Spelling

CONTRIBUTING.md

@@ -2,7 +2,7 @@
 
 Documentation for Scumblr is available in the Scumblr [wiki]( https://github.com/Netflix/Scumblr/wiki )
 
-The Scumblr team is following a very simple branching model.  We use [master](https://github.com/Netflix/Scumblr/tree/master) as the production branch, and all other branches are used for featues or bugs.  We do not maintain a dev only branch, staging, etc.  
+The Scumblr team is following a very simple branching model.  We use [master](https://github.com/Netflix/Scumblr/tree/master) as the production branch, and all other branches are used for features or bugs.  We do not maintain a dev only branch, staging, etc.  
 
 Contributions will be accepted to the [master](https://github.com/Netflix/dynomite-manager/tree/dev) only.
 

README.md

@@ -36,9 +36,9 @@ Scumblr also provides a number of novel features that streamline security automa
 * Tracking, ticketing, regression monitoring, and auto-remediation of security vulnerabilities
 * Metadata storage in results to allow for advanced result filtering
 * Customizable views and sorting of results and tasks to get you to the important details faster
-* Saveable result filters that can be shared with collegues 
+* Saveable result filters that can be shared with colleagues 
 * Event model for auditing changes to results so you can keep an eye on what is happening
-* Email subscriptions for specific results or tasks you care about (such as monitoring when a security task finds a new vulnerablity)
+* Email subscriptions for specific results or tasks you care about (such as monitoring when a security task finds a new vulnerability)
 * Advanced asynchronous task scheduling to allow for task chaining and task batching
 
 Scumblr uses the [Workflowable gem](https://github.com/Netflix/Workflowable) to allow setting up flexible workflows for different types of results.
@@ -64,7 +64,7 @@ These are just a few examples of things that you may want to keep an eye on!
 
 # Scumblr found stuff, now what?
 
-Scumblr provides a handy vulnerablity object you can use to monitor a particular result security issues.  You can also create Status fields to associate with results, allowing you to track the state of a result or it's remediation over time.  
+Scumblr provides a handy vulnerability object you can use to monitor a particular result security issues.  You can also create Status fields to associate with results, allowing you to track the state of a result or it's remediation over time.  
 
 You can create simple or complex workflows to be used along with your results. This can be as simple as marking results as "Reviewed" once they've been looked at, or much more complex involving multiple steps with automated actions occurring during the process.
 

app/assets/javascripts/application.js

@@ -628,7 +628,7 @@ var ready = function(){
 
     var result_id = $(this).data("result-id");
     // find tex field with this id, get jira tickets
-    var tickets = $("#vulnerablity_jira_field_" + result_id).val();
+    var tickets = $("#vulnerability_jira_field_" + result_id).val();
 
     function reverse(s) {
       var o = '';
@@ -687,10 +687,10 @@ var ready = function(){
     e.stopImmediatePropagation();
     e.preventDefault();
     Foundation.libs.dropdown.toggle($(e.target))
-    //Next lines hangle a bug that causes Foundation to inject Acordion links into the dropdown
+    //Next lines hangle a bug that causes Foundation to inject Accordion links into the dropdown
     $("#"+$(e.target).data("dropdown")).find("a").each(function(index, entry)
     {
-      if(entry.href.indexOf("#accordian_") != -1)
+      if(entry.href.indexOf("#accordion_") != -1)
       {
         entry.remove();
       }

app/assets/stylesheets/foundation_and_overrides.scss

@@ -17,7 +17,7 @@ textarea
 // $experimental: true;
 
 // The default font-size is set to 100% of the browser style sheet (usually 16px)
-// for compatibility with brower-based text zoom or user-set defaults.
+// for compatibility with browser-based text zoom or user-set defaults.
 
