fix some QL-for-QL warnings in JS

Author: erik-krogh

javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointData.qll

@@ -188,10 +188,10 @@ module FlowFromSource {
 
     Query getQuery() { result = q }
 
-    /** The sinks are the endpoints we're extracting. */
+    /** Holds if `sink` is an endpoint we're extracting. */
     override predicate isSink(DataFlow::Node sink) { sink = getAnEndpoint(q) }
 
-    /** The sinks are the endpoints we're extracting. */
+    /** Holds if `sink` is an endpoint we're extracting. */
     override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel lbl) {
       sink = getAnEndpoint(q) and exists(lbl)
     }

javascript/ql/lib/semmle/javascript/dataflow/internal/CallGraphs.qll

@@ -190,7 +190,7 @@ module CallGraph {
   }
 
   /**
-   * Holds if `ref` installs an accessor on an object. Such property writes should not
+   * Holds if `write` installs an accessor on an object. Such property writes should not
    * be considered calls to an accessor.
    */
   pragma[nomagic]

javascript/ql/lib/semmle/javascript/dataflow/internal/PropertyTypeInference.qll

@@ -10,7 +10,7 @@ private import AbstractPropertiesImpl
 private import AbstractValuesImpl
 
 /**
- * Flow analysis for property reads, either explicitly (`x.p` or `x[e]`) or
+ * An analyzed property read, either explicitly (`x.p` or `x[e]`) or
  * implicitly.
  */
 abstract class AnalyzedPropertyRead extends DataFlow::AnalyzedNode {
@@ -86,7 +86,7 @@ pragma[noinline]
 private predicate isTrackedPropertyName(string prop) { exists(MkAbstractProperty(_, prop)) }
 
 /**
- * Flow analysis for property writes, including exports (which are
+ * An analyzed property write, including exports (which are
  * modeled as assignments to `module.exports`).
  */
 abstract class AnalyzedPropertyWrite extends DataFlow::Node {

javascript/ql/lib/semmle/javascript/frameworks/AngularJS/AngularJSExpressions.qll

@@ -92,10 +92,10 @@ abstract private class HtmlAttributeAsNgSourceProvider extends NgSourceProvider,
     endColumn = startColumn + src.length() - 1
   }
 
-  /** The source code of the expression. */
+  /** Gets the source code of the expression. */
   abstract string getSource();
 
-  /** The offset into the attribute where the expression starts. */
+  /** Gets the offset into the attribute where the expression starts. */
   abstract int getOffset();
 
   override DOM::ElementDefinition getEnclosingElement() { result = this.getElement() }

javascript/ql/lib/semmle/javascript/frameworks/Handlebars.qll

@@ -61,13 +61,13 @@ private module HandlebarsTaintSteps {
    * the `FunctionNode` representing `function loudHelper`, and return its parameter `text`.
    */
   private DataFlow::ParameterNode getRegisteredHelperParam(
-    string helperName, DataFlow::FunctionNode helperFunction, int paramIndex
+    string helperName, DataFlow::FunctionNode func, int paramIndex
   ) {
     exists(DataFlow::CallNode registerHelperCall |
       registerHelperCall = any(Handlebars::Handlebars hb).getAMemberCall("registerHelper") and
       registerHelperCall.getArgument(0).mayHaveStringValue(helperName) and
-      helperFunction = registerHelperCall.getArgument(1).getAFunctionValue() and
-      result = helperFunction.getParameter(paramIndex)
+      func = registerHelperCall.getArgument(1).getAFunctionValue() and
+      result = func.getParameter(paramIndex)
     )
   }
 
@@ -132,15 +132,15 @@ private module HandlebarsTaintSteps {
   private predicate isHandlebarsArgStep(DataFlow::Node pred, DataFlow::Node succ) {
     exists(
       string helperName, DataFlow::CallNode templatingCall, DataFlow::CallNode compileCall,
-      DataFlow::FunctionNode helperFunction
+      DataFlow::FunctionNode func
     |
       templatingCall = compiledTemplate(compileCall).getACall() and
       exists(string templateText, string paramName, int argIdx |
         compileCall.getArgument(0).mayHaveStringValue(templateText)
       |
         pred = templatingCall.getArgument(0).getALocalSource().getAPropertyWrite(paramName).getRhs() and
         isTemplateHelperCallArg(templateText, helperName, argIdx, paramName) and
-        succ = getRegisteredHelperParam(helperName, helperFunction, argIdx)
+        succ = getRegisteredHelperParam(helperName, func, argIdx)
       )
     )
   }

javascript/ql/src/Expressions/CompareIdenticalValues.ql

@@ -38,7 +38,7 @@ predicate accessWithConversions(Expr e, Variable v) {
 }
 
 /**
- * A comment containing the word "NaN".
+ * Holds if `c` is a comment containing the word "NaN".
  */
 predicate isNaNComment(Comment c, string filePath, int startLine) {
   c.getText().matches("%NaN%") and

javascript/ql/src/Security/CWE-200/PrivateFileExposure.ql

@@ -76,7 +76,7 @@ Folder getAPackageJsonFolder() { result = any(PackageJson json).getFile().getPar
  * the current working folder, or the root folder.
  * All of these might cause information to be leaked.
  *
- * For the first case it is assumed that the presence of a `package.json` file means that a `node_modules` folder can also exist.
+ * For the first case it is assumed that the presence of a `package.json` file means that a "node_modules" folder can also exist.
  *
  * For the root/home/working folder, they contain so much information that they must leak information somehow (e.g. ssh keys in the `~/.ssh` folder).
  */

ql/ql/src/queries/style/MissingParameterInQlDoc.ql

@@ -46,7 +46,7 @@ private string getAMentionedNonParameter(Predicate p) {
   not result =
     [
       "true", "false", "NaN", "this", "forall", "exists", "null", "break", "return", "not", "if",
-      "then", "else", "import"
+      "then", "else", "import", "async"
     ] and
   not result = any(Aggregate a).getKind() and // min, max, sum, count, etc.
   not result = getMentionedThings(p.getLocation().getFile()) and