github · jketema · Oct 12, 2022 · Oct 9, 2022 · Oct 9, 2022 · Oct 9, 2022
@@ -11,7 +11,7 @@ caused by an unhandled case.</p>
 
 </overview>
 <recommendation>
-<p>Check that the unused static variable does not indicate a defect, for example, an unhandled case. If the static variable is genuinuely not needed, 
+<p>Check that the unused static variable does not indicate a defect, for example, an unhandled case. If the static variable is genuinely not needed, 
 then removing it will make code more readable. If the static variable is needed then you should update the code to fix the defect.</p>
 
 </recommendation>

@@ -19,7 +19,7 @@ This can occur when an operation performed on the open descriptor fails, and the
 
 <example>
 <p>In the example below, the <code>sockfd</code> socket may remain open if an error is triggered. 
-The code should be updated to ensure that the socket is always closed when when the function ends.
+The code should be updated to ensure that the socket is always closed when the function ends.
 </p>
 <sample src="DescriptorMayNotBeClosed.cpp" />
 </example>

@@ -15,7 +15,7 @@ As an exception, because their purpose is usually obvious, it is not necessary t
 </overview>
 <recommendation>
 <p>
-Add comments to document the purpose of the function. In particular, ensure that the public API of the function is carefully documented. This reduces the chance that a future change to the function will introduce a defect by changing the API and breaking the expections of the calling functions.
+Add comments to document the purpose of the function. In particular, ensure that the public API of the function is carefully documented. This reduces the chance that a future change to the function will introduce a defect by changing the API and breaking the expectations of the calling functions.
 </p>
 
 </recommendation>

@@ -6,7 +6,7 @@
 
 <overview>
 <p>
-This rule finds comparison expressions that use 2 or more comparison operators and are not completely paranthesized. 
+This rule finds comparison expressions that use 2 or more comparison operators and are not completely parenthesized. 
 It is best to fully parenthesize complex comparison expressions to explicitly define the order of the comparison operators.
 </p> 
 

@@ -6,9 +6,9 @@
 <overview>
 <p>This rule finds logical-not operator usage as an operator for in a bit-wise operation.</p>
 
-<p>Due to the nature of logical operation result value, only the lowest bit could possibly be set, and it is unlikely to be intent in bitwise opeartions. Violations are often indicative of a typo, using a logical-not (<code>!</code>) opeartor instead of the bit-wise not (<code>~</code>) operator. </p>
+<p>Due to the nature of logical operation result value, only the lowest bit could possibly be set, and it is unlikely to be intent in bitwise operations. Violations are often indicative of a typo, using a logical-not (<code>!</code>) operator instead of the bit-wise not (<code>~</code>) operator. </p>
 <p>This rule is restricted to analyze bit-wise and (<code>&amp;</code>) and bit-wise or (<code>|</code>) operation in order to provide better precision.</p>
-<p>This rule ignores instances where a double negation (<code>!!</code>) is explicitly used as the opeartor of the bitwise operation, as this is a commonly used as a mechanism to normalize an integer value to either 1 or 0.</p>
+<p>This rule ignores instances where a double negation (<code>!!</code>) is explicitly used as the operator of the bitwise operation, as this is a commonly used as a mechanism to normalize an integer value to either 1 or 0.</p>
 <p>NOTE: It is not recommended to use this rule in kernel code or older C code as it will likely find several false positive instances.</p>
 
 </overview>

@@ -49,7 +49,7 @@ pointer overflow.
 
 <p>
 While it's not the subject of this query, the expression <code>ptr + i &lt;
-ptr_end</code> is also an invalid range check. It's undefined behavor in
+ptr_end</code> is also an invalid range check. It's undefined behavior in
 C/C++ to create a pointer that points more than one past the end of an
 allocation.
 </p>

@@ -12,7 +12,7 @@ the third argument to the entire size of the destination buffer.
 Executing a call of this type may cause a buffer overflow unless the buffer is known to be empty.</p>
 
 <p>Similarly, calls of the form <code>strncat(dest, src, sizeof (dest) - strlen (dest))</code> allow one
-byte to be written ouside the <code>dest</code> buffer.</p>
+byte to be written outside the <code>dest</code> buffer.</p>
 
 <p>Buffer overflows can lead to anything from a segmentation fault to a security vulnerability.</p>
 

@@ -6,7 +6,7 @@
 <p>
 This metric provides an indication of the lack of cohesion of a class, 
 using a method proposed by Chidamber and Kemerer in 1994. The idea
-behind measuring a class's cohesion is that most funcions in well-designed
+behind measuring a class's cohesion is that most functions in well-designed
 classes will access the same fields. Types that exhibit a lack of cohesion
 are often trying to take on multiple responsibilities, and should be split
 into several smaller classes.

