github · erik-krogh · Jan 4, 2022 · Dec 20, 2021 · Dec 20, 2021 · Dec 20, 2021
@@ -37,7 +37,7 @@ abstract class SimpleRangeAnalysisDefinition extends RangeSsaDefinition {
    * dependencies. Without this information, range analysis might work for
    * simple cases but will go into infinite loops on complex code.
    *
-   * For example, when modelling the definition by reference in a call to an
+   * For example, when modeling the definition by reference in a call to an
    * overloaded `operator=`, written as `v = e`, the definition of `(this, v)`
    * depends on `e`.
    */

@@ -170,7 +170,7 @@ module Ssa {
     /**
      * Gets the control flow node of this SSA definition, if any. Phi nodes are
      * examples of SSA definitions without a control flow node, as they are
-     * modelled at index `-1` in the relevant basic block.
+     * modeled at index `-1` in the relevant basic block.
      */
     final ControlFlow::Node getControlFlowNode() {
       exists(ControlFlow::BasicBlock bb, int i | this.definesAt(_, bb, i) | result = bb.getNode(i))

@@ -1,5 +1,5 @@
 /**
- * Classes modelling EntityFramework and EntityFrameworkCore.
+ * Classes modeling EntityFramework and EntityFrameworkCore.
  */
 
 import csharp

@@ -1,5 +1,5 @@
 /**
- * Classes for modelling Json.NET.
+ * Classes for modeling Json.NET.
  */
 
 import csharp

@@ -1,5 +1,5 @@
 /**
- * Classes for modelling NHibernate.
+ * Classes for modeling NHibernate.
  */
 
 import csharp

@@ -1,5 +1,5 @@
 /**
- * General modelling of ServiceStack framework including separate modules for:
+ * General modeling of ServiceStack framework including separate modules for:
  *  - flow sources
  *  - SQLi sinks
  *  - XSS sinks

@@ -3,7 +3,7 @@ private import semmle.javascript.dataflow.InferredTypes
 private import semmle.javascript.dataflow.internal.PreCallGraphStep
 
 /**
- * Classes and predicates for modelling TaintTracking steps for arrays.
+ * Classes and predicates for modeling TaintTracking steps for arrays.
  */
 module ArrayTaintTracking {
   /**
@@ -88,13 +88,13 @@ module ArrayTaintTracking {
 }
 
 /**
- * Classes and predicates for modelling data-flow for arrays.
+ * Classes and predicates for modeling data-flow for arrays.
  */
 private module ArrayDataFlow {
   private import DataFlow::PseudoProperties
 
   /**
-   * A step modelling the creation of an Array using the `Array.from(x)` method.
+   * A step modeling the creation of an Array using the `Array.from(x)` method.
    * The step copies the elements of the argument (set, array, or iterator elements) into the resulting array.
    */
   private class ArrayFrom extends DataFlow::SharedFlowStep {
@@ -112,7 +112,7 @@ private module ArrayDataFlow {
   }
 
   /**
-   * A step modelling an array copy where the spread operator is used.
+   * A step modeling an array copy where the spread operator is used.
    * The result is essentially array concatenation.
    *
    * Such a step can occur both with the `push` and `unshift` methods, or when creating a new array.
@@ -260,7 +260,7 @@ private module ArrayDataFlow {
   }
 
   /**
-   * A step modelling that `splice` can insert elements into an array.
+   * A step modeling that `splice` can insert elements into an array.
    * For example in `array.splice(i, del, e)`: if `e` is tainted, then so is `array
    */
   private class ArraySpliceStep extends DataFlow::SharedFlowStep {
@@ -275,7 +275,7 @@ private module ArrayDataFlow {
   }
 
   /**
-   * A step for modelling `concat`.
+   * A step for modeling `concat`.
    * For example in `e = arr1.concat(arr2, arr3)`: if any of the `arr` is tainted, then so is `e`.
    */
   private class ArrayConcatStep extends DataFlow::SharedFlowStep {
@@ -290,7 +290,7 @@ private module ArrayDataFlow {
   }
 