 // Since the typical default browser font-size is 16px, that makes the calculation for grid size.
 // If you want your base font-size to be different and not have it affect the grid breakpoints,
@@ -447,7 +447,7 @@ $alert-color: #cf2a0e;
 // We use this to control the list items
 // $inline-list-display: block;
 
-// We use this to control any elments within list items
+// We use this to control any elements within list items
 // $inline-list-children-display: block;
 
 // Joyride

app/mailers/summary_mailer.rb

@@ -24,7 +24,7 @@ def notification(recipients, filter, results)
     @results = results
     @filter = filter
     subject = "Scumblr: Daily update for: #{@filter.name}"
-    mail(:to=> "scumblr@scubmlr.com", :bcc=> recipients, :subject=>subject)
+    mail(:to=> "scumblr@scumblr.com", :bcc=> recipients, :subject=>subject)
 
   end
 

app/views/results/metadata/_github_analyzer_row.erb

@@ -1,6 +1,6 @@
 <% @result.metadata.select{|k, hash| k.match /github_analyzer*/}.each do |k,v| %>
 
-<%="<tr><td><b>Langugage</b></td><td>#{@result.metadata[k]["language"]}</td></tr>".html_safe %>
+<%="<tr><td><b>Language</b></td><td>#{@result.metadata[k]["language"]}</td></tr>".html_safe %>
 <%="<tr><td><b>Owner</b></td><td>#{@result.metadata[k]["owner"]}</td></tr>".html_safe %>
 <%="<tr><td><b>Account Type</b></td><td>#{@result.metadata[k]["account_type"]}</td></tr>".html_safe %>
 <%="<tr><td><b>Private Repo?</b></td><td>#{@result.metadata[k]["private"]}</td></tr>".html_safe %>

app/views/results/metadata/_vulnerabilities_details_show.html.erb

@@ -14,7 +14,7 @@ end
 
 findings = result.metadata["vulnerabilities"].sort{|a,b| vulnerability_sort(a,b)}#.select{|v| v["status"].match(/open/i) }
 
-finding_indicies = result.metadata["vulnerabilities"].map.with_index.sort{|a,b| vulnerability_with_index_sort(a,b)}.map(&:last)
+finding_indices = result.metadata["vulnerabilities"].map.with_index.sort{|a,b| vulnerability_with_index_sort(a,b)}.map(&:last)
 
 
 
@@ -28,7 +28,7 @@ findings = Kaminari.paginate_array(findings).page(params[:page] || 1).per(params
 
 <% findings.each_with_index do |finding, i| %>
 
-  <%= render partial:"results/metadata/vulnerability", locals: {finding: finding, finding_indicies: finding_indicies, accordion_id: accordion_id, i: i} %>
+  <%= render partial:"results/metadata/vulnerability", locals: {finding: finding, finding_indices: finding_indices, accordion_id: accordion_id, i: i} %>
 
 <% end %>
 

app/views/results/metadata/_vulnerability.html.erb

@@ -6,7 +6,7 @@
 
 <dl class="accordion updateable" data-updateable-id="<%= finding["id"] %>" data-accordion>
   <dd class="accordion-navigation">
-    <a href="#accordian_<%= index %>">
+    <a href="#accordion_<%= index %>">
       <button href="#" id="drop_<%= index %>1_button" data-dropdown="drop_<%= index %>1" aria-controls="drop_<%= index %>1" aria-expanded="false" class="severity label tiny button dropdown adjust_top <%= colors[finding["severity"].to_s.downcase].to_s %>"><%= finding["severity"].to_s.titleize %></button>
       <strong><%= finding["name"] || finding["type"]  %></strong>
       <button href="#" id="drop_<%= index %>_button" data-dropdown="drop_<%= index %>" aria-controls="drop_<%= index %>" aria-expanded="false" class="status right tiny button dropdown"><%= finding["status"] %></button><br>
@@ -33,7 +33,7 @@
         <% end %>
       </ul>
     </a>
-    <div id="accordian_<%= index %>" class="content panel">
+    <div id="accordion_<%= index %>" class="content panel">
       <div class="row">
         <div class="large-8 columns">
           <dl class="dl-horizontal" style="word-wrap: break-word">
@@ -63,7 +63,7 @@
               <%= form_tag update_metadata_result_path(id: @result, "key[0]"=> "vulnerabilities.[id:#{finding["id"]}].jira_ids", "target[0]" => "#jira_ids_" + vuln_index), remote: true do %>
                 <div class="row collapse">
                   <div class="small-8 columns">
-                    <%= text_field_tag "value[0]", nil, placeholder: "Jira IDs (comma separated)", id: "vulnerablity_jira_field_" + vuln_index %>
+                    <%= text_field_tag "value[0]", nil, placeholder: "Jira IDs (comma separated)", id: "vulnerability_jira_field_" + vuln_index %>
                   </div>
                   <input type="hidden" name="<%= Jiralicious.uri.to_s %>" id="jira_url">
                   <div class="small-2 columns">