@@ -11,7 +11,7 @@
       by changes to other packages. If this metric value is high, a package is easily 
       influenced. If the values is low, the impact of changes to other packages is likely to be minimal. Instability 
       is estimated as the number of outgoing dependencies relative to the total
-      number of depencies.</p>
+      number of dependencies.</p>
 </overview>
 
 <references>

@@ -11,7 +11,7 @@
       by changes to other packages. If this metric value is high, a package is easily 
       influenced. If the values is low, the impact of changes to other packages is likely to be minimal. Instability 
       is estimated as the number of outgoing dependencies relative to the total
-      number of depencies.</p>
+      number of dependencies.</p>
 </overview>
 
 <references>

@@ -5,7 +5,7 @@
 
 <overview>
   <p>This query indicates that a call is setting the DACL field in a <code>SECURITY_DESCRIPTOR</code> to null.</p>
-  <p>When using <code>SetSecurityDescriptorDacl</code> to set a discretionary access control (DACL), setting the <code>bDaclPresent</code> argument to <code>TRUE</code> indicates the prescence of a DACL in the security description in the argument <code>pDacl</code>.</p>
+  <p>When using <code>SetSecurityDescriptorDacl</code> to set a discretionary access control (DACL), setting the <code>bDaclPresent</code> argument to <code>TRUE</code> indicates the presence of a DACL in the security description in the argument <code>pDacl</code>.</p>
   <p>When the <code>pDacl</code> parameter does not point to a DACL (i.e. it is <code>NULL</code>) and the <code>bDaclPresent</code> flag is <code>TRUE</code>, a <code>NULL DACL</code> is specified.</p>
   <p>A <code>NULL DACL</code> grants full access to any user who requests it; normal security checking is not performed with respect to the object.</p>
 </overview>

@@ -12,7 +12,7 @@ The user should check the return value of `scanf` and related functions and chec
 </p>
 </recommendation>
 <example>
-<p>The first first example below is correct, as value of `i` is only read once it is checked that `scanf` has read one item. The second example is incorrect, as the return value of `scanf` is not checked, and as `scanf` might have failed to read any item before returning.</p>
+<p>The first example below is correct, as value of `i` is only read once it is checked that `scanf` has read one item. The second example is incorrect, as the return value of `scanf` is not checked, and as `scanf` might have failed to read any item before returning.</p>
 <sample src="ImproperCheckReturnValueScanf.cpp" />
 
 </example>

@@ -5,12 +5,12 @@
 <overview>
 <p>
 Some header files, such as those which define structures or classes, cannot be included more than once within a translation unit, as doing so would
-cause a redefinition error. Such headers must be guarded to prevent ill-effects from multiple inclusion. Simlarly, if header files include other
+cause a redefinition error. Such headers must be guarded to prevent ill-effects from multiple inclusion. Similarly, if header files include other
 header files, and this inclusion graph contains a cycle, then at least one file within the cycle must contain header guards in order to break the
 cycle. Because of cases like these, all headers should be guarded as a matter of good practice, even if they do not strictly need to be.
 </p>
 <p>
-Furthermore, most modern compilers contain optimisations which are triggered by header guards. If the header guard strictly conforms to the pattern
+Furthermore, most modern compilers contain optimizations which are triggered by header guards. If the header guard strictly conforms to the pattern
 that compilers expect, then inclusions of that header other than the first have absolutely no effect: the file isn't re-read from disk, nor is it
 re-tokenised or re-preprocessed. This can result in a noticeable, albeit minor, improvement to compilation time.
 </p>

@@ -18,7 +18,7 @@ more difficult to change which implementation you are using at a later date.</p>
 </example>
 <references>
 
-  <li>C# Corner, <a href="http://www.c-sharpcorner.com/UploadFile/rmcochran/csharp_interrfaces03052006095933AM/csharp_interrfaces.aspx">C# Interface Based Development</a>.</li>
+  <li>C# Corner, <a href="https://www.c-sharpcorner.com/article/C-Sharp-interface-based-development/">C# Interface Based Development</a>.</li>
 
 </references>
 </qhelp>
@@ -5,7 +5,7 @@
   <overview>
     <p>
     Comparisons which always yield the same result are unnecessary and may indicate a bug in the
-    logic. This can can happen when the data type of one of the operands has a limited range of values.
+    logic. This can happen when the data type of one of the operands has a limited range of values.
     For example unsigned integers are always greater than or equal to zero, and <code>byte</code>
     values are always less than 256.
     </p>

