github
diff --git a/‎javascript/ql/test/query-tests/AngularJS/DeadAngularJSEventListener/tst.js
+13-13 b/‎javascript/ql/test/query-tests/AngularJS/DeadAngularJSEventListener/tst.js
+13-13
diff --git a/‎javascript/ql/test/query-tests/AngularJS/DependencyMismatch/tst.js
+8-8 b/‎javascript/ql/test/query-tests/AngularJS/DependencyMismatch/tst.js
+8-8
diff --git a/‎javascript/ql/test/query-tests/AngularJS/DisablingSce/DisablingSce.js
+5-5 b/‎javascript/ql/test/query-tests/AngularJS/DisablingSce/DisablingSce.js
+5-5
diff --git a/‎javascript/ql/test/query-tests/AngularJS/DuplicateDependency/duplicates.js
+11-11 b/‎javascript/ql/test/query-tests/AngularJS/DuplicateDependency/duplicates.js
+11-11
diff --git a/‎javascript/ql/test/query-tests/AngularJS/IncompatibleService/angular-incompatible-service.js
+58-58 b/‎javascript/ql/test/query-tests/AngularJS/IncompatibleService/angular-incompatible-service.js
+58-58
diff --git a/‎javascript/ql/test/query-tests/AngularJS/InsecureUrlWhitelist/tst.js
+15-15 b/‎javascript/ql/test/query-tests/AngularJS/InsecureUrlWhitelist/tst.js
+15-15
diff --git a/‎javascript/ql/test/query-tests/AngularJS/MissingExplicitInjection/missing-explicit-injection.js
+11-11 b/‎javascript/ql/test/query-tests/AngularJS/MissingExplicitInjection/missing-explicit-injection.js
+11-11
@@ -1,50 +1,50 @@
 angular.module('myModule', [])
     .controller('MyController', function($scope) {
-        $scope.$on('destroy', cleanup); // BAD
+        $scope.$on('destroy', cleanup); // $ Alert
     })
     .controller('MyController', ["$scope", function(s) {
-        s.$on('destroy', cleanup); // BAD
+        s.$on('destroy', cleanup); // $ Alert
     }])
     .controller('MyController', function($scope) {
         var destroy = 'destroy';
-        $scope.$on(destroy, cleanup); // BAD
+        $scope.$on(destroy, cleanup); // $ Alert
     })
     .controller('MyController', function($scope) {
-        $scope.$on('$destroy', cleanup); // GOOD
+        $scope.$on('$destroy', cleanup);
     })
     .controller('MyController', function($scope) {
         $scope.$emit('foo');
-        $scope.$on('foo', cleanup); // GOOD
+        $scope.$on('foo', cleanup);
     })
     .controller('MyController', function($scope) {
-        $scope.$on('bar', cleanup); // BAD
+        $scope.$on('bar', cleanup); // $ Alert
     })
     .controller('MyController', function($scope) {
-        $scope.$on('$locationChangeStart', cleanup); // OK
+        $scope.$on('$locationChangeStart', cleanup);
     })
     .controller('MyController', function($scope) {
-        $scope.$on('lib1.foo', cleanup); // OK
+        $scope.$on('lib1.foo', cleanup);
     })
     .controller('MyController', function($scope) {
-        $scope.$on('lib2:foo', cleanup); // OK
+        $scope.$on('lib2:foo', cleanup);
     })
     .controller('MyController', function($scope) {
-        $scope.$on('onClick', cleanup); // OK
+        $scope.$on('onClick', cleanup);
     })
     .controller('MyController', function($scope) {
         function f($scope){
             $scope.$emit('probablyFromUserCode1')
         }
-        $scope.$on('probablyFromUserCode1', cleanup); // OK
+        $scope.$on('probablyFromUserCode1', cleanup);
     })
     .controller('MyController', function($scope) {
         function f($scope){
             var scope = $scope;
             scope.$emit('probablyFromUserCode2')
         }
-        $scope.$on('probablyFromUserCode2', cleanup); // OK
+        $scope.$on('probablyFromUserCode2', cleanup);
     })
     .controller('MyController', function($scope) {
-        $scope.$on('event-from-AngularJS-expression', cleanup); // GOOD
+        $scope.$on('event-from-AngularJS-expression', cleanup);
     })
 ;
@@ -1,36 +1,36 @@
 angular.module('app1', [])
-       .run(['dep1', 'dep2', 'dep3', function(dep1, dep3, dep2) {}]);  // NOT OK
+       .run(['dep1', 'dep2', 'dep3', function(dep1, dep3, dep2) {}]);  // $ Alert
 
