Fix typos in comments, vars and tests

testutils/source.go

@@ -517,7 +517,7 @@ func main() {
 	b := createBuffer()
 	b.WriteString("*bytes.Buffer")
 }`}, 0, gosec.NewConfig()},
-	} // it shoudn't return any errors because all method calls are whitelisted by default
+	} // it shouldn't return any errors because all method calls are whitelisted by default
 
 	// SampleCodeG104Audit finds errors that aren't being handled in audit mode
 	SampleCodeG104Audit = []CodeSample{
@@ -1931,7 +1931,7 @@ import (
 )
 
 func main() {
-	err := exec.CommandContext(context.Background(), "git", "rev-parse", "--show-toplavel").Run()
+	err := exec.CommandContext(context.Background(), "git", "rev-parse", "--show-toplevel").Run()
  	if err != nil {
 		log.Fatal(err)
 	}
@@ -1980,7 +1980,7 @@ func main() {
 }`}, 1, gosec.NewConfig()},
 		{[]string{`
 // gosec doesn't have enough context to decide that the
-// command argument of the RunCmd function is harcoded string
+// command argument of the RunCmd function is hardcoded string
 // and that's why it's better to warn the user so he can audit it
 package main
 
@@ -2032,7 +2032,7 @@ func main() {
 	RunCmd("ll", "ls")
 }`}, 0, gosec.NewConfig()},
 		{[]string{`
-// syscall.Exec function called with harcoded arguments
+// syscall.Exec function called with hardcoded arguments
 // shouldn't be consider as a command injection
 package main
 
@@ -2090,7 +2090,7 @@ func main() {
 		{[]string{`
 // starting a process with a variable as an argument
 // even if not constant is not considered as dangerous
-// because it has harcoded value
+// because it has hardcoded value
 package main
 
 import (