@@ -9,7 +9,7 @@
   </p>
 </overview>
 <recommendation>
-  <p>Use speific era when creating DateTime and DateTimeOffset structs from previously stored date in Japanese calendar</p>
+  <p>Use specific era when creating DateTime and DateTimeOffset structs from previously stored date in Japanese calendar</p>
   <p>Don't store dates in Japanese format</p>
   <p>Don't use hard-coded era start date for date calculations converting dates from Japanese date format</p>
   <p>Use <code>JapaneseCalendar</code> class for date formatting only</p>

@@ -6,7 +6,7 @@
 <include src="ThreadUnsafeICryptoTransformOverview.inc.qhelp" />
 </overview>
 <recommendation>
-<p>Create new instances of the object that implements or has a field of type <code>System.Security.Cryptography.ICryptoTransform</code> to avoid sharing it accross multiple threads.</p>
+<p>Create new instances of the object that implements or has a field of type <code>System.Security.Cryptography.ICryptoTransform</code> to avoid sharing it across multiple threads.</p>
 
 </recommendation>
 <example>

@@ -4,7 +4,7 @@
 <qhelp>
 <overview>
 <p>ECB should not be used as a mode for encryption. It has dangerous weaknesses. Data is encrypted the same way every time 
-meaning the same plaintext input will always produce the same cyphertext. This makes encrypted messages vulnerable 
+meaning the same plaintext input will always produce the same ciphertext. This makes encrypted messages vulnerable 
 to replay attacks.</p>
 
 </overview>

@@ -30,7 +30,7 @@ When the allow list contains only a single host key then the function <code>Fixe
 </recommendation>
 
 <example>
-<p>The following example shows the use of <code>InsecureIgnoreHostKey</code> and an insecure host key callback implemention commonly used in non-production code.</p>
+<p>The following example shows the use of <code>InsecureIgnoreHostKey</code> and an insecure host key callback implementation commonly used in non-production code.</p>
 
 <sample src="InsecureHostKeyCallbackExample.go" />
 

@@ -18,7 +18,7 @@
      <recommendation>
 
           <p>
-               Generating a cryptograhically secure secret key during application initialization and using this generated key for future JWT signing requests can prevent this vulnerability.
+               Generating a cryptographically secure secret key during application initialization and using this generated key for future JWT signing requests can prevent this vulnerability.
           </p>
 
      </recommendation>

@@ -18,7 +18,7 @@ possibly causing a divide-by-zero panic.
         </p>
         <sample src="DivideByZeroBad.go" />
         <p>
-This can be fixed by testing the divisor against against zero:
+This can be fixed by testing the divisor against zero:
         </p>
         <sample src="DivideByZeroGood.go" />
     </example>

@@ -14,7 +14,7 @@ server side request forgery attacks, where the attacker controls the request tar
 <p>
 To guard against server side request forgery, it is advisable to avoid putting user input directly into a
 network request. If using user input is necessary, then it must be validated. It is recommended to only allow
-user input consisting of alphanumeric characters. Simply URL-encoding other chracters is not always a solution,
+user input consisting of alphanumeric characters. Simply URL-encoding other characters is not always a solution,
 for example because a downstream entity that is itself vulnerable may decode again before forwarding the request.
 </p>
 </recommendation>

