJS/ServiceDefinitions.qll
@@ -278,11 +278,11 @@ abstract private class CustomSpecialServiceDefinition extends CustomServiceDefin
 bindingset[moduleMethodName]
 private predicate isCustomServiceDefinitionOnModule(
  DataFlow::CallNode mce, string moduleMethodName, string serviceName,
-  DataFlow::Node factoryArgument
+  DataFlow::Node factoryFunction
 ) {
  mce = moduleRef(_).getAMethodCall(moduleMethodName) and
  mce.getArgument(0).asExpr().mayHaveStringValue(serviceName) and
-  factoryArgument = mce.getArgument(1)
+  factoryFunction = mce.getArgument(1)
 }

 pragma[inline]
--- a/javascript/ql/lib/semmle/javascript/frameworks/Fastify.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/Fastify.qll
@@ -299,7 +299,7 @@ module Fastify {
  }

  /**
-   * Holds if `rh` uses `plugin`.
+   * Holds if `rh` uses `middleware`.
   */
  private predicate usesMiddleware(RouteHandler rh, DataFlow::SourceNode middleware) {
    exists(RouteSetup setup |
--- a/javascript/ql/lib/semmle/javascript/frameworks/NodeJSLib.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/NodeJSLib.qll
@@ -474,17 +474,17 @@ module NodeJSLib {
   * that receives the data.
   *
   * We determine this by looking for an externs declaration for
-   * `fs.methodName` where the `i`th parameter's name is `data` or
+   * `fs.methodName` where the `i`th parameter's name (`paramName`) is `data` or
   * `buffer` or a `callback`.
   */
-  private predicate fsDataParam(string methodName, int i, string n) {
+  private predicate fsDataParam(string methodName, int i, string paramName) {
    exists(ExternalMemberDecl decl, Function f, JSDocParamTag p |
      decl.hasQualifiedName("fs", methodName) and
      f = decl.getInit() and
      p.getDocumentedParameter() = f.getParameter(i).getAVariable() and
-      n = p.getName().toLowerCase()
+      paramName = p.getName().toLowerCase()
    |
-      n = "data" or n = "buffer" or n = "callback"
+      paramName = ["data", "buffer", "callback"]
    )
  }

--- a/javascript/ql/lib/semmle/javascript/security/performance/ReDoSUtil.qll
+++ b/javascript/ql/lib/semmle/javascript/security/performance/ReDoSUtil.qll
@@ -32,7 +32,7 @@ abstract class ReDoSConfiguration extends string {
 }

 /**
- * Holds if repeating `pump' starting at `state` is a candidate for causing backtracking.
+ * Holds if repeating `pump` starting at `state` is a candidate for causing backtracking.
 * No check whether a rejected suffix exists has been made.
 */
 private predicate isReDoSCandidate(State state, string pump) {
--- a/javascript/ql/src/Declarations/DeadStoreOfProperty.ql
+++ b/javascript/ql/src/Declarations/DeadStoreOfProperty.ql
@@ -154,7 +154,7 @@ predicate maybeAssignsAccessedPropInBlock(DataFlow::PropWrite assign, boolean af
 */
 private module PurityCheck {
  /**
-   * Holds if a ControlFlowNode `c` is before an impure expression inside `bb`.
+   * Holds if `write` is before an impure expression inside `bb`.
   */
  predicate isBeforeImpure(DataFlow::PropWrite write, ReachableBasicBlock bb) {
    getANodeAfterWrite(write, bb).(Expr).isImpure()
@@ -181,7 +181,7 @@ private module PurityCheck {
  }

  /**
-   * Holds if a ControlFlowNode `c` is after an impure expression inside `bb`.
+   * Holds if `write` is after an impure expression inside `bb`.
   */
  predicate isAfterImpure(DataFlow::PropWrite write, ReachableBasicBlock bb) {
    getANodeBeforeWrite(write, bb).(Expr).isImpure()
--- a/javascript/ql/src/LanguageFeatures/TemplateSyntaxInStringLiteral.ql
+++ b/javascript/ql/src/LanguageFeatures/TemplateSyntaxInStringLiteral.ql
@@ -84,10 +84,10 @@ predicate hasObjectProvidingTemplateVariables(CandidateStringLiteral lit) {
 * Gets a declaration of variable `v` in `tl`, where `v` has the given `name` and
 * belongs to `scope`.
 */
-VarDecl getDeclIn(Variable v, Scope s, string name, CandidateTopLevel tl) {
+VarDecl getDeclIn(Variable v, Scope scope, string name, CandidateTopLevel tl) {
  v.getName() = name and
  v.getADeclaration() = result and
-  v.getScope() = s and
+  v.getScope() = scope and
  result.getTopLevel() = tl
 }

--- a/javascript/ql/src/Metrics/ES20xxFeatures.qll
+++ b/javascript/ql/src/Metrics/ES20xxFeatures.qll
@@ -6,7 +6,7 @@
 import javascript