app/views/results/show.html.erb

@@ -85,7 +85,7 @@
           </div>
         </dd>
         <dt>Subscriptions</dt>
-        <dd id="subscibers">
+        <dd id="subscribers">
           <%= render 'subscription' %>
         </dd>
         <dt>Tags</dt>

app/views/results/subscribe.js.erb

@@ -1,6 +1,6 @@
 <% if @notice.present? %>
   $('#flash_messages').html("<%= escape_javascript(render :partial=>"shared/notification", :locals => {:message=>@notice}) %>");
 <% end %>
-$("#subscibers").html("<%= escape_javascript(render :partial=>"subscription") %>");
+$("#subscribers").html("<%= escape_javascript(render :partial=>"subscription") %>");
 $("#subscribers-modal.open").html("<%= escape_javascript(render :partial=>"subscriber_list") %>");
 ready();

app/views/results/unsubscribe.js.erb

@@ -1,7 +1,7 @@
 <% if @notice.present? %>
   $('#flash_messages').html("<%= escape_javascript(render :partial=>"shared/notification", :locals => {:message=>@notice}) %>");
 <% end %>
-$("#subscibers").html("<%= escape_javascript(render :partial=>"subscription") %>");
+$("#subscribers").html("<%= escape_javascript(render :partial=>"subscription") %>");
 $("#subscribers-modal.open").html("<%= escape_javascript(render :partial=>"subscriber_list") %>");
 
 

config/initializers/devise.rb

@@ -1,7 +1,7 @@
 # Use this hook to configure devise mailer, warden hooks and so forth.
 # Many of these configuration options can be set straight in your model.
 Devise.setup do |config|
-  #allows devise to use mutal TLS for auth
+  #allows devise to use mutual TLS for auth
   config.warden do |manager|
     manager.strategies.add(:mtlsable, Devise::Strategies::MTLSable)
     manager.default_strategies(:scope => :user).unshift :mtlsable

lib/helpers/repo_download_helper.rb

@@ -18,7 +18,7 @@
 require 'git'
 
 class RepoDownloader
-  # @top_url: depotsearch URL to start downloading from, will recursivly download all files from here
+  # @top_url: depotsearch URL to start downloading from, will recursively download all files from here
   # @save_location: where to save the downloaded file
   attr_accessor :top_url, :save_location, :repo_url
   # this expects the two required parameters from above
@@ -77,7 +77,7 @@ def download_repo_from_git(save_path, repo)
     return save_path
   end
 
-  # after this has been properly intialized, you can just call this function and it will download
+  # after this has been properly initialized, you can just call this function and it will download
   # everything recursively
   def download()
     clone_res = nil

lib/helpers/vulnerability_helpers.rb

@@ -187,7 +187,7 @@ def update_vulnerabilities(vulnerabilities=[], save_result=true)
     end
 
     #before_save
-    # if metadata has changed (only runs if metadata["vulnerablities"])
+    # if metadata has changed (only runs if metadata["vulnerabilities"])
     # self.changes.include? "metadata"
     #
 