@@ -120,7 +120,7 @@ func main() {
 			}
 		})
 		http.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) {
-			// OK-ish: the input origin header is validated agains a whitelist.
+			// OK-ish: the input origin header is validated against a whitelist.
 			responseHeader := w.Header()
 			{
 				origin := req.Header.Get("origin")
@@ -137,7 +137,7 @@ func main() {
 		})
 		http.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) {
 			originSuffix := ".example.com"
-			// OK-ish: the input origin header is validated agains a suffix.
+			// OK-ish: the input origin header is validated against a suffix.
 			origin := req.Header.Get("Origin")
 			if origin != "" && (originSuffix == "" || strings.HasSuffix(origin, originSuffix)) {
 				w.Header().Set("Access-Control-Allow-Origin", origin)
@@ -152,7 +152,7 @@ func main() {
 		})
 		http.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) {
 			originSuffix := ".example.com"
-			// OK-ish: the input origin header is validated agains a whitelist.
+			// OK-ish: the input origin header is validated against a whitelist.
 			origin := req.Header.Get("Origin")
 			if origin != "" && (originSuffix == "" || AccessControlAllowOrigins[origin]) {
 				w.Header().Set("Access-Control-Allow-Origin", origin)
@@ -166,7 +166,7 @@ func main() {
 			}
 		})
 		http.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) {
-			// OK-ish: the input origin header is validated agains a whitelist.
+			// OK-ish: the input origin header is validated against a whitelist.
 			origin := req.Header.Get("origin")
 			if origin != "" && origin != "null" {
 				if len(AccessControlAllowOrigins) == 0 || AccessControlAllowOrigins[origin] {
@@ -178,7 +178,7 @@ func main() {
 			}
 		})
 		// http.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) {
-		//  // OK-ish: the input origin header is validated agains a whitelist.
+		//  // OK-ish: the input origin header is validated against a whitelist.
 		// 	origin := req.Header.Get("origin")
 		// 	if origin != "" && origin != "null" {
 		// 		if _, ok := AccessControlAllowOrigins[origin]; ok {
@@ -190,7 +190,7 @@ func main() {
 		// 	}
 		// })
 		http.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) {
-			// OK-ish: the input origin header is validated agains a whitelist.
+			// OK-ish: the input origin header is validated against a whitelist.
 			if origin := req.Header.Get("Origin"); cors[origin] {
 				w.Header().Set("Access-Control-Allow-Origin", origin)
 			} else if len(origin) > 0 && cors["*"] {
@@ -202,7 +202,7 @@ func main() {
 			w.Header().Set("Access-Control-Allow-Credentials", "true")
 		})
 		http.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) {
-			// OK-ish: the input origin header is validated agains a whitelist.
+			// OK-ish: the input origin header is validated against a whitelist.
 			origin := req.Header.Get("origin")
 			for _, v := range GetAllowOrigin() {
 				if v == origin {

@@ -96,7 +96,7 @@ func test() {
 	http.HandleFunc("/ex5", func(w http.ResponseWriter, r *http.Request) {
 		untrustedInput := r.Referer()
 
-		// good as input is tested againt regex
+		// good as input is tested against regex
 		if m, _ := regexp.MatchString("ws://localhost:12345/*", untrustedInput); m {
 			nhooyr.Dial(context.TODO(), untrustedInput, nil)
 		}

@@ -16,7 +16,7 @@ A bean definition is considered to be used if one or more of the following is tr
 <li>The bean is injected in to a constructor or method of a live bean due to autowiring. This includes
 autowiring by annotation (<code>@Autowired</code> or <code>@Inject</code>), and autowiring configured
 by the autowired attribute within bean configuration files.</li>
-<li>The bean is explictly loaded from a factory bean. It is not always possible to determine when
+<li>The bean is explicitly loaded from a factory bean. It is not always possible to determine when
 this occurs, because factory beans are loaded using a <code>String</code> value, which may contain
 arbitrary values.</li>
 <li>The bean is called reflectively by the Spring framework. For example, if the class is a Spring

@@ -62,7 +62,7 @@ runtime.
 <p>
 The code above should be rewritten to both use <code>volatile</code> and finish
 all initialization before <code>f</code> is updated. Additionally, a local
-variable can be used to avoid reading the field more times than neccessary.
+variable can be used to avoid reading the field more times than necessary.
 </p>
 <sample src="DoubleCheckedLockingGood.java"/>
 

@@ -43,7 +43,7 @@ For example: <code>PosixFilePermissions.asFileAttribute(EnumSet.of(PosixFilePerm
 </example>
 
 <references>
-    <li>OSWAP: <a href="https://owasp.org/www-community/vulnerabilities/Insecure_Temporary_File">Insecure Temporary File</a>.</li>
+    <li>OWASP: <a href="https://owasp.org/www-community/vulnerabilities/Insecure_Temporary_File">Insecure Temporary File</a>.</li>
     <li>CERT: <a href="https://wiki.sei.cmu.edu/confluence/display/java/FIO00-J.+Do+not+operate+on+files+in+shared+directories">FIO00-J. Do not operate on files in shared directories</a>.</li>
 </references>
 </qhelp>
@@ -26,7 +26,7 @@ Otherwise, a third-party application could impersonate the system this way to ca
 
 <recommendation>
 <p>
-In the <code>onReceive</code> method of a <code>BroadcastReciever</code>, the action of the received Intent should be checked. The following code demonstrates this.
+In the <code>onReceive</code> method of a <code>BroadcastReceiver</code>, the action of the received Intent should be checked. The following code demonstrates this.
 </p>
 <sample src="Good.java" />
 </recommendation>