Fix typos

joefarebrother · joefarebrother · commit abf894a64cb7 · 2022-08-05T12:56:20.000+01:00
diff --git a/java/ql/lib/semmle/code/java/security/AndroidWebViewCertificateValidationQuery.qll b/java/ql/lib/semmle/code/java/security/AndroidWebViewCertificateValidationQuery.qll
@@ -1,4 +1,4 @@
-/** Defintions for the web view certificate validation query */
+/** Definitions for the web view certificate validation query */
 
 import java
 
@@ -28,7 +28,7 @@ private class SslProceedCall extends MethodAccess {
   }
 }
 
-/** Holds if `m` trusts all certifiates by calling `SslErrorHandler.proceed` unconditionally. */
+/** Holds if `m` trusts all certificates by calling `SslErrorHandler.proceed` unconditionally. */
 predicate trustsAllCerts(OnReceivedSslErrorMethod m) {
   exists(SslProceedCall pr | pr.getQualifier().(VarAccess).getVariable() = m.handlerArg()) and
   not exists(SslCancelCall ca | ca.getQualifier().(VarAccess).getVariable() = m.handlerArg())
diff --git a/java/ql/src/Security/CWE/CWE-295/ImproperWebViewCertificateValidation.qhelp b/java/ql/src/Security/CWE/CWE-295/ImproperWebViewCertificateValidation.qhelp
@@ -24,7 +24,7 @@ An attack might look like this:
 
 <recommendation>
 <p>
-Do not use a call <code>SslerrorHandler.proceed</code> unconditonally. 
+Do not use a call <code>SslerrorHandler.proceed</code> unconditionally. 
 If you have to use a self-signed certificate, only accept that certificate, not all certificates. 
 </p>
 
diff --git a/java/ql/src/Security/CWE/CWE-295/ImproperWebViewCertificateValidation.ql b/java/ql/src/Security/CWE/CWE-295/ImproperWebViewCertificateValidation.ql
@@ -1,5 +1,5 @@
 /**
- * @name Android `WebVeiw` that accepts all certificates
+ * @name Android `WebView` that accepts all certificates
  * @description Trusting all certificates allows an attacker to perform a machine-in-the-middle attack.
  * @kind problem
  * @problem.severity error
diff --git a/java/ql/src/change-notes/2022-06-22-improper-webview-certificate-validation.md b/java/ql/src/change-notes/2022-06-22-improper-webview-certificate-validation.md
@@ -1,4 +1,4 @@
 ---
 category: newQuery
 ---
-* A new query "Android `WebVeiw` that accepts all certificates" (`java/improper-webview-certificate-validation`) has been added. This query finds implementations of `WebViewClient`s that accept all certificates in the case of an SSL error.
+* A new query "Android `WebView` that accepts all certificates" (`java/improper-webview-certificate-validation`) has been added. This query finds implementations of `WebViewClient`s that accept all certificates in the case of an SSL error.

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-/** Defintions for the web view certificate validation query */`
	`1`	`+/** Definitions for the web view certificate validation query */`
`2`	`2`
`3`	`3`	`import java`
`4`	`4`
`@@ -28,7 +28,7 @@ private class SslProceedCall extends MethodAccess {`
`28`	`28`	`}`
`29`	`29`	`}`
`30`	`30`
`31`		-/** Holds if `m` trusts all certifiates by calling `SslErrorHandler.proceed` unconditionally. */
	`31`	+/** Holds if `m` trusts all certificates by calling `SslErrorHandler.proceed` unconditionally. */
`32`	`32`	`predicate trustsAllCerts(OnReceivedSslErrorMethod m) {`
`33`	`33`	`exists(SslProceedCall pr \| pr.getQualifier().(VarAccess).getVariable() = m.handlerArg()) and`
`34`	`34`	`not exists(SslCancelCall ca \| ca.getQualifier().(VarAccess).getVariable() = m.handlerArg())`