   /**
-   * A step for modelling that elements from an array `arr` also appear in the result from calling `slice`/`splice`/`filter`.
+   * A step for modeling that elements from an array `arr` also appear in the result from calling `slice`/`splice`/`filter`.
    */
   private class ArraySliceStep extends DataFlow::SharedFlowStep {
     override predicate loadStoreStep(DataFlow::Node pred, DataFlow::Node succ, string prop) {
@@ -304,7 +304,7 @@ private module ArrayDataFlow {
   }
 
   /**
-   * A step modelling that elements from an array `arr` are received by calling `find`.
+   * A step modeling that elements from an array `arr` are received by calling `find`.
    */
   private class ArrayFindStep extends DataFlow::SharedFlowStep {
     override predicate loadStep(DataFlow::Node pred, DataFlow::Node succ, string prop) {
@@ -320,7 +320,7 @@ private module ArrayDataFlow {
 private import ArrayLibraries
 
 /**
- * Classes and predicates modelling various libraries that work on arrays or array-like structures.
+ * Classes and predicates modeling various libraries that work on arrays or array-like structures.
  */
 private module ArrayLibraries {
   private import DataFlow::PseudoProperties

@@ -156,7 +156,7 @@ private module CollectionDataFlow {
   }
 
   /**
-   * A step for modelling `for of` iteration on arrays, maps, sets, and iterators.
+   * A step for modeling `for of` iteration on arrays, maps, sets, and iterators.
    *
    * For sets and iterators the l-value are the elements of the set/iterator.
    * For maps the l-value is a tuple containing a key and a value.

@@ -6,7 +6,7 @@ import javascript
 private import semmle.javascript.dataflow.internal.PreCallGraphStep
 
 /**
- * Classes and predicates for modelling data-flow for generator functions.
+ * Classes and predicates for modeling data-flow for generator functions.
  */
 private module GeneratorDataFlow {
   private import DataFlow::PseudoProperties

@@ -62,7 +62,7 @@ class JSON2CSVTaintStep extends TaintTracking::SharedTaintStep {
 /**
  * A step through the [`prettyjson`](https://www.npmjs.com/package/prettyjson) library.
  * This is not quite a `JSON.stringify` call, as it e.g. does not wrap keys in double quotes.
- * It's therefore modelled as a taint-step rather than as a `JSON.stringify` call.
+ * It's therefore modeled as a taint-step rather than as a `JSON.stringify` call.
  */
 class PrettyJSONTaintStep extends TaintTracking::SharedTaintStep {
   override predicate step(DataFlow::Node pred, DataFlow::Node succ) {

@@ -1,5 +1,5 @@
 /**
- * Provides classes for modelling promises and their data-flow.
+ * Provides classes for modeling promises and their data-flow.
  */
 
 import javascript

@@ -130,7 +130,7 @@ module RangeAnalysis {
   }
 
   /**
-   * Holds if `r` can be modelled as `r = root * sign + bias`.
+   * Holds if `r` can be modeled as `r = root * sign + bias`.
    *
    * Only looks "one step", that is, does not follow data flow and does not recursively
    * unfold nested arithmetic expressions.
@@ -203,7 +203,7 @@ module RangeAnalysis {
   }
 
   /**
-   * Holds if `r` can be modelled as `r = root * sign + bias`.
+   * Holds if `r` can be modeled as `r = root * sign + bias`.
    */
   predicate linearDefinition(DataFlow::Node r, DataFlow::Node root, int sign, Bias bias) {
     if exists(r.getImmediatePredecessor())
@@ -229,7 +229,7 @@ module RangeAnalysis {
   }
 
   /**
-   * Holds if `r` can be modelled as `r = xroot * xsign + yroot * ysign + bias`.
+   * Holds if `r` can be modeled as `r = xroot * xsign + yroot * ysign + bias`.
    */
   predicate linearDefinitionSum(
     DataFlow::Node r, DataFlow::Node xroot, int xsign, DataFlow::Node yroot, int ysign, Bias bias
@@ -260,7 +260,7 @@ module RangeAnalysis {
   }
 
   /**
-   * Holds if the given comparison can be modelled as `A <op> B + bias` where `<op>` is the comparison operator,
+   * Holds if the given comparison can be modeled as `A <op> B + bias` where `<op>` is the comparison operator,
    * and `A` is `a * asign` and likewise `B` is `b * bsign`.
    */
   predicate linearComparison(

@@ -67,7 +67,7 @@
   Node getRouteSetupNode(DataFlow::Node call) { result = MkRouteSetup(call) }
 
