From 5d3ec35e292271050b4081d1ee75f53b664ff4b1 Mon Sep 17 00:00:00 2001 From: Arthur Baars Date: Fri, 5 Sep 2025 09:41:15 +0200 Subject: [PATCH] Remove non-breaking spaces from code --- .github/workflows/query-list.yml | 2 +- .../Security/CWE-829/UntrustedCheckoutCritical.md | 2 +- .../ql/src/Security/CWE-829/UntrustedCheckoutHigh.md | 2 +- .../src/Security/CWE-829/UntrustedCheckoutMedium.md | 2 +- docs/codeql/ql-language-reference/expressions.rst | 2 +- go/old-change-notes/2020-10-01-gomod-extraction.md | 2 +- go/ql/lib/semmle/go/Architectures.qll | 2 +- .../semmle/go/dataflow/internal/DataFlowNodes.qll | 2 +- go/ql/lib/semmle/go/frameworks/Beego.qll | 2 +- go/ql/src/InconsistentCode/MissingErrorCheck.qhelp | 2 +- go/ql/src/InconsistentCode/MissingErrorCheck.ql | 2 +- go/ql/src/Security/CWE-327/InsecureTLS.ql | 2 +- .../library-tests/semmle/go/frameworks/Beego/test.go | 2 +- .../semmle/go/frameworks/Revel/EndToEnd.go | 6 +++--- javascript/documentation/library-customization.rst | 2 +- .../ql/src/experimental/Security/CWE-918/SSRF.js | 2 +- .../ql/src/experimental/Security/CWE-918/SSRFGood.js | 2 +- .../TypeScript/RegressionTests/EmptyName/test.ts | 8 ++++---- .../RegressionTests/SemicolonInName/test.ts | 8 ++++---- misc/scripts/shared-code-metrics.py | 2 +- python/extractor/tsg-python/python.tsg | 10 +++++----- .../test/library-tests/dataflow/global-flow/known.py | 2 +- .../dataflow/typetracking/attribute_tests.py | 12 ++++++------ .../examples/InsecureRandomnessBad.rb | 2 +- .../InsecureRandomness/InsecureRandomness.rb | 2 +- ruby/ql/test/query-tests/security/cwe-915/test.rb | 2 +- 26 files changed, 43 insertions(+), 43 deletions(-) diff --git a/.github/workflows/query-list.yml b/.github/workflows/query-list.yml index a383e381d90f..8c736379f8a6 100644 --- a/.github/workflows/query-list.yml +++ b/.github/workflows/query-list.yml @@ -31,7 +31,7 @@ jobs: with: python-version: 3.8 - name: Download CodeQL CLI - # Look under the `codeql` directory, as this is where we checked out the `github/codeql` repo + # Look under the `codeql` directory, as this is where we checked out the `github/codeql` repo uses: ./codeql/.github/actions/fetch-codeql - name: Build code scanning query list run: | diff --git a/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.md b/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.md index de3307550ad2..6060354b134a 100644 --- a/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.md +++ b/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.md @@ -32,7 +32,7 @@ jobs: - uses: actions/setup-node@v1 - run: | - npm install # scripts in package.json from PR would be executed here + npm install # scripts in package.json from PR would be executed here npm build - uses: completely/fakeaction@v2 diff --git a/actions/ql/src/Security/CWE-829/UntrustedCheckoutHigh.md b/actions/ql/src/Security/CWE-829/UntrustedCheckoutHigh.md index de3307550ad2..6060354b134a 100644 --- a/actions/ql/src/Security/CWE-829/UntrustedCheckoutHigh.md +++ b/actions/ql/src/Security/CWE-829/UntrustedCheckoutHigh.md @@ -32,7 +32,7 @@ jobs: - uses: actions/setup-node@v1 - run: | - npm install # scripts in package.json from PR would be executed here + npm install # scripts in package.json from PR would be executed here npm build - uses: completely/fakeaction@v2 diff --git a/actions/ql/src/Security/CWE-829/UntrustedCheckoutMedium.md b/actions/ql/src/Security/CWE-829/UntrustedCheckoutMedium.md index de3307550ad2..6060354b134a 100644 --- a/actions/ql/src/Security/CWE-829/UntrustedCheckoutMedium.md +++ b/actions/ql/src/Security/CWE-829/UntrustedCheckoutMedium.md @@ -32,7 +32,7 @@ jobs: - uses: actions/setup-node@v1 - run: | - npm install # scripts in package.json from PR would be executed here + npm install # scripts in package.json from PR would be executed here npm build - uses: completely/fakeaction@v2 diff --git a/docs/codeql/ql-language-reference/expressions.rst b/docs/codeql/ql-language-reference/expressions.rst index 