github · jketema · Oct 27, 2022 · Oct 20, 2022 · Oct 20, 2022 · Oct 20, 2022
@@ -52,7 +52,7 @@
 | Unneeded defensive code | More true positive and fewer false positive results | This query now recognizes additional defensive code patterns. |
 | Unsafe dynamic method access              | Fewer false positive results | This query no longer flags concatenated strings as unsafe method names. |
 | Unused parameter                           | Fewer false positive results | This query no longer flags parameters with leading underscore. |
-| Unused variable, import, function or class | Fewer false positive results | This query now flags fewer variables that are implictly used by JSX elements. It no longer flags variables with a leading underscore and variables in dead code. |
+| Unused variable, import, function or class | Fewer false positive results | This query now flags fewer variables that are implicitly used by JSX elements. It no longer flags variables with a leading underscore and variables in dead code. |
 | Unvalidated dynamic method call           | More true positive results | This query now flags concatenated strings as unvalidated method names in more cases. |
 | Useless assignment to property. | Fewer false positive results | This query now treats assignments with complex right-hand sides correctly. |
 | Useless conditional | Fewer results | Additional defensive coding patterns are now ignored. |

@@ -19,7 +19,7 @@ The following changes in version 1.23 affect C/C++ analysis in all applications.
 | Hard-coded Japanese era start date in call (`cpp/japanese-era/constructor-or-method-with-exact-era-date`) | Deprecated | This query has been deprecated.  Use the new combined query Hard-coded Japanese era start date (`cpp/japanese-era/exact-era-date`) instead. |
 | Hard-coded Japanese era start date in struct (`cpp/japanese-era/struct-with-exact-era-date`) | Deprecated | This query has been deprecated.  Use the new combined query Hard-coded Japanese era start date (`cpp/japanese-era/exact-era-date`) instead. |
 | Hard-coded Japanese era start date (`cpp/japanese-era/exact-era-date`) | More correct results | This query now checks for the beginning date of the Reiwa era (1st May 2019). |
-| Non-constant format string (`cpp/non-constant-format`) | Fewer false positive results | Fixed false positive results triggrered by mismatching declarations of a formatting function. |
+| Non-constant format string (`cpp/non-constant-format`) | Fewer false positive results | Fixed false positive results triggered by mismatching declarations of a formatting function. |
 | Sign check of bitwise operation (`cpp/bitwise-sign-check`) | Fewer false positive results | Results involving `>=` or `<=` are no longer reported. |
 | Too few arguments to formatting function (`cpp/wrong-number-format-arguments`) | Fewer false positive results | Fixed false positive results triggered by mismatching declarations of a formatting function. |
 | Too many arguments to formatting function (`cpp/too-many-format-arguments`) | Fewer false positive results | Fixed false positive results triggered by mismatching declarations of a formatting function. |

@@ -91,7 +91,7 @@
 
 ## Changes to libraries
 
-* The predicates `RegExpTerm.getSuccessor` and `RegExpTerm.getPredecessor` have been changed to reflect textual, not operational, matching order. This only makes a difference in lookbehind assertions, which are operationally matched backwards. Previously, `getSuccessor` would mimick this, so in an assertion `(?<=ab)` the term `b` would be considered the predecessor, not the successor, of `a`. Textually, however, `a` is still matched before `b`, and this is the order we now follow.
+* The predicates `RegExpTerm.getSuccessor` and `RegExpTerm.getPredecessor` have been changed to reflect textual, not operational, matching order. This only makes a difference in lookbehind assertions, which are operationally matched backwards. Previously, `getSuccessor` would mimic this, so in an assertion `(?<=ab)` the term `b` would be considered the predecessor, not the successor, of `a`. Textually, however, `a` is still matched before `b`, and this is the order we now follow.
 * An extensible model of the `EventEmitter` pattern has been implemented.
 * Taint-tracking configurations now interact differently with the `data` flow label, which may affect queries
   that combine taint-tracking and flow labels.

@@ -1,5 +1,5 @@
 lgtm,codescanning
-* Inferring the lengths of implicitely sized arrays is fixed. Previously, multi
+* Inferring the lengths of implicitly sized arrays is fixed. Previously, multi
   dimensional arrays were always extracted with the same length for each dimension.
   With the fix, the array sizes `2` and `1` are extracted for `new int[,]{{1},{2}}`.
   Previously `2` and `2` were extracted.
@@ -45,7 +45,7 @@ The valid YAML properties in the metadata are:
 After the `---` line following the metadata, the rest of the markdown file is the user-visible content of the change note. This should usually be a single markdown bullet list entry (starting with `*`), although it is acceptable to have multiple bullet entries in the same change note if there are multiple changes that are closely related and have the same category metadata.
 