 angular.module('app2')
-       .directive('mydirective', [ '$compile', function($compile, $http) { // NOT OK
+       .directive('mydirective', [ '$compile', function($compile, $http) { // $ Alert
            // ...
        }]);
 
 angular.module('app1', [])
-       .run(['dep1', 'dep2', 'dep3', function(dep1, dep2, dep3) {}]);  // OK
+       .run(['dep1', 'dep2', 'dep3', function(dep1, dep2, dep3) {}]);
 
 angular.module('app2')
-       .directive('mydirective', [ '$compile', '$http', function($compile, $http) { // OK
+       .directive('mydirective', [ '$compile', '$http', function($compile, $http) {
            // ...
        }]);
 
 angular.module('app3', [])
-       .run(function(dep1, dep3) {});  // OK
+       .run(function(dep1, dep3) {});
 
 angular.module('app4')
-       .directive('mydirective', function($compile, $http) {  // OK
+       .directive('mydirective', function($compile, $http) {
            // ...
        });
 
 angular.module('app5')
-       .directive('mydirective', [ 'fully.qualified.name', function(name) { // OK
+       .directive('mydirective', [ 'fully.qualified.name', function(name) {
            // ...
        }])
 
 angular.module('app6')
     .directive('mydirective', function() {
         return {
-            link: function (scope, element, attrs) { // OK
+            link: function (scope, element, attrs) {
             }
         };
     });
@@ -1,17 +1,17 @@
 angular.module('app', [])
     .config(function($sceProvider) {
-        $sceProvider.enabled(false); // BAD
+        $sceProvider.enabled(false); // $ Alert
     })
     .config(['otherProvider', function($sceProvider) {
-        $sceProvider.enabled(false); // OK
+        $sceProvider.enabled(false);
     }])
     .config(['$sceProvider', function(x) {
-        x.enabled(false); // BAD
+        x.enabled(false); // $ Alert
     }])
     .config(function($sceProvider) {
-        $sceProvider.enabled(true); // OK
+        $sceProvider.enabled(true);
     })
     .config(function($sceProvider) {
         var x = false;
-        $sceProvider.enabled(x); // BAD
+        $sceProvider.enabled(x); // $ Alert
     });
@@ -1,18 +1,18 @@
 (function(){
     function f(){}
-    f.$inject = ['dup5', 'dup5']; // NOT OK
+    f.$inject = ['dup5', 'dup5']; // $ Alert
     angular.module('myModule', [])
-        .run(['dup1a', 'dup1a', function(dup1a, dup1a){}]) // OK (flagged by js/duplicate-parameter-name)
-        .run(['dup2a', 'dup2a', function(dup2a, dup2b){}]) // NOT OK
-        .run(['dup3b', 'dup3b', function(dup3a, dup3b){}]) // NOT OK
-        .run(['dup4', 'notDup4A', 'dup4', function(notDup4B, dup4, notDup4C){}]) // NOT OK
+        .run(['dup1a', 'dup1a', function(dup1a, dup1a){}]) // OK - flagged by js/duplicate-parameter-name
+        .run(['dup2a', 'dup2a', function(dup2a, dup2b){}]) // $ Alert
+        .run(['dup3b', 'dup3b', function(dup3a, dup3b){}]) // $ Alert
+        .run(['dup4', 'notDup4A', 'dup4', function(notDup4B, dup4, notDup4C){}]) // $ Alert
         .run(f)
-        .run(function(dup6, dup6){})// OK (flagged by js/duplicate-parameter-name)
-        .run(function(notDup7a, notDup7b){}) // OK
-        .run(['notDup8a', 'notDup8b', function(notDup8a, notDup8b){}]) // OK
-        .run(['notDup9a', 'notDup9b', function(notDup9c, notDup9d){}]) // OK
-        .run(['dup10a', 'dup10a', 'dup10a', function(dup10a, dup10a, dup10a){}]) // OK (flagged by js/duplicate-parameter-name)
-        .run(['dup11a', 'dup11a', function(dup11a, dup11b){ // NOT OK (alert formatting for multi-line function)
+        .run(function(dup6, dup6){})// OK - flagged by js/duplicate-parameter-name
+        .run(function(notDup7a, notDup7b){})
+        .run(['notDup8a', 'notDup8b', function(notDup8a, notDup8b){}])
+        .run(['notDup9a', 'notDup9b', function(notDup9c, notDup9d){}])
+        .run(['dup10a', 'dup10a', 'dup10a', function(dup10a, dup10a, dup10a){}]) // OK - flagged by js/duplicate-parameter-name
+        .run(['dup11a', 'dup11a', function(dup11a, dup11b){ // $ Alert - alert formatting for multi-line function
         }])
     ;
 })();
@@ -11,68 +11,68 @@ angular.module('myModule', [])
 ;
 