5c73681f7aae..327cabb6181e 100644 --- a/docs/codeql/ql-language-reference/expressions.rst +++ b/docs/codeql/ql-language-reference/expressions.rst @@ -625,7 +625,7 @@ Then the evaluation of the ``depth`` predicate proceeds as follows: +-----------+--------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | **Stage** | **depth** | **Comments** | +===========+============================================+==========================================================================================================================================================================+ -| 0 |   | We always begin with the empty set. | +| 0 | | We always begin with the empty set. | +-----------+--------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | 1 | ``(0, b), (0, d), (0, e)`` | The nodes with no children have depth 0. The recursive step for **a** and **c** fails to produce a value, since some of their children do not have values for ``depth``. | +-----------+--------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ diff --git a/go/old-change-notes/2020-10-01-gomod-extraction.md b/go/old-change-notes/2020-10-01-gomod-extraction.md index ca0c0c72d50b..a975a15973ae 100644 --- a/go/old-change-notes/2020-10-01-gomod-extraction.md +++ b/go/old-change-notes/2020-10-01-gomod-extraction.md @@ -1,2 +1,2 @@ lgtm,codescanning -* The extractor now only extracts go.mod files belonging to extracted packages. In particular, vendored go.mod files will no longer be extracted unless the vendored package is explicitly passed to the extractor. This will remove unexpected `GoModExpr` and similar expressions seen by queries. +* The extractor now only extracts go.mod files belonging to extracted packages. In particular, vendored go.mod files will no longer be extracted unless the vendored package is explicitly passed to the extractor. This will remove unexpected `GoModExpr` and similar expressions seen by queries. diff --git a/go/ql/lib/semmle/go/Architectures.qll b/go/ql/lib/semmle/go/Architectures.qll index e509de4bc689..bb4face24072 100644 --- a/go/ql/lib/semmle/go/Architectures.qll +++ b/go/ql/lib/semmle/go/Architectures.qll @@ -28,7 +28,7 @@ class Architecture extends string { } /** - * Gets the integer and pointer type width for this architecture. + * Gets the integer and pointer type width for this architecture. * * As of the time of writing, this appears to always be identical -- there aren't * Go architectures with 64-bit pointers but 32-bit ints, for example. diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll index a770f047d651..20a147a6454c 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll @@ -994,7 +994,7 @@ module Public { class ComponentReadNode extends ReadNode { override IR::ComponentReadInstruction insn; - /** Gets the data-flow node representing the base from which the field or element is read. */ + /** Gets the data-flow node representing the base from which the field or element is read. */ Node getBase() { result = DataFlow::instructionNode(insn.getBase()) } } diff --git a/go/ql/lib/semmle/go/frameworks/Beego.qll b/go/ql/lib/semmle/go/frameworks/Beego.qll index a9e296a1f973..952958cebf0e 100644 --- a/go/ql/lib/semmle/go/frameworks/Beego.qll +++ b/go/ql/lib/semmle/go/frameworks/Beego.qll @@ -109,7 +109,7 @@ module Beego { override string getAContentType() { // Super-method provides content-types for `Body`, which requires us to search - // for `ContentType` and `Header` calls against the same `BeegoOutput` instance + // for `ContentType` and `Header` calls against the same `BeegoOutput` instance result = super.getAContentType() or // Specifically describe methods that set the content-type and body in one operation: diff --git a/go/ql/src/InconsistentCode/MissingErrorCheck.qhelp b/go/ql/src/InconsistentCode/MissingErrorCheck.qhelp index d542a728cfee..0d5610e13916 100644 --- a/go/ql/src/InconsistentCode/MissingErrorCheck.qhelp +++ b/go/ql/src/InconsistentCode/MissingErrorCheck.qhelp @@ -22,7 +22,7 @@ the returned pointer.