@@ -228,7 +228,7 @@ def update_vulnerabilities(vulnerabilities=[], save_result=true)
     end
 
 
-    # Update flag (has_vulnerabilites, counts of vulnerabilities by severity)
+    # Update flag (has_vulnerabilities, counts of vulnerabilities by severity)
 
     # Update identified to Open, identified now on new vulns
 
@@ -271,8 +271,8 @@ def auto_remediate(task_id, url, term=nil, payload=nil)
 
 
   def find_duplicate_vulnerability(vulnerability, is_observation=false)
-    # lcoations: content, path, headers
-    # code_fragement
+    # locations: content, path, headers
+    # code_fragment
 
     # This is a static analyzer match for content
     if vulnerability.match_location == "content"

lib/scumblr_tasks/security/curl_analyzer.rb

@@ -58,7 +58,7 @@ def self.options
                                type: :saved_event_filter
                                },
       :payloads => {name: "Payload Strings",
-                    description: "Provide newline delimieted payloads (exp. paths)",
+                    description: "Provide newline delimited payloads (exp. paths)",
                     required: false,
                     type: :text},
       :force_port => {name: "Force Port to",
@@ -70,7 +70,7 @@ def self.options
                           required: false,
                           type: :string},
       :key_suffix => {name: "Key Suffix",
-                      description: "Provide a key suffix for testing out expirmental regularz expressions",
+                      description: "Provide a key suffix for testing out experimental regularz expressions",
                       required: false,
                       type: :string
                       },
@@ -115,7 +115,7 @@ def initialize(options={})
       return
     end
 
-    # Parse out all paylods or paths to iterate through when running the curl
+    # Parse out all payloads or paths to iterate through when running the curl
     if @options[:payloads].present?
       @payloads = @options[:payloads].to_s.split(/\r?\n/).reject(&:empty?)
     else
@@ -345,7 +345,7 @@ def perform_work(r)
             vulnerabilities.push(*header_matches)
           end
 
-          # Update all vulnerablities
+          # Update all vulnerabilities
           r.update_vulnerabilities(vulnerabilities)
 
           if r.changed?

lib/scumblr_tasks/security/github_analyzer.rb

@@ -33,7 +33,7 @@ def self.description
 
   def self.config_options
     {:github_oauth_token =>{ name: "Github OAuth Token",
-      description: "Setting this token provides the access needed to search Github organziations or repos",
+      description: "Setting this token provides the access needed to search Github organizations or repos",
       required: true
       }
     }
@@ -58,15 +58,15 @@ def self.options
                        default: "200",
                        type: :string},
       :search_terms => {name: "Search Strings",
-                        description: "Provide newline delimieted search strings",
+                        description: "Provide newline delimited search strings",
                         required: false,
                         type: :text},
       :json_terms => {name: "JSON Array Strings URL",
                       description: "Provide URL for JSON array of search terms",
                       required: false,
                       type: :string},
-      :user => {name: "Scope To User Or Organizaton",
-                description: "Limit search to an Organizaton, User, or Repo Name.",
+      :user => {name: "Scope To User Or Organization",
+                description: "Limit search to an Organization, User, or Repo Name.",
                 required: false,
                 type: :string},
       :repo => {name: "Scope To Repository",
@@ -126,7 +126,7 @@ def initialize(options={})
 
     @clone_schema =  @options[:clone_schema].to_s
 
-    # Set the max results if specified, otehrwise default to 200 results
+    # Set the max results if specified, otherwise default to 200 results
     @options[:max_results] = @options[:max_results].to_i > 0 ? @options[:max_results].to_i : 200
 
