Skip to content

Commit 8ed1031

Browse files
KwstubbsKwstubbs
committed
Test comment changes
1 parent dd9a2db commit 8ed1031

File tree

1 file changed

+6
-6
lines changed

1 file changed

+6
-6
lines changed

go/ql/test/experimental/CWE-942/CorsGin.go

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -14,12 +14,12 @@ import (
1414
func vunlnerable() {
1515
router := gin.Default()
1616
// CORS for https://foo.com and null
17-
// - GET and POST methods
17+
// - PUT and PATCH methods
1818
// - Origin header
1919
// - Credentials share
2020
// - Preflight requests cached for 12 hours
2121
config_vulnerable := cors.Config{
22-
AllowMethods: []string{"GET", "POST"},
22+
AllowMethods: []string{"PUT", "PATCH"},
2323
AllowHeaders: []string{"Origin"},
2424
ExposeHeaders: []string{"Content-Length"},
2525
AllowCredentials: true,
@@ -39,12 +39,12 @@ func vunlnerable() {
3939
func safe() {
4040
router := gin.Default()
4141
// CORS for https://foo.com origin, allowing:
42-
// - GET and POST methods
42+
// - PUT and PATCH methods
4343
// - Origin header
4444
// - Credentials share
4545
// - Preflight requests cached for 12 hours
4646
config_safe := cors.Config{
47-
AllowMethods: []string{"GET", "POST"},
47+
AllowMethods: []string{"PUT", "PATCH"},
4848
AllowHeaders: []string{"Origin"},
4949
ExposeHeaders: []string{"Content-Length"},
5050
AllowCredentials: true,
@@ -63,13 +63,13 @@ func safe() {
6363
*/
6464
func AllowAllTrue() {
6565
router := gin.Default()
66-
// CORS for https://foo.com origin, allowing:
66+
// CORS for "*" origin, allowing:
6767
// - PUT and PATCH methods
6868
// - Origin header
6969
// - Credentials share
7070
// - Preflight requests cached for 12 hours
7171
config_allowall := cors.Config{
72-
AllowMethods: []string{"GET", "POST"},
72+
AllowMethods: []string{"PUT", "PATCH"},
7373
AllowHeaders: []string{"Origin"},
7474
ExposeHeaders: []string{"Content-Length"},
7575
AllowCredentials: true,

0 commit comments

Comments
 (0)