Merge pull request github#10802 from jsoref/spelling-python

Spelling python

Author: tausbn

python/PoCs/XmlParsing/PoC.py

@@ -82,7 +82,7 @@
 # other setup
 
 # we set up local Flask application so we can tests whether loading external resources
-# works (such as SSRF from DTD-retrival works)
+# works (such as SSRF from DTD-retrieval works)
 app = Flask(__name__)
 
 @app.route("/alive")
@@ -187,7 +187,7 @@ def test_billion_laughs_allowed_by_default():
 
     @staticmethod
     @expects_timeout
-    def test_quardratic_blowup_allowed_by_default():
+    def test_quadratic_blowup_allowed_by_default():
         parser = xml.sax.make_parser()
         parser.parse(StringIO(quadratic_blowup))
 
@@ -263,7 +263,7 @@ def test_billion_laughs_allowed_by_default():
 
     @staticmethod
     @expects_timeout
-    def test_quardratic_blowup_allowed_by_default():
+    def test_quadratic_blowup_allowed_by_default():
         parser = xml.etree.ElementTree.XMLParser()
         _root = xml.etree.ElementTree.fromstring(quadratic_blowup, parser=parser)
 
@@ -324,7 +324,7 @@ def test_billion_laughs_disabled_by_default():
             assert "Detected an entity reference loop" in str(e)
 
     @staticmethod
-    def test_quardratic_blowup_disabled_by_default():
+    def test_quadratic_blowup_disabled_by_default():
         parser = lxml.etree.XMLParser()
         try:
             _root = lxml.etree.fromstring(quadratic_blowup, parser=parser)
@@ -465,7 +465,7 @@ def test_billion_laughs_disabled_by_default():
         assert d == {"lolz": None}, d
 
     @staticmethod
-    def test_quardratic_blowup_disabled_by_default():
+    def test_quadratic_blowup_disabled_by_default():
         d = xmltodict.parse(quadratic_blowup)
         assert d == {"foo": None}, d
 
@@ -476,7 +476,7 @@ def test_billion_laughs_manually_enabled():
 
     @staticmethod
     @expects_timeout
-    def test_quardratic_blowup_manually_enabled():
+    def test_quadratic_blowup_manually_enabled():
         xmltodict.parse(quadratic_blowup, disable_entities=False)
 
     @staticmethod
@@ -524,7 +524,7 @@ def test_billion_laughs():
 
     @staticmethod
     @expects_timeout
-    def test_quardratic_blowup():
+    def test_quadratic_blowup():
         xml.dom.minidom.parseString(quadratic_blowup)
 
     @staticmethod
@@ -585,7 +585,7 @@ def test_billion_laughs():
 
     @staticmethod
     @expects_timeout
-    def test_quardratic_blowup():
+    def test_quadratic_blowup():
         doc = xml.dom.pulldom.parseString(quadratic_blowup)
         for event, node in doc:
             pass
@@ -670,7 +670,7 @@ def test_billion_laughs():
 
     @staticmethod
     @expects_timeout
-    def test_quardratic_blowup():
+    def test_quadratic_blowup():
         parser = xml.parsers.expat.ParserCreate()
         parser.Parse(quadratic_blowup, True)
 
@@ -699,7 +699,7 @@ def char_data_handler(data):
 
         assert char_data_recv == []
 
-        # there might be ways to make it vuln, but I did not investigate futher.
+        # there might be ways to make it vuln, but I did not investigate further.
 
     @staticmethod
     def test_dtd():
@@ -711,4 +711,4 @@ def test_dtd():
         parser.Parse(dtd_retrieval, True)
         assert hit_dtd == False
 
-        # there might be ways to make it vuln, but I did not investigate futher.
+        # there might be ways to make it vuln, but I did not investigate further.

python/ql/examples/snippets/override_method.ql

@@ -1,7 +1,7 @@
 /**
  * @id py/examples/override-method
  * @name Override of method
- * @description Finds methods that overide MyClass.methodName
+ * @description Finds methods that override MyClass.methodName
  * @tags method
  *       override
  */

python/ql/lib/CHANGELOG.md

@@ -2,7 +2,7 @@
 
 ### Minor Analysis Improvements
 
-* Added the ability to refer to subscript operations in the API graph. It is now possible to write `response().getMember("cookies").getASubscript()` to find code like `resp.cookies["key"]` (assuming `response` returns an API node for reponse objects).
+* Added the ability to refer to subscript operations in the API graph. It is now possible to write `response().getMember("cookies").getASubscript()` to find code like `resp.cookies["key"]` (assuming `response` returns an API node for response objects).
 * Added modeling of creating Flask responses with `flask.jsonify`.
 
