Merge pull request #7450 from erik-krogh/missDocParam

QL: Add query detecting suspiciously missing parameters from the QLDoc of a predicate

Author: erik-krogh

javascript/ql/examples/queries/dataflow/TemplateInjection/TemplateInjection.ql

@@ -14,7 +14,7 @@ import DataFlow::PathGraph
 /**
  * Gets the name of an unescaped placeholder in a lodash template.
  *
- * For example, the string `<h1><%= title %></h1>` contains the placeholder `title`.
+ * For example, the string `"<h1><%= title %></h1>"` contains the placeholder "title".
  */
 bindingset[s]
 string getAPlaceholderInString(string s) {

javascript/ql/lib/definitions.qll

@@ -45,7 +45,7 @@ private predicate variableDefLookup(VarAccess va, AstNode def, string kind) {
 
 /**
  * Holds if variable access `va` is of kind `kind` and refers to the
- * variable declaration.
+ * variable declaration `decl`.
  *
  * For example, in the statement `var x = 42, y = x;`, the initializing
  * expression of `y` is a variable access `x` of kind `"V"` that refers to

javascript/ql/lib/semmle/javascript/BasicBlocks.qll

@@ -146,7 +146,7 @@ class BasicBlock extends @cfg_node, NodeInStmtContainer {
   /** Holds if this basic block uses variable `v` in its `i`th node `u`. */
   predicate useAt(int i, Variable v, VarUse u) { useAt(this, i, v, u) }
 
-  /** Holds if this basic block defines variable `v` in its `i`th node `u`. */
+  /** Holds if this basic block defines variable `v` in its `i`th node `d`. */
   predicate defAt(int i, Variable v, VarDef d) { defAt(this, i, v, d) }
 
   /**

javascript/ql/lib/semmle/javascript/CharacterEscapes.qll

@@ -75,7 +75,7 @@ module CharacterEscapes {
   }
 
   /**
-   * Gets a character in `n` that is preceded by a single useless backslash, resulting in a likely regular expression mistake explained by `mistake`.
+   * Gets a character in `src` that is preceded by a single useless backslash, resulting in a likely regular expression mistake explained by `mistake`.
    *
    * The character is the `i`th character of the raw string value of `rawStringNode`.
    */

javascript/ql/lib/semmle/javascript/Classes.qll

@@ -172,7 +172,7 @@ class ClassDefinition extends @class_definition, ClassOrInterface, AST::ValueNod
   /** Gets the expression denoting the super class of the defined class, if any. */
   override Expr getSuperClass() { result = this.getChildExpr(1) }
 
-  /** Gets the `n`th type from the `implements` clause of this class, starting at 0. */
+  /** Gets the `i`th type from the `implements` clause of this class, starting at 0. */
   override TypeExpr getSuperInterface(int i) {
     // AST indices for super interfaces: -1, -4, -7, ...
     exists(int astIndex | typeexprs(result, _, this, astIndex, _) |

javascript/ql/lib/semmle/javascript/ES2015Modules.qll

@@ -54,7 +54,7 @@ private predicate hasNamedExports(ES2015Module mod) {
 }
 
 /**
- * Holds if this module contains a `default` export.
+ * Holds if this module contains a default export.
  */
 private predicate hasDefaultExport(ES2015Module mod) {
   // export default foo;
@@ -337,7 +337,7 @@ class BulkReExportDeclaration extends ReExportDeclaration, @export_all_declarati
 }
 
 /**
- * Holds if the given bulk export should not re-export `name` because there is an explicit export
+ * Holds if the given bulk export `reExport` should not re-export `name` because there is an explicit export
  * of that name in the same module.
  *
  * At compile time, shadowing works across declaration spaces.

javascript/ql/lib/semmle/javascript/Paths.qll

@@ -180,7 +180,7 @@ private Path resolveUpTo(PathString p, int n, Folder root, boolean inTS) {
 }
 
 /**
- * Gets the `i`th component of the path `str`, where `base` is the resolved path one level up.
+ * Gets the `n`th component of the path `str`, where `base` is the resolved path one level up.
  * Supports that the root directory might be compiled output from TypeScript.
  * `inTS` is true if the result is TypeScript that is compiled into the path specified by `str`.
  */
@@ -227,7 +227,7 @@ private module TypeScriptOutDir {
   }
 
