fix consistency and spelling in the documentation

suggestions from the documentation team

Co-Authored-By: shati-patel <42641846+shati-patel@users.noreply.github.com>

Author: erik-krogh

change-notes/1.23/analysis-javascript.md

@@ -14,7 +14,7 @@
 | **Query**                                                                 | **Tags**                                                          | **Purpose**                                                                                                                                                                            |
 |---------------------------------------------------------------------------|-------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | Unused index variable (`js/unused-index-variable`)                        | correctness                                                       | Highlights loops that iterate over an array, but do not use the index variable to access array elements, indicating a possible typo or logic error. Results are shown on LGTM by default. |
-| Tainted .length in loop condition (`js/loop-bound-injection`)             | security                                                          | Highlights loops where a user-controlled object with an arbitrary .length value can trick the server to loop infinitely. Results are not shown on LGTM by default. |
+| Tainted .length in loop condition (`js/loop-bound-injection`)             | security                                                          | Highlights loops where a user-controlled object with an arbitrary .length value can trick the server to loop indefinitely. Results are not shown on LGTM by default. |
 
 ## Changes to existing queries
 

javascript/ql/src/Security/CWE-834/LoopBoundInjection.qhelp

@@ -36,7 +36,7 @@
 		This is not secure since an attacker can control the value of
 		<code>obj.length</code>, and thereby cause the loop to iterate
 		indefinitely. Here the potential DoS is fixed by enforcing that
-		the user controlled object is an array.
+		the user-controlled object is an array.
 	</p>
 
 	<sample src="examples/LoopBoundInjection_fixed.js" />

javascript/ql/src/Security/CWE-834/examples/LoopBoundInjection.js

@@ -6,8 +6,8 @@ app.post("/foo", (req, res) => {
 
     var ret = [];
 
-    // potential DoS if obj.length is large.
+    // Potential DoS if obj.length is large.
     for (var i = 0; i < obj.length; i++) {
         ret.push(obj[i]);
     }
-});
+});

javascript/ql/src/Security/CWE-834/examples/LoopBoundInjection_fixed.js

@@ -4,7 +4,7 @@ var app = express();
 app.post("/foo", (req, res) => {
     var obj = req.body;
 
-    if (!(obj instanceof Array)) { // prevents DoS
+    if (!(obj instanceof Array)) { // Prevents DoS.
         return [];
     }
 

javascript/ql/src/semmle/javascript/security/dataflow/LoopBoundInjection.qll

@@ -1,6 +1,6 @@
 /**
  * Provides a taint tracking configuration for reasoning about DoS attacks
- * using a user controlled object with an unbounded .length property.
+ * using a user-controlled object with an unbounded .length property.
  *
  * Note, for performance reasons: only import this file if
  * `LoopBoundInjection::Configuration` is needed, otherwise
@@ -14,7 +14,7 @@ module LoopBoundInjection {
   import LoopBoundInjectionCustomizations::LoopBoundInjection
 
   /**
-   * A taint-tracking configuration for reasoning about looping on tainted objects with unbounded length.
+   * A taint tracking configuration for reasoning about looping on tainted objects with unbounded length.
    */
   class Configuration extends TaintTracking::Configuration {
     Configuration() { this = "LoopBoundInjection" }

javascript/ql/src/semmle/javascript/security/dataflow/LoopBoundInjectionCustomizations.qll

@@ -1,5 +1,5 @@
 /**
- * Provides default sources, sinks and sanitisers for reasoning about
+ * Provides default sources, sinks, and sanitizers for reasoning about
  * DoS attacks using objects with unbounded length property,
  * as well as extension points for adding your own.
  */
@@ -56,7 +56,7 @@ module LoopBoundInjection {
     }
 
     /**
-     * Gets the length read in the loop test
+     * Gets the length read in the loop test.
      */
     DataFlow::PropRead getLengthRead() { result = lengthRead }
 
