Apply suggestions from code review

maikypedia · erik-krogh · web-flow · commit aa24ce5532cb · 2023-11-27T17:48:21.000+02:00
Co-authored-by: Erik Krogh Kristensen &lt;erik-krogh@github.com&gt;
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Apollo.qll b/javascript/ql/lib/semmle/javascript/frameworks/Apollo.qll
@@ -6,7 +6,7 @@ import javascript
 
 /** Provides classes modeling the apollo packages [@apollo/server](https://npmjs.com/package/@apollo/server`) */
 module Apollo {
-  /** Get an instanceof of `Apollo` */
+  /** Get a reference to the `ApolloServer` class. */
   private API::Node apollo() {
     result =
       API::moduleImport([
@@ -30,7 +30,7 @@ module Apollo {
   }
 
   /** A string that is interpreted as a GraphQL query by a `apollo` package. */
-  class ApolloGraphQLString extends GraphQL::GraphQLString {
+  private class ApolloGraphQLString extends GraphQL::GraphQLString {
     ApolloGraphQLString() { this = gql().getACall().getArgument(0) }
   }
 }
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Cors.qll b/javascript/ql/lib/semmle/javascript/frameworks/Cors.qll
@@ -4,24 +4,23 @@
 
 import javascript
 
-/** Provides classes modeling [cors package](https://npmjs.com/package/cors) */
+/** Provides classes modeling [cors](https://npmjs.com/package/cors) library. */
 module Cors {
   /**
    * An expression that creates a new CORS configuration.
    */
   class Cors extends DataFlow::CallNode {
-    /** Get an instanceof of `cors` */
     Cors() { this = DataFlow::moduleImport("cors").getAnInvocation() }
 
-    /** Get Cors configuration */
-    DataFlow::Node getCorsArgument() { result = this.getArgument(0) }
+    /** Get the options used to configure Cors */
+    DataFlow::Node getOptionsArgument() { result = this.getArgument(0) }
 
     /** Holds if cors is using default configuration */
     predicate isDefault() { this.getNumArgument() = 0 }
 
     /** Gets the value of origin */
     DataFlow::Node getOrigin() {
-      result = this.getCorsArgument().getALocalSource().getAPropertyWrite("origin").getRhs()
+      result = this.getOptionArgument(0, "origin")
     }
   }
 }
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Express.qll b/javascript/ql/lib/semmle/javascript/frameworks/Express.qll
@@ -1074,21 +1074,20 @@ module Express {
   }
 
   /**
-   * The CORS configuration used in Express
+   * An express route setup configured with the `cors` package.
    */
   class CorsConfiguration extends DataFlow::MethodCallNode {
-    /** Get an `app.use` with a cors object as argument */
     CorsConfiguration() {
       this = appCreation().getAMethodCall("use") and this.getArgument(0) instanceof Cors::Cors
     }
 
-    /** Get Cors configuration */
+    /** Gets the options used to configure `cors`. */
     DataFlow::Node getCorsArgument() { result = this.getArgument(0).(Cors::Cors).getCorsArgument() }
 
-    /** Holds if cors is using default configuration */
+    /** Holds if cors is using its default configuration. */
     predicate isDefault() { this.getArgument(0).(Cors::Cors).isDefault() }
 
-    /** Get Cors origin value */
+    /** Gets the `origin` option that the call to `cors` is configured with. */
     DataFlow::Node getOrigin() { result = this.getArgument(0).(Cors::Cors).getOrigin() }
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -6,7 +6,7 @@ import javascript`
`6`	`6`
`7`	`7`	/** Provides classes modeling the apollo packages [@apollo/server](https://npmjs.com/package/@apollo/server`) */
`8`	`8`	`module Apollo {`
`9`		- /** Get an instanceof of `Apollo` */
	`9`	+ /** Get a reference to the `ApolloServer` class. */
`10`	`10`	`private API::Node apollo() {`
`11`	`11`	`result =`
`12`	`12`	`API::moduleImport([`
`@@ -30,7 +30,7 @@ module Apollo {`
`30`	`30`	`}`
`31`	`31`
`32`	`32`	/** A string that is interpreted as a GraphQL query by a `apollo` package. */
`33`		`- class ApolloGraphQLString extends GraphQL::GraphQLString {`
	`33`	`+ private class ApolloGraphQLString extends GraphQL::GraphQLString {`
`34`	`34`	`ApolloGraphQLString() { this = gql().getACall().getArgument(0) }`
`35`	`35`	`}`
`36`	`36`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1074,21 +1074,20 @@ module Express {`
`1074`	`1074`	`}`
`1075`	`1075`
`1076`	`1076`	`/**`
`1077`		`- * The CORS configuration used in Express`
	`1077`	+ * An express route setup configured with the `cors` package.
`1078`	`1078`	`*/`
`1079`	`1079`	`class CorsConfiguration extends DataFlow::MethodCallNode {`
`1080`		- /** Get an `app.use` with a cors object as argument */
`1081`	`1080`	`CorsConfiguration() {`
`1082`	`1081`	`this = appCreation().getAMethodCall("use") and this.getArgument(0) instanceof Cors::Cors`
`1083`	`1082`	`}`
`1084`	`1083`
`1085`		`- /** Get Cors configuration */`
	`1084`	+ /** Gets the options used to configure `cors`. */
`1086`	`1085`	`DataFlow::Node getCorsArgument() { result = this.getArgument(0).(Cors::Cors).getCorsArgument() }`
`1087`	`1086`
`1088`		`- /** Holds if cors is using default configuration */`
	`1087`	`+ /** Holds if cors is using its default configuration. */`
`1089`	`1088`	`predicate isDefault() { this.getArgument(0).(Cors::Cors).isDefault() }`
`1090`	`1089`
`1091`		`- /** Get Cors origin value */`
	`1090`	+ /** Gets the `origin` option that the call to `cors` is configured with. */
`1092`	`1091`	`DataFlow::Node getOrigin() { result = this.getArgument(0).(Cors::Cors).getOrigin() }`
`1093`	`1092`	`}`
`1094`	`1093`	`}`