 ## Change categories
-Each change note must specifiy a `category` property in its metadata. This category servers two purposes: It determines how the change affects the version number of the next release of the pack, and it is used to group related changes in the final changelog. There is one set of available categories for query packs, and another set of available categories for library packs.
+Each change note must specify a `category` property in its metadata. This category servers two purposes: It determines how the change affects the version number of the next release of the pack, and it is used to group related changes in the final changelog. There is one set of available categories for query packs, and another set of available categories for library packs.
 
 ### Query pack change categories
 | Category       | SemVer effect      | Description |

@@ -294,8 +294,8 @@ through an additional step targeting a `PostUpdateNode`).
 
 It is recommended to introduce `PostUpdateNode`s for all `ArgumentNode`s (this
 can be skipped for immutable arguments), and all field qualifiers for both
-reads and stores. Note also that in the case of compund arguments, such as
-`b ? x : y`, it is recommented to have post-update nodes for `x` and `y` (and
+reads and stores. Note also that in the case of compound arguments, such as
+`b ? x : y`, it is recommended to have post-update nodes for `x` and `y` (and
 not the compound argument itself), and let `[post update] x` have both `x`
 and `b ? x : y` as pre-update nodes (and similarly for `[post update] y`).
 

@@ -1,2 +1,2 @@
 lgtm,codescanning
-* Improved recongition of sanitizer functions for the `go/zipslip` query. This may reduce false-positives (but also perhaps false-negatives) when application code attempts to check a zip header entry does not contain an illegal path traversal attempt.
+* Improved recognition of sanitizer functions for the `go/zipslip` query. This may reduce false-positives (but also perhaps false-negatives) when application code attempts to check a zip header entry does not contain an illegal path traversal attempt.
@@ -1,2 +1,2 @@
 lgtm,codescanning
-* Added support for [the offical Couchbase Go SDK library](https://github.com/couchbase/gocb), v1 and v2. The `go/sql-injection` query (which also handles non-SQL databases such as Couchbase) will now identify Couchbase queries built from untrusted external input.
+* Added support for [the official Couchbase Go SDK library](https://github.com/couchbase/gocb), v1 and v2. The `go/sql-injection` query (which also handles non-SQL databases such as Couchbase) will now identify Couchbase queries built from untrusted external input.
@@ -1,4 +1,4 @@
 lgtm,codescanning
 * A new query "Depending upon JCenter/Bintray as an artifact repository" 
   (`java/maven/dependency-upon-bintray`) has been added.
-  This query finds uses of the deprecated JCenter/Bintray artifact respositories.
+  This query finds uses of the deprecated JCenter/Bintray artifact repositories.
@@ -33,7 +33,7 @@
 
 ### Minor Analysis Improvements
 
-* Added new sinks to the query `java/android/implict-pendingintents` to take into account the classes `androidx.core.app.NotificationManagerCompat` and `androidx.core.app.AlarmManagerCompat`.
+* Added new sinks to the query `java/android/implicit-pendingintents` to take into account the classes `androidx.core.app.NotificationManagerCompat` and `androidx.core.app.AlarmManagerCompat`.
 * Added new flow steps for `androidx.core.app.NotificationCompat` and its inner classes.
 * Added flow sinks, sources and summaries for the Kotlin standard library.
 * Added flow summary for `org.springframework.data.repository.CrudRepository.save()`.
@@ -106,7 +106,7 @@
 
 ### Minor Analysis Improvements
 
-* Added data-flow models for `java.util.Properites`. Additional results may be found where relevant data is stored in and then retrieved from a `Properties` instance.
+* Added data-flow models for `java.util.Properties`. Additional results may be found where relevant data is stored in and then retrieved from a `Properties` instance.
 * Added `Modifier.isInline()`.
 * Removed Kotlin-specific database and QL structures for loops and `break`/`continue` statements. The Kotlin extractor was changed to reuse the Java structures for these constructs.
 * Added additional flow sources for uses of external storage on Android. 
@@ -247,7 +247,7 @@ Added a flow step for `String.valueOf` calls on tainted `android.text.Editable`
 
 ### Minor Analysis Improvements
 
-* Added guard preconditon support for assertion methods for popular testing libraries (e.g. Junit 4, Junit 5, TestNG).
+* Added guard precondition support for assertion methods for popular testing libraries (e.g. Junit 4, Junit 5, TestNG).
 
