github · felicitymay · Apr 14, 2020 · Apr 8, 2020 · Apr 8, 2020 · Apr 8, 2020
diff --git a/cpp/ql/src/Options.qll b/cpp/ql/src/Options.qll
@@ -4,7 +4,7 @@
  *
  * By default they fall back to the reasonable defaults provided in
  * `DefaultOptions.qll`, but by modifying this file, you can customize
- * the standard Semmle analyses to give better results for your project.
+ * the standard analyses to give better results for your project.
  */
 
 import cpp

diff --git a/cpp/ql/src/semmle/code/cpp/Compilation.qll b/cpp/ql/src/semmle/code/cpp/Compilation.qll
@@ -21,9 +21,9 @@ private predicate idOf(@compilation x, int y) = equivalenceRelation(id/2)(x, y)
  * Three things happen to each file during a compilation:
  *
  *   1. The file is compiled by a real compiler, such as gcc or VC.
- *   2. The file is parsed by Semmle's C++ front-end.
+ *   2. The file is parsed by the CodeQL C++ front-end.
  *   3. The parsed representation is converted to database tables by
- *      Semmle's extractor.
+ *      the CodeQL extractor.
  *
  * This class provides CPU and elapsed time information for steps 2 and 3,
  * but not for step 1.

diff --git a/cpp/ql/src/semmle/code/cpp/dataflow/RecursionPrevention.qll b/cpp/ql/src/semmle/code/cpp/dataflow/RecursionPrevention.qll
@@ -1,6 +1,6 @@
 /**
  * DEPRECATED: Recursion through `DataFlow::Configuration` is impossible in
- * Semmle Core 1.17 and above. There is no need for this module because it's
+ * any supported tooling. There is no need for this module because it's
  * impossible to accidentally depend on recursion through
  * `DataFlow::Configuration` in current releases.
  *

@@ -109,7 +109,7 @@ examples, see the `template slide deck <https://github.com/Semmle/ql/blob/master
 Viewing the current version of the CodeQL documentation
 *******************************************************
 
-The documentation for the most recent Semmle release is 
+The documentation for the most recent release is 
 published to `help.semmle.com <https://help.semmle.com>`__. 
 There, you can also find the documentation for the CodeQL CLI,
 the CodeQL extension for Visual Studio Code, and LGTM Enterprise. 
@@ -32,7 +32,7 @@ We recommend that you download `CodeQL for Visual Studio Code <https://help.semm
 
    Information
 
-   The presentations listed below are used in CodeQL and variant analysis training sessions run by Semmle engineers. 
+   The presentations listed below are used in CodeQL and variant analysis training sessions run by GitHub engineers. 
    Therefore, be aware that the slides are designed to be presented by an instructor. 
    If you are using the slides without an instructor, please use the additional notes to help guide you through the examples. 
 

@@ -192,6 +192,6 @@ The alert message defined in the final column in the ``select`` statement can be
 What next?
 **********
 