 ## 0.6.0

python/ql/lib/change-notes/released/0.6.1.md

@@ -2,5 +2,5 @@
 
 ### Minor Analysis Improvements
 
-* Added the ability to refer to subscript operations in the API graph. It is now possible to write `response().getMember("cookies").getASubscript()` to find code like `resp.cookies["key"]` (assuming `response` returns an API node for reponse objects).
+* Added the ability to refer to subscript operations in the API graph. It is now possible to write `response().getMember("cookies").getASubscript()` to find code like `resp.cookies["key"]` (assuming `response` returns an API node for response objects).
 * Added modeling of creating Flask responses with `flask.jsonify`.

python/ql/lib/design.md

@@ -1,7 +1,7 @@
 # The Python libraries
 
 The Python libraries are a collection of libraries for analysing Python code.
-Everythng can be imported by importing `python.qll`.
+Everything can be imported by importing `python.qll`.
 
 ## The analysis layers
 
@@ -15,10 +15,10 @@ The analysis is built up in layers. the stack looks like this:
 
 ## Avoiding non-monotonic recursion
 
-Given the many interactivg layers, it is imprtant to decie which predicates are allowed to be mutually recursive in order to avoid non-monotonic recursion when negation is used to express the predicates.
-As an example, we have defined local source as those whcih do not receive local flow. This means that the local flow relation is not allowed to be recursive with anything depending on local sources.
+Given the many interacting layers, it is important to decide which predicates are allowed to be mutually recursive in order to avoid non-monotonic recursion when negation is used to express the predicates.
+As an example, we have defined local source as those which do not receive local flow. This means that the local flow relation is not allowed to be recursive with anything depending on local sources.
 
-Some particular reatrictions to keep in mind:
+Some particular restrictions to keep in mind:
 
 - Typetracking needs to use a local flow step not including summaries
 - Typetracking needs to use a call graph not including summaries

python/ql/lib/semmle/python/ApiGraphs.qll

@@ -211,15 +211,15 @@ module API {
      * Gets a node representing the `i`th parameter of the function represented by this node.
      *
      * This predicate may have multiple results when there are multiple invocations of this API component.
-     * Consider using `getAnInvocation()` if there is a need to distingiush between individual calls.
+     * Consider using `getAnInvocation()` if there is a need to distinguish between individual calls.
      */
     Node getParameter(int i) { result = this.getASuccessor(Label::parameter(i)) }
 
     /**
      * Gets the node representing the keyword parameter `name` of the function represented by this node.
      *
      * This predicate may have multiple results when there are multiple invocations of this API component.
-     * Consider using `getAnInvocation()` if there is a need to distingiush between individual calls.
+     * Consider using `getAnInvocation()` if there is a need to distinguish between individual calls.
      */
     Node getKeywordParameter(string name) {
       result = this.getASuccessor(Label::keywordParameter(name))

python/ql/lib/semmle/python/Constants.qll

@@ -7,7 +7,7 @@ int major_version() {
   explicit_major_version(result)
   or
   not explicit_major_version(_) and
-  /* If there is more than one version, prefer 2 for backwards compatibilty */
+  /* If there is more than one version, prefer 2 for backwards compatibility */
   (if py_flags_versioned("version.major", "2", "2") then result = 2 else result = 3)
 }
 

python/ql/lib/semmle/python/Flow.qll

@@ -931,7 +931,7 @@ class NameConstantNode extends NameNode {
 
   }
 
-/** A control flow node correspoinding to a starred expression, `*a`. */
+/** A control flow node corresponding to a starred expression, `*a`. */
 class StarredNode extends ControlFlowNode {
   StarredNode() { toAst(this) instanceof Starred }
 

python/ql/lib/semmle/python/dataflow/new/RemoteFlowSources.qll

@@ -1,5 +1,5 @@
 /**
- * Provides an extension point for for modeling user-controlled data.
+ * Provides an extension point for modeling user-controlled data.
  * Such data is often used as data-flow sources in security queries.
  */
 

python/ql/lib/semmle/python/dataflow/new/SensitiveDataSources.qll

@@ -1,5 +1,5 @@
 /**
- * Provides an extension point for for modeling sensitive data, such as secrets, certificates, or passwords.
+ * Provides an extension point for modeling sensitive data, such as secrets, certificates, or passwords.
  * Sensitive data can be interesting to use as data-flow sources in security queries.
  */