fix: address a number of typos

cmd/osv-scanner/fix/main.go

@@ -274,7 +274,7 @@ func action(ctx *cli.Context, stdout, stderr io.Writer) (reporter.Reporter, erro
 			return nil, err
 		}
 		opts.ManifestRW = rw
-		// Prefer the manifest's system over the lockfile's.
+		// Prefer the manifest's system over the lockfiles.
 		// TODO: make sure they match
 		system = rw.System()
 	}

exit_code_redirect.sh

@@ -28,7 +28,7 @@ last_arg="${!total_args}"
 # Remove the last argument from the list
 args=${@:1:$((total_args - 1))}
 
-# () inteprets spaces as spearate entries in an array
+# () interprets spaces as separate entries in an array
 # tr replaces newlines with spaces
 split_args=($(echo "$last_arg" | tr '\n' ' '))
 

internal/customgitignore/dir_test.go

@@ -721,7 +721,7 @@ func hasPatternContaining(gips []gitignore.Pattern, test string) bool {
 //
 // ... because the changes in customgitignore adjust the
 // implementation details of the upstream package so that
-// it doesn't read .gitingore files from ignored dirs.
+// it doesn't read .gitignore files from ignored dirs.
 // This means that before _and_ after the change p.Match()
 // will return false.
 func patternContains(gip gitignore.Pattern, test string) bool {

internal/customgitignore/walk_up_to_root.go

@@ -28,9 +28,9 @@ import (
 //
 // It also returns the path to the root of the git-repo,
 // or "" if this path isn't within a git repo, allowing
-// a caller to know how .gitingore files were parsed.
+// a caller to know how .gitignore files were parsed.
 //
-// The actual parsing is inteded to be similar to how tools
+// The actual parsing is intended to be similar to how tools
 // like rg work, but means that `path` may not necessarily be
 // the root of a git repo, and can produces these parsing
 // behaviours:

internal/sourceanalysis/go.go

@@ -127,7 +127,7 @@ func fillNotImportedAnalysisInfo(vulnsByID map[string]models.Vulnerability, vuln
 }
 
 func runGovulncheck(moddir string, vulns []models.Vulnerability, goVersion string) (map[string][]*govulncheck.Finding, error) {
-	// Create a temporary directory containing all of the vulnerabilities that
+	// Create a temporary directory containing all the vulnerabilities that
 	// are passed in to check against govulncheck.
 	//
 	// This enables OSV scanner to supply the OSV vulnerabilities to run

internal/thirdparty/xml/read.go

@@ -91,7 +91,7 @@ import (
 //   - An anonymous struct field is handled as if the fields of its
 //     value were part of the outer struct.
 //
-//   - A struct field with tag "-" is never unmarshaled into.
+//   - A struct field with tag "-" is never unmarshalled into.
 //
 // If Unmarshal encounters a field type that implements the Unmarshaler
 // interface, Unmarshal calls its UnmarshalXML method to produce the value from
@@ -127,7 +127,7 @@ import (
 // Unmarshal maps an XML element to a pointer by setting the pointer
 // to a freshly allocated value and then mapping the element to that value.
 //
-// A missing element or empty attribute value will be unmarshaled as a zero value.
+// A missing element or empty attribute value will be unmarshalled as a zero value.
 // If the field is a slice, a zero value will be appended to the field. Otherwise, the
 // field will be set to its zero value.
 func Unmarshal(data []byte, v any) error {
@@ -156,7 +156,7 @@ func (d *Decoder) DecodeElement(v any, start *StartElement) error {
 	return d.unmarshal(val.Elem(), start, 0)
 }
 
-// An UnmarshalError represents an error in the unmarshaling process.
+// An UnmarshalError represents an error in the unmarshalling process.
 type UnmarshalError string
 
 func (e UnmarshalError) Error() string { return string(e) }
@@ -201,7 +201,7 @@ func receiverType(val any) string {
 	return "(" + t.String() + ")"
 }
 
-// unmarshalInterface unmarshals a single XML element into val.
+// unmarshalInterface unmarshalls a single XML element into val.
 // start is the opening tag of the element.
 func (d *Decoder) unmarshalInterface(val Unmarshaler, start *StartElement) error {
 	// Record that decoder must stop at end tag corresponding to start.
@@ -222,7 +222,7 @@ func (d *Decoder) unmarshalInterface(val Unmarshaler, start *StartElement) error
 	return nil
 }
 