-

The corrected version of user checks err before using ptr.

+

The corrected version of user checks err before using ptr.

diff --git a/go/ql/src/InconsistentCode/MissingErrorCheck.ql b/go/ql/src/InconsistentCode/MissingErrorCheck.ql index 8e277c6ae747..6a68904427de 100644 --- a/go/ql/src/InconsistentCode/MissingErrorCheck.ql +++ b/go/ql/src/InconsistentCode/MissingErrorCheck.ql @@ -22,7 +22,7 @@ predicate isNil(DataFlow::Node node) { node = Builtin::nil().getARead() } /** * Matches if `call` may return a nil pointer alongside an error value. * - * This is both an over- and under-estimate: over in that we assume opaque functions may use this + * This is both an over- and under-estimate: over in that we assume opaque functions may use this * convention, and under in that functions with bodies are only recognized if they use a literal * `nil` for the pointer return value at some return site. */ diff --git a/go/ql/src/Security/CWE-327/InsecureTLS.ql b/go/ql/src/Security/CWE-327/InsecureTLS.ql index a4a9ab1f549a..dba6f2d54ca9 100644 --- a/go/ql/src/Security/CWE-327/InsecureTLS.ql +++ b/go/ql/src/Security/CWE-327/InsecureTLS.ql @@ -211,7 +211,7 @@ module TlsInsecureCipherSuitesFlow = TaintTracking::Global { - const { target } = req.body; + const { target } = req.body; try { // BAD: `target` is controlled by the attacker diff --git a/javascript/ql/src/experimental/Security/CWE-918/SSRFGood.js b/javascript/ql/src/experimental/Security/CWE-918/SSRFGood.js index 10ab26e607b7..e91c1131338b 100644 --- a/javascript/ql/src/experimental/Security/CWE-918/SSRFGood.js +++ b/javascript/ql/src/experimental/Security/CWE-918/SSRFGood.js @@ -2,7 +2,7 @@ const axios = require('axios'); const validator = require('validator'); export const handler = async (req, res, next) => { - const { target } = req.body; + const { target } = req.body; if (!validator.isAlphanumeric(target)) { return next(new Error('Bad request')); diff --git a/javascript/ql/test/library-tests/TypeScript/RegressionTests/EmptyName/test.ts b/javascript/ql/test/library-tests/TypeScript/RegressionTests/EmptyName/test.ts index 3082f40600f6..8e25b67918aa 100644 --- a/javascript/ql/test/library-tests/TypeScript/RegressionTests/EmptyName/test.ts +++ b/javascript/ql/test/library-tests/TypeScript/RegressionTests/EmptyName/test.ts @@ -1,9 +1,9 @@ type Mapped = { -     [mk in MK]: string + [mk in MK]: string }; export function fn(ev: Mapped) { -    const props: Mapped = { -        ...ev -    }; + const props: Mapped = { + ...ev + }; } diff --git a/javascript/ql/test/library-tests/TypeScript/RegressionTests/SemicolonInName/test.ts b/javascript/ql/test/library-tests/TypeScript/RegressionTests/SemicolonInName/test.ts index 1726e5abafbe..a3ed20468361 100644 --- a/javascript/ql/test/library-tests/TypeScript/RegressionTests/SemicolonInName/test.ts +++ b/javascript/ql/test/library-tests/TypeScript/RegressionTests/SemicolonInName/test.ts @@ -1,9 +1,9 @@ type Mapped = { -     [mk in MK]: string + [mk in MK]: string }; export function fn(ev: Mapped) { -    const props: Mapped = { -        ...ev -    }; + const props: Mapped = { + ...ev + }; } diff --git a/misc/scripts/shared-code-metrics.py b/misc/scripts/shared-code-metrics.py index 94679693186a..62a14be6749b 100755 --- a/misc/scripts/shared-code-metrics.py +++ b/misc/scripts/shared-code-metrics.py @@ -159,7 +159,7 @@ def link(self): def containsDirectory(self, dir): return self.path.parent.parts == dir.parts[:len(self.path.parent.parts)] - # dir.startsWith(self.path.parent) + # dir.startsWith(self.path.parent) # Constructs a list of transitive depedencies of this package. def calculateDependencies(self, packageNameMap): diff --git a/python/extractor/tsg-python/python.tsg b/python/extractor/tsg-python/python.tsg index 7ad0f3f14244..00e231ee6d53 100644 --- a/python/extractor/tsg-python/python.tsg +++ b/python/extractor/tsg-python/python.tsg @@ -174,7 +174,7 @@ { let @unaryop.node = (ast-node @unaryop "UnaryOp") } (exec_statement) @exec -{ let @exec.node = (ast-node @exec "Exec") } +{ let @exec.node = (ast-node @exec "Exec") } (print_statement) @print { let @print.node = (ast-node @print "Print") } @@ -3040,7 +3040,7 @@ if some @is_kwarg { attr (@lambda.function -> @name.node) kwonlyargs = (named-child-index @param) } - else {  + else { attr (@lambda.function -> @name.node) args = (named-child-index @param) } @@ -3153,7 +3153,7 @@ if some @is_kwarg { attr (@funcdef.function -> @name.node) kwonlyargs = (named-child-index @param) } - else {  + else { attr (@funcdef.function -> @name.node) args = (named-child-index @param) } @@ -3284,7 +3284,7 @@ attr (@last.node) func = @exp.node edge @last.node -> @funcdef.funcexpr attr (@last.node -> @funcdef.funcexpr) positional_args = 0 - attr (@last.node) _location_end = (location-end @exp) + attr (@last.node) _location_end = (location-end @exp) } (decorated_definition @@ -3296,7 +3296,7 @@ attr (@last.node) func = @exp.node edge @last.node -> @class.class_expr attr (@last.node -> @class.class_expr) positional_args = 0 - attr (@last.node) _location_end = (location-end @exp) + attr (@last.node) _location_end = (location-end @exp) } ;;; Type parameters diff --git a/python/ql/test/library-tests/dataflow/global-flow/known.py b/python/ql/test/library-tests/dataflow/global-flow/known.py index ab60b9914524..f9bdbd7af54e 100644 --- a/python/ql/test/library-tests/dataflow/global-flow/known.py +++ b/python/ql/test/library-tests/dataflow/global-flow/known.py @@ -1 +1 @@ -known_attr = [1000] #$ writes=known_attr +known_attr = [1000] #$ writes=known_attr diff --git a/python/ql/test/library-tests/dataflow/typetracking/attribute_tests.py b/python/ql/test/library-tests/dataflow/typetracking/attribute_tests.py index 2cc6346527f6..8df3ef51f881 100644 --- a/python/ql/test/library-tests/dataflow/typetracking/attribute_tests.py +++ b/python/ql/test/library-tests/dataflow/typetracking/attribute_tests.py @@ -35,7 +35,7 @@ def set_foo(some_class_instance): # $ tracked=foo some_class_instance.foo = tracked # $ tracked=foo tracked def test_set_x(): - x = SomeClass() # $ MISSING: tracked=foo + x = SomeClass() # $ MISSING: tracked=foo set_foo(x) # $ MISSING: tracked=foo print(x.foo) # $ MISSING: tracked=foo tracked @@ -51,7 +51,7 @@ def test_create_with_foo(): def test_global_attribute_assignment(): global global_var - global_var.foo = tracked # $ tracked tracked=foo + global_var.foo = tracked # $ tracked tracked=foo def test_global_attribute_read(): x = global_var.foo # $ tracked tracked=foo @@ -61,7 +61,7 @@ def test_local_attribute_assignment(): # In this case, we don't want flow going to the `ModuleVariableNode` for `local_var` # (which is referenced in `test_local_attribute_read`). local_var = object() # $ tracked=foo - local_var.foo = tracked # $ tracked tracked=foo + local_var.foo = tracked # $ tracked tracked=foo def test_local_attribute_read(): x = local_var.foo @@ -129,7 +129,7 @@ def dunder_dict_indirect_write(): x = SomeClass() # $ MISSING: tracked=foo x.