Fix typos (#2414)

Signed-off-by: Viktor Szépe <[email protected]>

Author: szepeviktor

.github/dependabot.yml

@@ -26,7 +26,7 @@ updates:
     schedule:
       interval: "daily"
     ignore:
-      # Do not "update" vcr. Later versions switched to a non-OSS licnese.
+      # Do not "update" vcr. Later versions switched to a non-OSS license.
       # This dependency is *only* used during testing,
       # so any unintentional vulnerabilities in it don't matter.
       - dependency-name: "vcr"

Gemfile

@@ -66,7 +66,7 @@ gem 'omniauth-github', '~> 2.0' # Authentication to GitHub (get project info)
 # security improvement.
 # However, omniAuth 2.x uses Rack's built-in AuthenticityToken class,
 # NOT Rails' CSRF system. When using Rails, we need to instead use Rails'
-# ActionController::RequestForgeryProtection for CSRF proteciton.
+# ActionController::RequestForgeryProtection for CSRF protection.
 # For a discussion on this countermeasure see:
 # <https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284>.
 # At one time I did this:

app/assets/javascripts/project-form.js

@@ -158,7 +158,7 @@ function getUnmetResult(criterion, justification) {
 
 // Determine result for a given criterion, which is one of the following:
 //  criterion_passing, criterion_barely, criterion_justification_required
-//  criterion_url_requrired, criterion_unknown, criterion_failing
+//  criterion_url_required, criterion_unknown, criterion_failing
 //
 // This function is mirrored in app/models/project.rb by "get_criterion_result"
 // If you change this function change "get_criterion_result" accordingly.

config/initializers/rack_attack.rb

@@ -76,7 +76,7 @@ class Rack::Attack
   # rate slower than badge images, so enforce a slower rate.
   # We define a non-badge requests as anything either requesting JSON or
   # not matching the badge path. Allowing badge images to be requested
-  # more quickly is not a sercurity issue; badge images
+  # more quickly is not a security issue; badge images
   # are cached by the CDN, are especially fast, and are expected to be
   # requested much more often anyway (e.g., ~30 at time via /projects).
   # As noted above, this limit does NOT apply to static files (like images)

config/locales/en.yml

@@ -2629,7 +2629,7 @@ en:
           then updating the "standard" libraries as a security
           update will leave these additional copies still vulnerable.
           This is especially an issue for cloud-based systems;
-          if the cloud provider updates their "standard" libaries
+          if the cloud provider updates their "standard" libraries
           but the program won't use them, then the updates don't
           actually help. See, e.g., <a href="https://spot.livejournal.com/312320.html">"Chromium:
           Why it isn't in Fedora yet as a proper package" by Tom
@@ -2952,7 +2952,7 @@ en:
           from source files and get exactly the same bit-for-bit
           result.  In some cases, this can be resolved by forcing
           some sort order. JavaScript developers may consider
-          using npm shrinkwrap and webpack OccurenceOrderPlugin.
+          using npm shrinkwrap and webpack OccurrenceOrderPlugin.
           GCC and clang users may find the -frandom-seed option
           useful. The build environment (including the toolset)
           can often be defined for external parties by specifying

db/migrate/20170607201552_add_foreign_key_additional_rights.rb

@@ -10,7 +10,7 @@ def change
 
     # Normally in Rails we'd use this to add a reference with a foreign key:
     # # add_reference :uploads, :user, foreign_key: true
-    # or use the alise "belongs_to".
+    # or use the alias "belongs_to".
     # However, we *already* have columns for user_id and project_id,
     # so we'll just add what we need.
     add_foreign_key :additional_rights, :users

docs/background.md

@@ -1609,13 +1609,13 @@ point to guidelines to follow (like CERT's).
     See the <a href="http://cwe.mitre.org/data/definitions/120.html">CWE</a>.
     <sup>[<a href="#validate_the_tainted_string">validate_the_tainted_string</a>]</sup>
 
-*   <a name="validate_the_tainted_integer_on_caculation"></a>
+*   <a name="validate_the_tainted_integer_on_calculation"></a>
     The integer values
     from untrusted sources MUST be avoided the integer overflow or wraparound.
     (e.g., <a href="http://www.cert.org/secure-coding/research/secure-coding-standards.cfm">CERT</a>,
     <a href="https://www.owasp.org/index.php/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide)">OWASP</a>
     See the <a href="http://cwe.mitre.org/data/definitions/190.html">CWE</a>.
-    <sup>[<a href="#validate_the_tainted_integer_on_caculation">validate_the_tainted_integer_on_caculation</a>]</sup>
+    <sup>[<a href="#validate_the_tainted_integer_on_calculation">validate_the_tainted_integer_on_calculation</a>]</sup>
 
 *   <a name="validate_the_malloc_size"></a>
     Appropriate size limits

docs/design.md

@@ -304,7 +304,7 @@ support for instantclick.
 One trick for improving Rails performance is to invoke streaming.
 [Streaming with Rails 4](https://www.sitepoint.com/streaming-with-rails-4/)
 and
-[ActionContoller:Streaming](http://api.rubyonrails.org/classes/ActionController/Streaming.html)
+[ActionController:Streaming](http://api.rubyonrails.org/classes/ActionController/Streaming.html)
 explains the basics for streaming HTML content.
 [Streaming large data responses with Rails](https://coderwall.com/p/kad56a/streaming-large-data-responses-with-rails)
 discusses how to do this with other formats (e.g., JSON).
@@ -415,7 +415,7 @@ In some cases, a criterion may require some justification
 or a URL in the justification to be enough to satisfy the criterion for
 a badge.  See the [criteria](./criteria.md) or
 application form for the current exact rules.
-A synonym for 'satifying' a criterion is 'passing' a criterion.
+A synonym for 'satisfying' a criterion is 'passing' a criterion.
 
 We have an 'autofill' system that fills in some data automatically.
 

docs/other.md

@@ -1587,7 +1587,7 @@ but we discussed possibly upgrading them.
     (e.g., scripting languages where the source code is used directly
     instead of being compiled), select "N/A". In some cases, this can
     resolved by forcing some sort order. JavaScript developers may
-    consider using npm shrinkwrap and webpack OccurenceOrderPlugin.
+    consider using npm shrinkwrap and webpack OccurrenceOrderPlugin.
     GCC and clang users may find the -frandom-seed option useful.
     The build environment (including the toolset) can often be defined for
     external parties by specifying the cryptographic hash of a specific

docs/self.json

@@ -136,7 +136,7 @@
   "created_at": "2015-10-23T22:02:10.544Z",
   "updated_at": "2015-11-27T14:21:35.145Z",
   "crypto_weaknesses_status": "Met",
-  "crypto_weaknesses_justification": "The only cryptography used directly by this application is bcrypt  (used for storing passwords as salted iterated hashes).  At the time of this writing, no serious breaks are known in bcrypt.  The application also dependes on the web server's https configuration, but that is out of scope for this code.",
+  "crypto_weaknesses_justification": "The only cryptography used directly by this application is bcrypt  (used for storing passwords as salted iterated hashes).  At the time of this writing, no serious breaks are known in bcrypt.  The application also depends on the web server's https configuration, but that is out of scope for this code.",
   "crypto_alternatives_status": "Unmet",
   "crypto_alternatives_justification": "Nothing in the code inhibits or prevents the use of PFS; that is a property of the website's web server.  The program uses bcrypt - and only bcrypt - for hashing passwords.  It does allow for increasing the bcrypt 'cost' parameter, which could counter some attacks if a weakness in bcrypt is found in the future.",
   "test_continuous_integration_status": "Met",