     # Check to make sure either search terms or url was provided for search
@@ -277,12 +277,12 @@ def parse_search(response, json_response, user_type)
       #search_metadata[:github_analyzer] = true
       search_metadata[:github_analyzer] ||= {}
       search_metadata[:github_analyzer][:owner] = search["repository"]["owner"]["login"]
-      search_metadata[:github_analyzer][:langugage] = search["repository"]["langugage"]
+      search_metadata[:github_analyzer][:language] = search["repository"]["language"]
       search_metadata[:github_analyzer][:private] = search["repository"]["private"]
       search_metadata[:github_analyzer][:account_type] = user_type
       search_metadata[:github_analyzer][:git_clone_url] = "ssh://github.com/#{search["repository"]["full_name"]}.git"
 
-      # Define data for vulnerablity object
+      # Define data for vulnerability object
       search_metadata[:github_analyzer_vulnerabilities] ||= {}
 
       # Parse out text matches if there are any
@@ -312,7 +312,7 @@ def parse_search(response, json_response, user_type)
             vuln.code_fragment = snippit["fragment"]
             vuln.match_location = snippit["property"]
 
-            # Append the github vulns to the vulnerablities array
+            # Append the github vulns to the vulnerabilities array
             vulnerabilities << vuln
           rescue => e
             create_event("Unable to add metadata.\n\n. Exception: #{e.message}\n#{e.backtrace}", "Warn")
@@ -339,7 +339,7 @@ def parse_search(response, json_response, user_type)
         res.metadata.merge!({"github_analyzer" => search_metadata[:github_analyzer]})
         res.save!
         @results << res
-        # Do not create new result simply append vulns to resut
+        # Do not create new result simply append vulns to results
       else
         github_result = Result.new(url: search["repository"]["html_url"], title: search["repository"]["full_name"], domain: "github.com", metadata: {"github_analyzer" => search_metadata[:github_analyzer]})
         github_result.save!
@@ -386,13 +386,13 @@ def run
           end
 
           if response.nil?
-            @retry_interavl = 0
+            @retry_interval = 0
             next
           end
 
           # Retry up to two times if we hit a retry_after exception or rate limit exception
           if @retry_interval > 2
-            @retry_interavl = 0
+            @retry_interval = 0
             next
           else
             @retry_interval += 1
@@ -419,7 +419,7 @@ def run
 
           # Only return max results and truncate any extras
           if @results.length >= @options[:max_results]
-            create_event("Hit maximium results limit\n\n. Exception: #{@options[:max_results].to_s}", "Warn")
+            create_event("Hit maximum results limit\n\n. Exception: #{@options[:max_results].to_s}", "Warn")
             return []
           end
           rate_limit_sleep(response.headers[:x_ratelimit_remaining], response.headers[:x_ratelimit_reset])
@@ -431,9 +431,9 @@ def run
           # Parse out the first page of results
           parse_search(response, json_response, type)
 
-          # Only return max results and truncate any extras (could be more efficent)
+          # Only return max results and truncate any extras (could be more efficient)
           if @results.length >= @options[:max_results]
-            create_event("Hit maximium results limit\n\n. Exception: #{@options[:max_results].to_s}", "Warn")
+            create_event("Hit maximum results limit\n\n. Exception: #{@options[:max_results].to_s}", "Warn")
             #return @results[0..@options[:max_results].to_i]
             return []
           end
@@ -472,12 +472,12 @@ def run
               next
             end
             json_response = JSON.parse(response)
-            # prase restuls for each page
+            # parse results for each page
             parse_search(response, json_response, type)
 
-            # only return max results and truncate any extras (could be more efficent)
+            # only return max results and truncate any extras (could be more efficient)
             if @results.length >= @options[:max_results]
-              create_event("Hit maximium results limit\n\n. Exception: #{@options[:max_results].to_s}", "Warn")
+              create_event("Hit maximum results limit\n\n. Exception: #{@options[:max_results].to_s}", "Warn")
               return []
             end
             rate_limit_sleep(response.headers[:x_ratelimit_remaining], response.headers[:x_ratelimit_reset])