@@ -200,7 +200,7 @@ module LoopBoundInjection {
               isCrashingWithNullValues(throws)
             )
             or
-            // similar to the loop sink - the existence of an early-exit usually means that no DoS can happen.
+            // Similar to the loop sink - the existence of an early-exit usually means that no DoS can happen.
             exists(ThrowStmt throw |
               throw.getTarget() = func.asExpr()
             )
@@ -259,7 +259,7 @@ module LoopBoundInjection {
   /**
    * A sanitizer that blocks taint flow if the length of an array is limited.
    *
-   * Also implicitly makes sure that only the first DoS-prone loop is selected by the query. (as the .length test has outcome=false when exiting the loop).
+   * Also implicitly makes sure that only the first DoS-prone loop is selected by the query (as the .length test has outcome=false when exiting the loop).
    */
   class LengthCheckSanitizerGuard extends TaintTracking::LabeledSanitizerGuardNode,
     DataFlow::ValueNode {

javascript/ql/test/query-tests/Security/CWE-834/LoopBoundInjectionBad.js

@@ -42,15 +42,15 @@ function useLengthIndirectly(val) {
     }
 }
 
-// the obvious null-pointer detection should not hit this one.
+// The obvious null-pointer detection should not hit this one.
 function noNullPointer(val) {
     var ret = [];
 
     const c = 0;
 
     for (var i = 0; i < val.length; i++) { // NOT OK!
 
-        // constantly accessing element 0, therefore not guaranteed null-pointer.
+        // Constantly accessing element 0, therefore not guaranteed null-pointer.
         ret.push(val[c].foo); 
     }
-}
+}

javascript/ql/test/query-tests/Security/CWE-834/LoopBoundInjectionExitBad.js

@@ -36,7 +36,7 @@ function throws(val) {
 		  try {
 			  throw 2; // Is caught, and therefore the DoS is not prevented.
 		  } catch(e) {
-			  // ignored
+			  // Ignored.
 		  }
 	  }
       ret.push(val[i]);
@@ -60,9 +60,9 @@ function lodashThrow(val) { // NOT OK!
 	_.map(val, function (e) {
 		if (!e) {
 			try {
-				throw new Error(); // Does not prevent DoS
+				throw new Error(); // Does not prevent DoS.
 			} catch(e) {
-				// ignored.
+				// Ignored.
 			}
 		}
 	})

javascript/ql/test/query-tests/Security/CWE-834/LoopBoundInjectionExitGood.js

@@ -19,7 +19,7 @@ function breaks(val) {
 
 	for (var i = 0; i < val.length; i++) { // OK
 	  if (val[i] == null) {
-		  break; // prevents DoS.
+		  break; // Prevents DoS.
 	  }
       ret.push(val[i]);
     }
@@ -30,7 +30,7 @@ function throws(val) {
 
 	for (var i = 0; i < val.length; i++) { // OK
 	  if (val[i] == null) {
-		  throw 2; // prevents DoS.
+		  throw 2; // Prevents DoS.
 	  }
       ret.push(val[i]);
     }
@@ -42,7 +42,7 @@ function returns(val) {
 
 	for (var i = 0; i < val.length; i++) { // OK
 	  if (val[i] == null) {
-		  return 2; // prevents DoS.
+		  return 2; // Prevents DoS.
 	  }
       ret.push(val[i]);
     }
@@ -51,7 +51,7 @@ function returns(val) {
 function lodashThrow(val) {
 	_.map(val, function (e) { // OK
 		if (!e) {
-			throw new Error(); // prevents DoS.
+			throw new Error(); // Prevents DoS.
 		}
 	})
 }

javascript/ql/test/query-tests/Security/CWE-834/LoopBoundInjectionGood.js

@@ -20,7 +20,7 @@ function sanitized(val) {
     if (!Array.isArray(val)) {
         return [];
     }
-    // At this point we know that val must be an Array, and an attacked is
+    // At this point we know that val must be an Array, and an attacker is
     // therefore not able to send a cheap request that spends a lot of time
     // inside the loop.
     for (var i = 0; i < val.length; i++) { // OK
@@ -50,7 +50,7 @@ function sanitized3(val) {
     if (!isArray(val)) {
         return [];
     }
-    // At this point we know that val must be an Array, and an attacked is
+    // At this point we know that val must be an Array, and an attacker is
     // therefore not able to send a cheap request that spends a lot of time
     // inside the loop.
     for (var i = 0; i < val.length; i++) { // OK
@@ -64,7 +64,7 @@ function sanitized4(val) {
     if (!(val instanceof Array)) {
         return [];
     }
-    // At this point we know that val must be an Array, and an attacked is
+    // At this point we know that val must be an Array, and an attacker is
     // therefore not able to send a cheap request that spends a lot of time
     // inside the loop.
     for (var i = 0; i < val.length; i++) { // OK