 ## 0.0.13
 

@@ -11,4 +11,4 @@
 
 ### Minor Analysis Improvements
 
-* Added guard preconditon support for assertion methods for popular testing libraries (e.g. Junit 4, Junit 5, TestNG).
+* Added guard precondition support for assertion methods for popular testing libraries (e.g. Junit 4, Junit 5, TestNG).
@@ -6,7 +6,7 @@
 
 ### Minor Analysis Improvements
 
-* Added data-flow models for `java.util.Properites`. Additional results may be found where relevant data is stored in and then retrieved from a `Properties` instance.
+* Added data-flow models for `java.util.Properties`. Additional results may be found where relevant data is stored in and then retrieved from a `Properties` instance.
 * Added `Modifier.isInline()`.
 * Removed Kotlin-specific database and QL structures for loops and `break`/`continue` statements. The Kotlin extractor was changed to reuse the Java structures for these constructs.
 * Added additional flow sources for uses of external storage on Android. 
@@ -27,7 +27,7 @@
 
 ### Minor Analysis Improvements
 
-* Added new sinks to the query `java/android/implict-pendingintents` to take into account the classes `androidx.core.app.NotificationManagerCompat` and `androidx.core.app.AlarmManagerCompat`.
+* Added new sinks to the query `java/android/implicit-pendingintents` to take into account the classes `androidx.core.app.NotificationManagerCompat` and `androidx.core.app.AlarmManagerCompat`.
 * Added new flow steps for `androidx.core.app.NotificationCompat` and its inner classes.
 * Added flow sinks, sources and summaries for the Kotlin standard library.
 * Added flow summary for `org.springframework.data.repository.CrudRepository.save()`.

@@ -153,7 +153,7 @@ this respect.
 
 * Add more classes to Netty request/response splitting. Change identification to `java/netty-http-request-or-response-splitting`.
   Identify request splitting differently from response splitting in query results.
-  Support addional classes:
+  Support additional classes:
   * `io.netty.handler.codec.http.CombinedHttpHeaders`
   * `io.netty.handler.codec.http.DefaultHttpRequest`
   * `io.netty.handler.codec.http.DefaultFullHttpRequest`

@@ -4,7 +4,7 @@
 
 * Add more classes to Netty request/response splitting. Change identification to `java/netty-http-request-or-response-splitting`.
   Identify request splitting differently from response splitting in query results.
-  Support addional classes:
+  Support additional classes:
   * `io.netty.handler.codec.http.CombinedHttpHeaders`
   * `io.netty.handler.codec.http.DefaultHttpRequest`
   * `io.netty.handler.codec.http.DefaultFullHttpRequest`

@@ -2,5 +2,5 @@ lgtm,codescanning
 * The security queries now track taint through more query string parsers.
   Affected packages are
     [qs](https://npmjs.com/package/qs),
-    [normailize-url](https://npmjs.com/package/normalize-url),
+    [normalize-url](https://npmjs.com/package/normalize-url),
     [parseqs](https://npmjs.com/package/parseqs)
@@ -127,7 +127,7 @@ No user-facing changes.
   The query is not run by default.
 * A new query `js/file-system-race` has been added. The query detects when there is time between a file being checked and used. The query is not run by default.
 * A new query `js/jwt-missing-verification` has been added. The query detects applications that don't verify JWT tokens.
-* The `js/insecure-dependency` query has been added. It detects depedencies that are downloaded using an unencrypted connection.
+* The `js/insecure-dependency` query has been added. It detects dependencies that are downloaded using an unencrypted connection.
 
 ## 0.0.9
 

@@ -6,4 +6,4 @@
   The query is not run by default.
 * A new query `js/file-system-race` has been added. The query detects when there is time between a file being checked and used. The query is not run by default.
 * A new query `js/jwt-missing-verification` has been added. The query detects applications that don't verify JWT tokens.
-* The `js/insecure-dependency` query has been added. It detects depedencies that are downloaded using an unencrypted connection.
+* The `js/insecure-dependency` query has been added. It detects dependencies that are downloaded using an unencrypted connection.
@@ -8,7 +8,7 @@ This should be kept up to date; the world is moving fast and protocols are being
 - TLS 1.0 and TLS 1.1 are insecure
 - TLS 1.2 have some issues. but TLS 1.3 is not widely supported
 
-## Conection methods
+## Connection methods
 
 - `ssl.wrap_socket` is creating insecure connections, use `SSLContext.wrap_socket` instead. [link](https://docs.python.org/3/library/ssl.html#ssl.wrap_socket)
     > Deprecated since version 3.7: Since Python 3.2 and 2.7.9, it is recommended to use the `SSLContext.wrap_socket()` instead of `wrap_socket()`. The top-level function is limited and creates an insecure client socket without server name indication or hostname matching.
Original file line number	Diff line number	Diff line change
Expand Up		@@ -11,4 +11,4 @@

		### Minor Analysis Improvements

		* Added guard preconditon support for assertion methods for popular testing libraries (e.g. Junit 4, Junit 5, TestNG).
		* Added guard precondition support for assertion methods for popular testing libraries (e.g. Junit 4, Junit 5, TestNG).