-- Take a look at the path queries for `C/C++ <https://help.semmle.com/wiki/label/CCPPOBJ/path-problem>`__, `C# <https://help.semmle.com/wiki/label/CSHARP/path-problem>`__, `Java <https://help.semmle.com/wiki/label/java/path-problem>`__, `JavaScript <https://help.semmle.com/wiki/label/js/path-problem>`__, and `Python <https://help.semmle.com/wiki/label/python/path-problem>`__ to see examples of the queries included in the Semmle tools.
+- Take a look at the path queries for `C/C++ <https://help.semmle.com/wiki/label/CCPPOBJ/path-problem>`__, `C# <https://help.semmle.com/wiki/label/CSHARP/path-problem>`__, `Java <https://help.semmle.com/wiki/label/java/path-problem>`__, `JavaScript <https://help.semmle.com/wiki/label/js/path-problem>`__, and `Python <https://help.semmle.com/wiki/label/python/path-problem>`__ to see examples of these queries.
 - Explore the `query cookbooks <https://help.semmle.com/wiki/display/QL/QL+cookbooks>`__ to see how to access the basic language elements contained in the CodeQL libraries.
 - For a full list of resources to help you learn CodeQL, including beginner tutorials and language-specific examples, visit `Learning CodeQL <https://help.semmle.com/QL/learn-ql/>`__.
@@ -63,7 +63,7 @@ Section-level elements are used to group the information in the help file into s
 +--------------------+-----------------------------------------+------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------+
 | ``section``        | ``title`` Title of the section          | Any block element      | General-purpose section with a heading defined by the ``title`` attribute.                                                                    |
 +--------------------+-----------------------------------------+------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------+
-| ``semmleNotes``    | None                                    | Any block element      | Semmle-specific notes about the query. This section is used only for queries that implement a rule defined by a third party. Default heading. |
+| ``semmleNotes``    | None                                    | Any block element      | Implementation notes about the query. This section is used only for queries that implement a rule defined by a third party. Default heading.  |
 +--------------------+-----------------------------------------+------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------+
 
 Block elements

@@ -249,7 +249,7 @@ Compiler pragmas
 The following compiler pragmas affect the compilation and optimization of queries. You
 should avoid using these annotations unless you experience significant performance issues.
 
-Before adding pragmas to your code, contact Semmle to describe the performance problems.
+Before adding pragmas to your code, contact GitHub to describe the performance problems.
 That way we can suggest the best solution for your problem, and take it into account when
 improving the QL optimizer.
 
@@ -292,7 +292,7 @@ optimization on a predicate.
 This kind of optimization involves taking information from the context of a predicate 
 :ref:`call <calls>` and pushing it into the body of a predicate. This is usually
 beneficial, so you shouldn't use the ``pragma[nomagic]`` annotation unless recommended to do so
-by Semmle.
+by GitHub.
 
 Note that ``nomagic`` implies ``noinline``.
 
@@ -303,7 +303,7 @@ The ``pragma[noopt]`` annotation is used to prevent the QL optimizer from optimi
 predicate, except when it's absolutely necessary for compilation and evaluation to work.
 
 This is rarely necessary and you should not use the ``pragma[noopt]`` annotation unless
-recommended to do so by Semmle, for example, to help resolve performance issues.
+recommended to do so by GitHub, for example, to help resolve performance issues.
 
 When you use this annotation, be aware of the following issues:
 