 angular.module('myModule2', [])
-    .controller('c0', function(factoryId){}) // OK
-    .controller('c1', function(serviceId){}) // OK
-    .controller('c2', function(valueId){}) // OK
-    .controller('c3', function(constantId){}) // OK
-    .controller('c4', function(providerId){}) // OK
-    .controller('c5', function($http){}) // OK
-    .controller('c6', function($provider){}) // NOT OK
-    .controller('c7', function($scope){}) // OK
-    .controller('c8', function($compile){}) // OK
-    .controller('c9', function(UNKNOWN){}) // OK
-    .controller('c10', function(providerIdProvider){}) // NOT OK
-    .controller('c11', function(providerIdProvider, UNKNOWN){}) // NOT OK, but only one error
-    .controller('c12', function($provide){}) // OK (special case)
-    .controller('c13', function(providerId2Provider){}) // NOT OK
+    .controller('c0', function(factoryId){})
+    .controller('c1', function(serviceId){})
+    .controller('c2', function(valueId){})
+    .controller('c3', function(constantId){})
+    .controller('c4', function(providerId){})
+    .controller('c5', function($http){})
+    .controller('c6', function($provider){}) // $ Alert
+    .controller('c7', function($scope){})
+    .controller('c8', function($compile){})
+    .controller('c9', function(UNKNOWN){})
+    .controller('c10', function(providerIdProvider){}) // $ Alert
+    .controller('c11', function(providerIdProvider, UNKNOWN){}) // $ Alert - but only one error
+    .controller('c12', function($provide){}) // OK - special case
+    .controller('c13', function(providerId2Provider){}) // $ Alert
 