-// unmarshalTextInterface unmarshals a single XML element into val.
+// unmarshalTextInterface unmarshalls a single XML element into val.
 // The chardata contained in the element (but not its children)
 // is passed to the text unmarshaler.
 func (d *Decoder) unmarshalTextInterface(val encoding.TextUnmarshaler) error {
@@ -247,7 +247,7 @@ func (d *Decoder) unmarshalTextInterface(val encoding.TextUnmarshaler) error {
 	return val.UnmarshalText(buf)
 }
 
-// unmarshalAttr unmarshals a single XML attribute into val.
+// unmarshalAttr unmarshalls a single XML attribute into val.
 func (d *Decoder) unmarshalAttr(val reflect.Value, attr Attr) error {
 	if val.Kind() == reflect.Pointer {
 		if val.IsNil() {

internal/thirdparty/xml/typeinfo.go

@@ -49,7 +49,7 @@ var tinfoMap sync.Map // map[reflect.Type]*typeInfo
 var nameType = reflect.TypeFor[Name]()
 
 // getTypeInfo returns the typeInfo structure with details necessary
-// for marshaling and unmarshaling typ.
+// for marshaling and unmarshalling typ.
 func getTypeInfo(typ reflect.Type) (*typeInfo, error) {
 	if ti, ok := tinfoMap.Load(typ); ok {
 		return ti.(*typeInfo), nil
@@ -212,7 +212,7 @@ func structFieldInfo(typ reflect.Type, f *reflect.StructField) (*fieldInfo, erro
 	}
 
 	// If the field type has an XMLName field, the names must match
-	// so that the behavior of both marshaling and unmarshaling
+	// so that the behavior of both marshaling and unmarshalling
 	// is straightforward and unambiguous.
 	if finfo.flags&fElement != 0 {
 		ftyp := f.Type
@@ -325,7 +325,7 @@ Loop:
 	return nil
 }
 
-// A TagPathError represents an error in the unmarshaling process
+// A TagPathError represents an error in the unmarshalling process
 // caused by the use of field tags with conflicting paths.
 type TagPathError struct {
 	Struct       reflect.Type

pkg/lockfile/parse-conan-lock.go

@@ -47,7 +47,7 @@ type ConanLockFile struct {
 // TODO this is tentative and subject to change depending on the OSV schema
 const ConanEcosystem Ecosystem = "ConanCenter"
 
-func parseConanRenference(ref string) ConanReference {
+func parseConanReference(ref string) ConanReference {
 	// very flexible format name/version[@username[/channel]][#rrev][:pkgid[#prev]][%timestamp]
 	var reference ConanReference
 
@@ -110,9 +110,9 @@ func parseConanV1Lock(lockfile ConanLockFile) []PackageDetails {
 
 		if node.Pref != "" {
 			// old format 0.3 (conan 1.27-) lockfiles use "pref" instead of "ref"
-			reference = parseConanRenference(node.Pref)
+			reference = parseConanReference(node.Pref)
 		} else if node.Ref != "" {
-			reference = parseConanRenference(node.Ref)
+			reference = parseConanReference(node.Ref)
 		} else {
 			continue
 		}
@@ -134,7 +134,7 @@ func parseConanV1Lock(lockfile ConanLockFile) []PackageDetails {
 
 func parseConanRequires(packages *[]PackageDetails, requires []string, group string) {
 	for _, ref := range requires {
-		reference := parseConanRenference(ref)
+		reference := parseConanReference(ref)
 		// skip entries with no name, they are most likely consumer's conanfiles
 		// and not dependencies to be searched in a database anyway
 		if reference.Name == "" {

pkg/osv/osv.go

@@ -19,7 +19,7 @@ import (
 const (
 	// QueryEndpoint is the URL for posting queries to OSV.
 	QueryEndpoint = "https://api.osv.dev/v1/querybatch"
-	// GetEndpoint is the URL for getting vulenrabilities from OSV.
+	// GetEndpoint is the URL for getting vulnerabilities from OSV.
 	GetEndpoint = "https://api.osv.dev/v1/vulns"
 	// DetermineVersionEndpoint is the URL for posting determineversion queries to OSV.
 	DetermineVersionEndpoint = "https://api.osv.dev/v1experimental/determineversion"

pkg/osvscanner/vulnerability_result.go

@@ -14,7 +14,7 @@ import (
 	"github.com/google/osv-scanner/pkg/reporter"
 )
 
-// buildVulnerablityResults takes the responses from the OSV API and the deps.dev API
+// buildVulnerabilityResults takes the responses from the OSV API and the deps.dev API
 // and converts this into a VulnerabilityResults. As part is this, it groups
 // vulnerability information by source location.
 // TODO: This function is getting long, we should refactor it