@@ -1002,7 +1002,7 @@ For casts between the primitive ``float`` and ``int`` types, the above rule mean
 Postfix casts
 ~~~~~~~~~~~~~
 
-*Available from Semmle 1.9.4 onward.* A postfix cast is a primary expression followed by a dot and then a class or primitive type in parentheses:
+A postfix cast is a primary expression followed by a dot and then a class or primitive type in parentheses:
 
 ::
 

@@ -101,7 +101,7 @@ Analysis overview
 
 .. note::
 
-  Semmle’s analysis works by extracting a queryable database from your project. For compiled languages, Semmle’s tools observe an ordinary build of the source code. Each time a compiler is invoked to process a source file, a copy of that file is made, and all relevant information about the source code (syntactic data about the abstract syntax tree, semantic data like name binding and type information, data on the operation of the C preprocessor, etc.) is collected. For interpreted languages, the extractor gathers similar information by running directly on the source code. Multi-language code bases are analyzed one language at a time.
+  CodeQL analysis works by extracting a queryable database from your project. For compiled languages, the tools observe an ordinary build of the source code. Each time a compiler is invoked to process a source file, a copy of that file is made, and all relevant information about the source code (syntactic data about the abstract syntax tree, semantic data like name binding and type information, data on the operation of the C preprocessor, etc.) is collected. For interpreted languages, the extractor gathers similar information by running directly on the source code. Multi-language code bases are analyzed one language at a time.
 
   Once the extraction finishes, all this information is collected into a single `CodeQL database <https://help.semmle.com/QL/learn-ql/database.html>`__, which is then ready to query, possibly on a different machine. A copy of the source files, made at the time the database was created, is also included in the CodeQL database so analysis results can be displayed at the correct location in the code. The database schema is (source) language specific.
 
@@ -129,7 +129,7 @@ QL is:
 
   - All common logic connectives are available, including quantifiers like ``exist``, which can also introduce new variables. 
   - The language is declarative–the user focuses on stating what they would like to find, and leaves the details of how to evaluate the query to the engine. 
-  - The object-oriented layer allows Semmle to distribute rich standard libraries for program analysis. These model the common AST node types, control flow and name lookup, and define further layers on top–for example control flow or data flow analysis. The `standard CodeQL libraries and queries <https://github.com/semmle/ql>`__ ship as source and can be inspected by the user, and new abstractions are readily defined.
-  - The database generated by Semmle’s tools is treated as read-only; queries cannot insert new data into it, though they can inspect its contents in various ways.
+  - The object-oriented layer allows us to develop rich standard libraries for program analysis. These model the common AST node types, control flow and name lookup, and define further layers on top–for example control flow or data flow analysis. The `standard CodeQL libraries and queries <https://github.com/semmle/ql>`__ ship as source and can be inspected by the user, and new abstractions are readily defined.
+  - The database generated by the CodeQL tools is treated as read-only; queries cannot insert new data into it, though they can inspect its contents in various ways.
 
   You can start writing running queries on open source projects in the `query console <https://lgtm.com/query>`__ on LGTM.com. You can also download CodeQL databases from LGTM.com to query locally, by `running queries in your IDE <https://lgtm.com/help/lgtm/running-queries-ide>`__.
diff --git a/docs/query-help-style-guide.md b/docs/query-help-style-guide.md
@@ -2,7 +2,7 @@
 
 ## Introduction
 
-When you contribute a new query to Semmle/ql for inclusion in the standard queries, or add a custom query for analysis in LGTM, you should also write a query help file. This file provides detailed information about the purpose and use of the query, which is available to users in LGTM (for example [here](https://lgtm.com/rules/1506093386171/)) and on the query homepages:
+When you contribute a new [supported query](supported-queries.md) to this repository, or add a custom query for analysis in LGTM, you should also write a query help file. This file provides detailed information about the purpose and use of the query, which is available to users in LGTM (for example [here](https://lgtm.com/rules/1506093386171/)) and on the query homepages:
 
 *   [C/C++ queries](https://help.semmle.com/wiki/display/CCPPOBJ/)
 *   [C# queries](https://help.semmle.com/wiki/display/CSHARP/)

diff --git a/javascript/documentation/flow-summaries.rst b/javascript/documentation/flow-summaries.rst
@@ -5,7 +5,7 @@ Overview
 --------
 
 This document presents an approach for running information flow analyses (such as the standard
-Semmle security queries) on an application that depends on one or more npm packages. Instead of
+security queries) on an application that depends on one or more npm packages. Instead of
 installing the npm packages during the snapshot build and analyzing them together with application
 code, we analyze each package in isolation and compute *flow summaries* that record information
 about any sources, sinks and flow steps contributed by the package's API. These flow summaries
@@ -41,7 +41,7 @@ If the value of ``p`` can be controlled by an untrusted user, this would allow t
 folders, which may not be desirable.
 
 By analyzing the application code base together with the source code for the ``mkdirp`` package,
-Semmle's default path injection analysis would be able to track taint through the call to ``mkdirp`` into its
+the default path injection analysis would be able to track taint through the call to ``mkdirp`` into its
 implementation, which ultimately uses built-in Node.js file system APIs to create the folder. Since
 the path injection analysis has built-in models of these APIs it would then be able to spot and flag this
 vulnerability.