 /**
- * Holds if `nd` is a use of a feature introduced in ECMAScript version `ver`
+ * Holds if `nd` is a use of a feature introduced in ECMAScript `version`
 * from the given category.
 *
 * Categories are taken from Kangax' [ECMAScript 6 compatibility table]
--- a/javascript/ql/src/NodeJS/InvalidExport.ql
+++ b/javascript/ql/src/NodeJS/InvalidExport.ql
@@ -16,14 +16,14 @@ import javascript
 /**
 * Holds if `assign` assigns the value of `nd` to `exportsVar`, which is an `exports` variable
 */
-predicate exportsAssign(Assignment assgn, Variable exportsVar, DataFlow::Node nd) {
+predicate exportsAssign(Assignment assign, Variable exportsVar, DataFlow::Node nd) {
  exists(NodeModule m |
    exportsVar = m.getScope().getVariable("exports") and
-    assgn.getLhs() = exportsVar.getAnAccess() and
-    nd = assgn.getRhs().flow()
+    assign.getLhs() = exportsVar.getAnAccess() and
+    nd = assign.getRhs().flow()
  )
  or
-  exportsAssign(assgn, exportsVar, nd.getASuccessor())
+  exportsAssign(assign, exportsVar, nd.getASuccessor())
 }

 /**
--- a/javascript/ql/src/Security/CWE-020/HostnameRegexpShared.qll
+++ b/javascript/ql/src/Security/CWE-020/HostnameRegexpShared.qll
@@ -53,7 +53,7 @@ predicate matchesBeginningOfString(RegExpTerm term) {
 }

 /**
- * Holds if the given sequence contains top-level domain preceded by a dot, such as `.com`,
+ * Holds if the given sequence `seq` contains top-level domain preceded by a dot, such as `.com`,
 * excluding cases where this is at the very beginning of the regexp.
 *
 * `i` is bound to the index of the last child in the top-level domain part.
--- a/javascript/ql/src/Security/CWE-020/IncompleteUrlSchemeCheck.ql
+++ b/javascript/ql/src/Security/CWE-020/IncompleteUrlSchemeCheck.ql
@@ -88,8 +88,8 @@ DataFlow::Node schemeCheck(DataFlow::Node nd, DangerousScheme scheme) {
 }

 /** Gets a data-flow node that checks an instance of `ap` against the given `scheme`. */
-DataFlow::Node schemeCheckOn(DataFlow::SourceNode root, string path, DangerousScheme scheme) {
-  result = schemeCheck(AccessPath::getAReferenceTo(root, path), scheme)
+DataFlow::Node schemeCheckOn(DataFlow::SourceNode root, string ap, DangerousScheme scheme) {
+  result = schemeCheck(AccessPath::getAReferenceTo(root, ap), scheme)
 }

 from DataFlow::SourceNode root, string path, int n
--- a/javascript/ql/src/Security/CWE-020/IncorrectSuffixCheck.ql
+++ b/javascript/ql/src/Security/CWE-020/IncorrectSuffixCheck.ql
@@ -84,7 +84,7 @@ class LiteralLengthExpr extends DotExpr {
 }

 /**
- * Holds if `length` is derived from the length of the given `indexOf`-operand.
+ * Holds if `length` is derived from the length of the given indexOf `operand`.
 */
 predicate isDerivedFromLength(DataFlow::Node length, DataFlow::Node operand) {
  exists(IndexOfCall call | operand = call.getAnOperand() |
--- a/javascript/ql/src/definitions.qll
+++ b/javascript/ql/src/definitions.qll
@@ -45,7 +45,7 @@ private predicate variableDefLookup(VarAccess va, AstNode def, string kind) {

 /**
 * Holds if variable access `va` is of kind `kind` and refers to the
- * variable declaration.
+ * variable declaration `decl`.
 *
 * For example, in the statement `var x = 42, y = x;`, the initializing
 * expression of `y` is a variable access `x` of kind `"V"` that refers to
--- a/javascript/ql/src/external/DefectFilter.qll
+++ b/javascript/ql/src/external/DefectFilter.qll
@@ -5,8 +5,8 @@ import semmle.javascript.Files
 /**
 * Holds if `id` in the opaque identifier of a result reported by query `queryPath`,
 * such that `message` is the associated message and the location of the result spans
- * column `startcolumn` of line `startline` to column `endcolumn` of line `endline`
- * in file `filepath`.
+ * column `startcol` of line `startline` to column `endcol` of line `endline`
+ * in `file`.
 *
 * For more information, see [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
 */
--- a/javascript/ql/src/external/MetricFilter.qll
+++ b/javascript/ql/src/external/MetricFilter.qll
@@ -5,8 +5,8 @@ import javascript
 /**
 * Holds if `id` in the opaque identifier of a result reported by query `queryPath`,
 * such that `value` is the reported metric value and the location of the result spans
- * column `startcolumn` of line `startline` to column `endcolumn` of line `endline`
- * in file `filepath`.
+ * column `startcol` of line `startline` to column `endcol` of line `endline`
+ * in `file`.
 *
 * For more information, see [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
 */