   /**
-   * A node in a routing tree modelling the composition of middleware functions and route handlers.
+   * A node in a routing tree modeling the composition of middleware functions and route handlers.
    *
    * More precisely, this is a node in a graph representing a set of possible routing trees, as the
    * concrete shape of the routing tree may be depend on branching control flow.
@@ -297,7 +297,7 @@
      *   req.app; // alias for 'app'
      * })
      * ```
-     * This can be modelled by mapping `(0, "app")` to the `app` data-flow node (`n=0` corresponds
+     * This can be modeled by mapping `(0, "app")` to the `app` data-flow node (`n=0` corresponds
      * to the `req` parameter).
      */
     DataFlow::Node getValueImplicitlyStoredInAccessPath(int n, string path) { none() }
@@ -460,13 +460,13 @@
        not exists(getStrictSource()) and
        exists(Router::Range router |
          this = router.getAReference().getALocalUse() and
          result = MkRouter(router, getContainer())
        )
      }
     }
 
     /**
-     * A node flowing into a use site, modelled as a child of the use site.
+     * A node flowing into a use site, modeled as a child of the use site.
      */
     private class UseSiteSource extends UseSite {
       UseSiteSource() { this = any(UseSite use).getSource() }
@@ -717,7 +717,7 @@
   /**
    * A call where a mutable router object escapes into a parameter or is returned from a function.
    *
-   * This is modelled as a route setup targeting the "local router" value and having
+   * This is modeled as a route setup targeting the "local router" value and having
    * the "target router" as its only child.
    *
    * For example,

@@ -12,7 +12,7 @@
  *    affect `x`, while `yield` expressions in functions other than `f`
  *    still may affect it.
  *
- * This is modelled as follows.
+ * This is modeled as follows.
  *
  * Within each function `g` that accesses a variable `x` declared in an
  * enclosing function `f`, we introduce a pseudo-assignment to `x` called
@@ -180,7 +180,7 @@ private module Internal {
 
   /**
    * Holds if the `i`th node of basic block `bb` may induce a pseudo-definition for
-   * modelling updates to captured variable `v`. Whether the definition is actually
+   * modeling updates to captured variable `v`. Whether the definition is actually
    * introduced depends on whether `v` is live at this point in the program.
    */
   private predicate mayCapture(ReachableBasicBlock bb, int i, SsaSourceVariable v) {

@@ -20,7 +20,7 @@ private import semmle.javascript.dataflow.InferredTypes
 private import semmle.javascript.internal.CachedStages
 
 /**
- * Provides classes for modelling taint propagation.
+ * Provides classes for modeling taint propagation.
  */
 module TaintTracking {
   /**

@@ -20,7 +20,7 @@
  * not allow reasoning about nested property writes of the form `p.q.r` (except where `p.q`
  * is a module/exports object and hence handled by local flow).
  *
- * Also note that object inheritance is not modelled. Soundness is, however, preserved in
+ * Also note that object inheritance is not modeled. Soundness is, however, preserved in
  * the sense that all expressions whole value derives (directly or indirectly) from a property
  * read are marked as indefinite.
  */
@@ -175,9 +175,9 @@ class AnalyzedValueNode extends AnalyzedNode, DataFlow::ValueNode { }
  * A module for which analysis results are available.
  *
  * The type inference supports AMD, CommonJS and ES2015 modules. All three
- * variants are modelled as CommonJS modules, with `module` object and a default
+ * variants are modeled as CommonJS modules, with `module` object and a default
  * `exports` object which is the initial value of `module.exports`. ES2015
- * exports are modelled as property writes on `module.exports`, and imports
+ * exports are modeled as property writes on `module.exports`, and imports
  * as property reads on any potential value of `module.exports`.
  */
 class AnalyzedModule extends TopLevel {

@@ -475,7 +475,7 @@ private newtype TAnalyzedGlobal =
   TAnalyzedGlocal(GlobalVariable gv, TopLevel tl) { useIn(gv, _, tl) and exists(defIn(gv, tl)) } or
   /**
    * A global variable that is used in at least one toplevel where it is not defined, and
-   * hence has to be modelled as a truly global variable.
+   * hence has to be modeled as a truly global variable.
    */
   TAnalyzedGenuineGlobal(GlobalVariable gv) {
     exists(TopLevel tl |
@@ -525,7 +525,7 @@ private class AnalyzedGlocal extends AnalyzedGlobal, TAnalyzedGlocal {
 