-    .factory('s0', function(factoryId){}) // OK
-    .factory('s1', function(serviceId){}) // OK
-    .factory('s2', function(valueId){}) // OK
-    .factory('s3', function(constantId){}) // OK
-    .factory('s4', function(providerId){}) // OK
-    .factory('s5', function($http){}) // OK
-    .factory('s6', function($provider){}) // NOT OK
-    .factory('s7', function($scope){}) // NOT OK
-    .factory('s8', function($compile){}) // OK
-    .factory('s9', function(UNKNOWN){}) // OK
-    .factory('s10', function(providerIdProvider){}) // NOT OK
-    .factory('s11', function(providerIdProvider, UNKNOWN){}) // NOT OK, but only one error
-    .factory('s12', function($provide){}) // OK (special case)
-    .factory('s13', function(providerId2Provider){}) // NOT OK
+    .factory('s0', function(factoryId){})
+    .factory('s1', function(serviceId){})
+    .factory('s2', function(valueId){})
+    .factory('s3', function(constantId){})
+    .factory('s4', function(providerId){})
+    .factory('s5', function($http){})
+    .factory('s6', function($provider){}) // $ Alert
+    .factory('s7', function($scope){}) // $ Alert
+    .factory('s8', function($compile){})
+    .factory('s9', function(UNKNOWN){})
+    .factory('s10', function(providerIdProvider){}) // $ Alert
+    .factory('s11', function(providerIdProvider, UNKNOWN){}) // $ Alert - but only one error
+    .factory('s12', function($provide){}) // OK - special case
+    .factory('s13', function(providerId2Provider){}) // $ Alert
 
-    .run(function(factoryId){}) // OK
-    .run(function(serviceId){}) // OK
-    .run(function(valueId){}) // OK
-    .run(function(constantId){}) // OK
-    .run(function(providerId){}) // OK
-    .run(function($http){}) // OK
-    .run(function($provider){}) // NOT OK
-    .run(function($scope){}) // NOT OK
-    .run(function($compile){}) // OK
-    .run(function(UNKNOWN){}) // OK
-    .run(function(providerIdProvider){}) // NOT OK
-    .run(function(providerIdProvider, UNKNOWN){}) // NOT OK, but only one error
-    .run(function($provide){}) // OK (special case)
-    .run(function(providerId2Provider){}) // NOT OK
+    .run(function(factoryId){})
+    .run(function(serviceId){})
+    .run(function(valueId){})
+    .run(function(constantId){})
+    .run(function(providerId){})
+    .run(function($http){})
+    .run(function($provider){}) // $ Alert
+    .run(function($scope){}) // $ Alert
+    .run(function($compile){})
+    .run(function(UNKNOWN){})
+    .run(function(providerIdProvider){}) // $ Alert
+    .run(function(providerIdProvider, UNKNOWN){}) // $ Alert - but only one error
+    .run(function($provide){}) // OK - special case
+    .run(function(providerId2Provider){}) // $ Alert
 
-    .config(function(factoryId){}) // NOT OK
-    .config(function(serviceId){}) // NOT OK
-    .config(function(valueId){}) // NOT OK
-    .config(function(constantId){}) // OK
-    .config(function(providerId){}) // NOT OK
-    .config(function($http){}) // NOT OK
-    .config(function($provider){}) // OK
-    .config(function($scope){}) // NOT OK
-    .config(function($compile){}) // OK
-    .config(function(UNKNOWN){}) // OK
-    .config(function(providerIdProvider){}) // OK
-    .config(function(providerId, UNKNOWN){}) // NOT OK, but only one error
-    .config(function($provide){}) // OK (special case)
-    .config(function(valueId2){}) // NOT OK
+    .config(function(factoryId){}) // $ Alert
+    .config(function(serviceId){}) // $ Alert
+    .config(function(valueId){}) // $ Alert
+    .config(function(constantId){})
+    .config(function(providerId){}) // $ Alert
+    .config(function($http){}) // $ Alert
+    .config(function($provider){})
+    .config(function($scope){}) // $ Alert
+    .config(function($compile){})
+    .config(function(UNKNOWN){})
+    .config(function(providerIdProvider){})
+    .config(function(providerId, UNKNOWN){}) // $ Alert - but only one error
+    .config(function($provide){}) // OK - special case
+    .config(function(valueId2){}) // $ Alert
 
     // service: same restrcitions as .factory
-    .service('s14', function(factoryId){}) // OK
-    .service('s15', function($provider){}) // NOT OK
+    .service('s14', function(factoryId){})
+    .service('s15', function($provider){}) // $ Alert
 
