JS: Manually fix up some errors made by the script

Author: asgerf

javascript/ql/test/query-tests/Comments/CommentedOutCode/commentedCode.js

@@ -80,7 +80,7 @@ function sayHello() {
    * }
    */
 
-
+  // good
 
   // ====
   // ----

javascript/ql/test/query-tests/JSDoc/UndocumentedParameter/tst.js

@@ -1,9 +1,7 @@
 /**
- * NOT OK: Parameter y is not documented.
- *
  * @param x The first operand.
  */
-function f(x, y) {
+function f(x, y) { // $ Alert
     return x+y;
 }
 
@@ -14,14 +12,14 @@ function g(x, y) {
     return x+y;
 }
 
-/** // $ Alert
+/**
  * @param {int}   x
  * @param {float} y
  */
 var o = {
   /**
    * @param {String} x first argument.
    */
-  f : function(x, y) {
+  f : function(x, y) { // $ Alert
   }
 };

javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/bad-code-sanitization.js

@@ -58,12 +58,13 @@ app.get('/some/path', function(req, res) {
   setTimeout(`(function(){${JSON.stringify(taint)}))`); // OK - the source is remote-flow, and the sink is code-injection.
 });
 
-function createObjectWrite() { // $ Alert - documentation example:
+// Bad documentation example: 
+function createObjectWrite() {
     const assignment = `obj[${JSON.stringify(key)}]=42`;
     return `(function(){${assignment}})` // $ Alert[js/bad-code-sanitization]
 }
 
-// OK - documentation example:
+// Good documentation example: 
 function good() {
     const charMap = {
         '<': '\\u003C',

javascript/ql/test/query-tests/Security/CWE-200/private-file-exposure.js

@@ -42,15 +42,16 @@ app.use('/angular', require('serve-static')(path.join(__dirname, "/node_modules"
 app.use('/home', require('serve-static')(require("os").homedir())); // $ Alert
 app.use('/root', require('serve-static')("/")); // $ Alert
 
-function bad() { // $ Alert - documentation example
+// Bad documentation example
+function bad() {
     var express = require('express');
 
     var app = express();
 
     app.use('/node_modules', express.static(path.resolve(__dirname, '../node_modules'))); // $ Alert
 }
 
-// OK - documentation example
+// Good documentation example
 function good() {
     var express = require('express');
 

javascript/ql/test/query-tests/Security/CWE-327/bad-random.js

@@ -112,12 +112,13 @@ var good = (a[i] * 0x100000000) + a[i + 6]; // OK - generating a large number fr
 var good = (a[i + 2] * 0x10000000) + a[i + 6]; // OK - generating a large number from smaller bytes.
 var foo = 0xffffffffffff + 0xfffffffffff + 0xffffffffff + 0xfffffffff + 0xffffffff + 0xfffffff + 0xffffff
 
-const digits = []; // $ Alert - documentation example:
+// Bad documentation example: 
+const digits = [];
 for (let i = 0; i < 10; i++) {
     digits.push(crypto.randomBytes(1)[0] % 10); // $ Alert
 }
 
-// OK - documentation example:
+// Good documentation example: 
 const digits = [];
 while (digits.length < 10) {
     const byte = crypto.randomBytes(1)[0];