   /**
-   * Gets the `outDir` option from a tsconfig file from the folder `parent`.
+   * Gets the "outDir" option from a `tsconfig` file from the folder `parent`.
    */
   private string getOutDir(JsonObject tsconfig, Folder parent) {
     tsconfig.getFile().getBaseName().regexpMatch("tsconfig.*\\.json") and

javascript/ql/lib/semmle/javascript/PrintAst.qll

@@ -195,7 +195,7 @@ private module PrintJavaScript {
      * Gets the `i`th child of `element`.
      * Can be overridden in subclasses to get more specific behavior for `getChild()`.
      */
-    AstNode getChildNode(int childIndex) { result = getLocationSortedChild(element, childIndex) }
+    AstNode getChildNode(int i) { result = getLocationSortedChild(element, i) }
   }
 
   /** Provides predicates for pretty printing `AstNode`s. */

javascript/ql/lib/semmle/javascript/RangeAnalysis.qll

@@ -260,7 +260,7 @@ module RangeAnalysis {
   }
 
   /**
-   * Holds if the given comparison can be modeled as `A <op> B + bias` where `<op>` is the comparison operator,
+   * Holds if the given `comparison` can be modeled as `A <op> B + bias` where `<op>` is the comparison operator,
    * and `A` is `a * asign` and likewise `B` is `b * bsign`.
    */
   predicate linearComparison(
@@ -310,18 +310,18 @@ module RangeAnalysis {
    * Holds if `guard` asserts that the outcome of `A <op> B + bias` is true, where `<op>` is a comparison operator.
    */
   predicate linearComparisonGuard(
-    ConditionGuardNode guard, DataFlow::Node a, int asign, string operator, DataFlow::Node b,
-    int bsign, Bias bias
+    ConditionGuardNode guard, DataFlow::Node a, int asign, string op, DataFlow::Node b, int bsign,
+    Bias bias
   ) {
     exists(Comparison compare |
       compare = guard.getTest().flow().getImmediatePredecessor*().asExpr() and
       linearComparison(compare, a, asign, b, bsign, bias) and
       (
-        guard.getOutcome() = true and operator = compare.getOperator()
+        guard.getOutcome() = true and op = compare.getOperator()
         or
         not hasNaNIndicator(guard.getContainer()) and
         guard.getOutcome() = false and
-        operator = negateOperator(compare.getOperator())
+        op = negateOperator(compare.getOperator())
       )
     )
   }
@@ -657,13 +657,13 @@ module RangeAnalysis {
    */
   pragma[noopt]
   private predicate reachableByNegativeEdges(
-    DataFlow::Node a, int asign, DataFlow::Node b, int bsign, ControlFlowNode cfg
+    DataFlow::Node src, int asign, DataFlow::Node dst, int bsign, ControlFlowNode cfg
   ) {
-    negativeEdge(a, asign, b, bsign, cfg)
+    negativeEdge(src, asign, dst, bsign, cfg)
     or
     exists(DataFlow::Node mid, int midx, ControlFlowNode midcfg |
-      reachableByNegativeEdges(a, asign, mid, midx, cfg) and
-      negativeEdge(mid, midx, b, bsign, midcfg) and
+      reachableByNegativeEdges(src, asign, mid, midx, cfg) and
+      negativeEdge(mid, midx, dst, bsign, midcfg) and
       exists(BasicBlock bb, int i, int j |
         bb.getNode(i) = midcfg and
         bb.getNode(j) = cfg and
@@ -676,8 +676,8 @@ module RangeAnalysis {
       DataFlow::Node mid, int midx, ControlFlowNode midcfg, BasicBlock midBB,
       ReachableBasicBlock midRBB, BasicBlock cfgBB
     |
-      reachableByNegativeEdges(a, asign, mid, midx, cfg) and
-      negativeEdge(mid, midx, b, bsign, midcfg) and
+      reachableByNegativeEdges(src, asign, mid, midx, cfg) and
+      negativeEdge(mid, midx, dst, bsign, midcfg) and
       midBB = midcfg.getBasicBlock() and
       midRBB = midBB.(ReachableBasicBlock) and
       cfgBB = cfg.getBasicBlock() and

javascript/ql/lib/semmle/javascript/Routing.qll

@@ -229,7 +229,7 @@ module Routing {
     }
 
     /**
-     * Holds if `node` has processed the incoming request strictly prior to this node.
+     * Holds if `guard` has processed the incoming request strictly prior to this node.
      */
     pragma[inline]
     private predicate isGuardedByNodeInternal(Node guard) {