Small changes

Kwstubbs · Kwstubbs · commit 3697ef72c4cb · 2023-10-31T12:23:18.000-07:00
diff --git a/go/ql/lib/semmle/go/frameworks/GinCors.qll b/go/ql/lib/semmle/go/frameworks/GinCors.qll
@@ -12,7 +12,7 @@ module GinCors {
   string packagePath() { result = package("github.com/gin-contrib/cors", "") }
 
   /**
-   * New function create a new gin Handler that passed to gin as middleware
+   * A new function create a new gin Handler that passed to gin as middleware
    */
   class New extends Function {
     New() { exists(Function f | f.hasQualifiedName(packagePath(), "New") | this = f) }
@@ -107,6 +107,9 @@ module GinCors {
       exists(Type t | t.hasQualifiedName(packagePath(), "Config") | v.getType() = t)
     }
 
+    /**
+     * Get variable declaration of GinConfig
+     */
     SsaWithFields getV() { result = v }
   }
 }
diff --git a/go/ql/test/experimental/CWE-942/CorsMisconfiguration.go b/go/ql/test/experimental/CWE-942/CorsMisconfiguration.go
@@ -191,9 +191,9 @@ func main() {
 		// })
 		http.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) {
 			// OK-ish: the input origin header is validated against a whitelist.
-			if origin := req.Header.Get("Origin"); cors[origin] {
+			if origin := req.Header.Get("Origin"); cors_map[origin] {
 				w.Header().Set("Access-Control-Allow-Origin", origin)
-			} else if len(origin) > 0 && cors["*"] {
+			} else if len(origin) > 0 && cors_map["*"] {
 				w.Header().Set("Access-Control-Allow-Origin", origin)
 			}
 
@@ -219,7 +219,7 @@ func main() {
 }
 
 var (
-	cors = map[string]bool{"*": true}
+	cors_map = map[string]bool{"*": true}
 )
 
 func GetAllowOrigin() []string {

Original file line number	Diff line number	Diff line change
`@@ -12,7 +12,7 @@ module GinCors {`
`12`	`12`	`string packagePath() { result = package("github.com/gin-contrib/cors", "") }`
`13`	`13`
`14`	`14`	`/**`
`15`		`- * New function create a new gin Handler that passed to gin as middleware`
	`15`	`+ * A new function create a new gin Handler that passed to gin as middleware`
`16`	`16`	`*/`
`17`	`17`	`class New extends Function {`
`18`	`18`	`New() { exists(Function f \| f.hasQualifiedName(packagePath(), "New") \| this = f) }`
`@@ -107,6 +107,9 @@ module GinCors {`
`107`	`107`	`exists(Type t \| t.hasQualifiedName(packagePath(), "Config") \| v.getType() = t)`
`108`	`108`	`}`
`109`	`109`
	`110`	`+ /**`
	`111`	`+ * Get variable declaration of GinConfig`
	`112`	`+ */`
`110`	`113`	`SsaWithFields getV() { result = v }`
`111`	`114`	`}`
`112`	`115`	`}`
Original file line number	Diff line number	Diff line change
`@@ -191,9 +191,9 @@ func main() {`
`191`	`191`	`// })`
`192`	`192`	`http.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) {`
`193`	`193`	`// OK-ish: the input origin header is validated against a whitelist.`
`194`		`- if origin := req.Header.Get("Origin"); cors[origin] {`
	`194`	`+ if origin := req.Header.Get("Origin"); cors_map[origin] {`
`195`	`195`	`w.Header().Set("Access-Control-Allow-Origin", origin)`
`196`		`- } else if len(origin) > 0 && cors["*"] {`
	`196`	`+ } else if len(origin) > 0 && cors_map["*"] {`
`197`	`197`	`w.Header().Set("Access-Control-Allow-Origin", origin)`
`198`	`198`	`}`
`199`	`199`
`@@ -219,7 +219,7 @@ func main() {`
`219`	`219`	`}`
`220`	`220`
`221`	`221`	`var (`
`222`		`- cors = map[string]bool{"*": true}`
	`222`	`+ cors_map = map[string]bool{"*": true}`
`223`	`223`	`)`
`224`	`224`
`225`	`225`	`func GetAllowOrigin() []string {`