__dict__[attr] = tracked # $tracked MISSING: tracked=foo y = x.foo # $ MISSING: tracked tracked=foo - do_stuff(y) # $ MISSING: tracked + do_stuff(y) # $ MISSING: tracked def dunder_dict_indirect_read(): attr = "foo" @@ -153,7 +153,7 @@ def __init__(self): # $ tracked=foo def print_foo(self): # $ MISSING: tracked=foo print(self.foo) # $ MISSING: tracked=foo tracked - def possibly_uncalled_method(self): # $ MISSING: tracked=foo + def possibly_uncalled_method(self): # $ MISSING: tracked=foo print(self.foo) # $ MISSING: tracked=foo tracked instance = MyClass2() @@ -170,7 +170,7 @@ def print_self(self): # $ tracked=foo def print_foo(self): # $ tracked=foo print(self.foo) # $ tracked=foo tracked - def possibly_uncalled_method(self): # $ MISSING: tracked=foo + def possibly_uncalled_method(self): # $ MISSING: tracked=foo print(self.foo) # $ MISSING: tracked=foo tracked instance = MyClass3() # $ tracked=foo diff --git a/ruby/ql/src/experimental/insecure-randomness/examples/InsecureRandomnessBad.rb b/ruby/ql/src/experimental/insecure-randomness/examples/InsecureRandomnessBad.rb index d4a94a8b18be..044d257096ac 100644 --- a/ruby/ql/src/experimental/insecure-randomness/examples/InsecureRandomnessBad.rb +++ b/ruby/ql/src/experimental/insecure-randomness/examples/InsecureRandomnessBad.rb @@ -1,6 +1,6 @@ def generate_password() chars = ('a'..'z').to_a + ('A'..'Z').to_a + ('0'..'9').to_a + ['!', '@', '#', '$', '%'] - # BAD: rand is not cryptographically secure + # BAD: rand is not cryptographically secure password = (1..10).collect { chars[rand(chars.size)] }.join end diff --git a/ruby/ql/test/query-tests/experimental/InsecureRandomness/InsecureRandomness.rb b/ruby/ql/test/query-tests/experimental/InsecureRandomness/InsecureRandomness.rb index 516b282ece55..116957137b56 100644 --- a/ruby/ql/test/query-tests/experimental/InsecureRandomness/InsecureRandomness.rb +++ b/ruby/ql/test/query-tests/experimental/InsecureRandomness/InsecureRandomness.rb @@ -2,7 +2,7 @@ def generate_password_1(length) chars = ('a'..'z').to_a + ('A'..'Z').to_a + ('0'..'9').to_a + ['!', '@', '#', '$', '%'] - # BAD: rand is not cryptographically secure + # BAD: rand is not cryptographically secure password = (1..length).collect { chars[rand(chars.size)] }.join end diff --git a/ruby/ql/test/query-tests/security/cwe-915/test.rb b/ruby/ql/test/query-tests/security/cwe-915/test.rb index a60def5d201f..c72ad536ef73 100644 --- a/ruby/ql/test/query-tests/security/cwe-915/test.rb +++ b/ruby/ql/test/query-tests/security/cwe-915/test.rb @@ -46,7 +46,7 @@ def user_params def create4 x = params[:user] x.permit! - User.new(x) # BAD + User.new(x) # BAD User.new(x.permit(:name,:address)) # GOOD User.new(params.permit(user: {})) # BAD User.new(params.permit(user: [:name, :address, {friends:{}}])) # BAD