 /**
  * A global variable that is used in at least one toplevel where it is not defined, and
- * hence has to be modelled as a truly global variable.
+ * hence has to be modeled as a truly global variable.
  */
 private class AnalyzedGenuineGlobal extends AnalyzedGlobal, TAnalyzedGenuineGlobal {
   GlobalVariable gv;

@@ -1,5 +1,5 @@
 /**
- * Provides classes for modelling the client-side of a URL request.
+ * Provides classes for modeling the client-side of a URL request.
  *
  * Subclass `ClientRequest` to refine the behavior of the analysis on existing client requests.
  * Subclass `ClientRequest::Range` to introduce new kinds of client requests.
@@ -325,7 +325,7 @@ module ClientRequest {
   }
 
   /**
-   * Classes for modelling the url request library `needle`.
+   * Classes for modeling the url request library `needle`.
    */
   private module Needle {
     /**
@@ -819,7 +819,7 @@ module ClientRequest {
   }
 
   /**
-   * Classes and predicates modelling the `apollo-client` library.
+   * Classes and predicates modeling the `apollo-client` library.
    */
   private module ApolloClient {
     /**

@@ -1,5 +1,5 @@
 /**
- * Provides a class for modelling expressions used to supply
+ * Provides a class for modeling expressions used to supply
  * credentials.
  */
 

@@ -1,9 +1,9 @@
-/** Provides classes and predicates modelling aspects of the `d3` library. */
+/** Provides classes and predicates modeling aspects of the `d3` library. */
 
 private import javascript
 private import semmle.javascript.security.dataflow.Xss
 
-/** Provides classes and predicates modelling aspects of the `d3` library. */
+/** Provides classes and predicates modeling aspects of the `d3` library. */
 module D3 {
   /** The global variable `d3` as an entry point for API graphs. */
   private class D3GlobalEntry extends API::EntryPoint {

@@ -54,7 +54,7 @@ private module DateFns {
 }
 
 /**
- * Provides classes and predicates modelling the `@date-io` libraries.
+ * Provides classes and predicates modeling the `@date-io` libraries.
  */
 private module DateIO {
   private class FormatStep extends TaintTracking::SharedTaintStep {
@@ -105,7 +105,7 @@ private module DateIO {
 }
 
 /**
- * Provides classes and predicates modelling the `luxon` library.
+ * Provides classes and predicates modeling the `luxon` library.
  */
 private module Luxon {
   /**

@@ -78,7 +78,7 @@ module Electron {
   }
 
   /**
-   * Provides classes and predicates for modelling Electron inter-process communication (IPC).
+   * Provides classes and predicates for modeling Electron inter-process communication (IPC).
    * The Electron IPC are EventEmitters, but they also expose a number of methods on top of the standard EventEmitter.
    */
   private module IPC {

@@ -352,7 +352,7 @@ module Express {
      * If the preceding handler's path cannot be determined, it is assumed to match.
      *
      * Note that this predicate is not complete: path globs such as `'*'` are not currently
-     * handled, and relative paths of subrouters are not modelled. In particular, if an outer
+     * handled, and relative paths of subrouters are not modeled. In particular, if an outer
      * router installs a route handler `r1` on a path that matches the path of a route handler
      * `r2` installed on a subrouter, `r1` will not be recognized as an ancestor of `r2`.
      */

@@ -145,7 +145,7 @@ private class FastGlobFileNameSource extends FileNameSource {
 }
 
 /**
- * Classes and predicates for modelling the `fstream` library (https://www.npmjs.com/package/fstream).
+ * Classes and predicates for modeling the `fstream` library (https://www.npmjs.com/package/fstream).
  */
 private module FStream {
   /**
@@ -242,7 +242,7 @@ private class RecursiveReadDir extends FileSystemAccess, FileNameProducer, DataF
 }
 
 /**
- * Classes and predicates for modelling the `jsonfile` library (https://www.npmjs.com/package/jsonfile).
+ * Classes and predicates for modeling the `jsonfile` library (https://www.npmjs.com/package/jsonfile).
  */
 private module JSONFile {
   /**