 ;
@@ -1,24 +1,24 @@
 angular.module('myApp', [])
     .config(function($sceDelegateProvider) {
         $sceDelegateProvider.resourceUrlWhitelist([
-            "**://example.com/*", // BAD (exploit: http://evil.com/?ignore=://example.org/a or javascript:alert(1);://example.org/a)
-            "*://example.org/*", // BAD (exploit: javascript://example.org/a%0A%0Dalert(1) using a linebreak to end the comment starting with "//"!)
-            "https://**.example.com/*", // BAD (exploit: https://evil.com/?ignore=://example.com/a)
-            "https://example.**", // BAD (exploit: https://example.evil.com or http://example.:[email protected])
-            "https://example.*", // BAD (exploit: https://example.UnexpectedTLD)
+            "**://example.com/*", // $ Alert - (exploit: http://evil.com/?ignore=://example.org/a or javascript:alert(1);://example.org/a)
+            "*://example.org/*", // $ Alert - (exploit: javascript://example.org/a%0A%0Dalert(1) using a linebreak to end the comment starting with "//"!)
+            "https://**.example.com/*", // $ Alert - exploit: https://evil.com/?ignore=://example.com/a
+            "https://example.**", // $ Alert - exploit: https://example.evil.com or http://example.:[email protected]
+            "https://example.*", // $ Alert - exploit: https://example.UnexpectedTLD
 
-            "https://example.com", // OK
-            "https://example.com/**", // OK
-            "https://example.com/*", // OK
-            "https://example.com/foo/*", // OK
-            "https://example.com/foo/**", // OK
-            "https://example.com/foo/*/bar", // OK
-            "https://example.com/foo/**/bar", // OK
-            "https://example.com/?**", // OK
-            "https://example.com/?**://example.com", // OK
+            "https://example.com",
+            "https://example.com/**",
+            "https://example.com/*",
+            "https://example.com/foo/*",
+            "https://example.com/foo/**",
+            "https://example.com/foo/*/bar",
+            "https://example.com/foo/**/bar",
+            "https://example.com/?**",
+            "https://example.com/?**://example.com",
             "https://*.example.com",
 
             // not flagged:
-            /http:\/\/www.example.org/g // BAD (exploit http://wwwaexample.org (dots are not escaped))
+            /http:\/\/www.example.org/g // $ Alert - (exploit http://wwwaexample.org (dots are not escaped))
         ]);
     });
@@ -1,42 +1,42 @@
 (function(){
-    function injected1(name){} // NOT OK
+    function injected1(name){} // $ Alert
     angular.module('app1').controller('controller1', injected1);
 
-    function injected2(name){} // OK
+    function injected2(name){}
     injected2.$inject = ['name'];
     angular.module('app2').controller('controller2', injected2);
 
-    function injected3(name){} // OK
+    function injected3(name){}
     angular.module('app3').controller('controller3', ['name', injected3]);
 
-    angular.module('app4').controller('controller4', function(){}); // OK
+    angular.module('app4').controller('controller4', function(){});
 
-    angular.module('app5').controller('controller5', function(name){}); // NOT OK
+    angular.module('app5').controller('controller5', function(name){}); // $ Alert
 
-    function injected6(){} // OK
+    function injected6(){}
     angular.module('app6').controller('controller6', injected6);
 
-    function notInjected7(name){} // OK
+    function notInjected7(name){}
     var obj7 = {
         controller: notInjected7
     };
 
-    function injected8(name){} // OK (false negative: we do not track through properties)
+    function injected8(name){} // OK - false negative: we do not track through properties
     var obj8 = {
         controller: injected8
     };
     angular.module('app8').controller('controller8', obj8.controller);
 
     var $injector = angular.injector();
 
-    function injected9(name){} // NOT OK
+    function injected9(name){} // $ Alert
     $injector.invoke(injected9)
 
-    function injected10(name){} // OK
+    function injected10(name){}
     injected10.$inject = ['name'];
     $injector.invoke(injected10)
 
-    function injected11(name){} // OK
+    function injected11(name){}
     $injector.invoke(['name', injected11])
 
 })();