1+ /**
2+ * Provides classes for modeling the `github.com/rs/cors` package.
3+ */
4+
5+ import go
6+
7+ /**
8+ * Provides classes for modeling the `github.com/rs/cors` package.
9+ */
10+ module RsCors {
11+ /** Gets the package name `github.com/gin-gonic/gin`. */
12+ string packagePath ( ) { result = package ( "github.com/rs/cors" , "" ) }
13+
14+ /**
15+ * A new function create a new Handler that passed to handler chain as middleware
16+ */
17+ class New extends Function {
18+ New ( ) { exists ( Function f | f .hasQualifiedName ( packagePath ( ) , "New" ) | this = f ) }
19+ }
20+
21+ /**
22+ * A write to the value of Access-Control-Allow-Credentials header
23+ */
24+ class AllowCredentialsWrite extends DataFlow:: ExprNode {
25+ RsOptions rs ;
26+
27+ AllowCredentialsWrite ( ) {
28+ exists ( Field f , Write w , DataFlow:: Node base |
29+ f .hasQualifiedName ( packagePath ( ) , "Options" , "AllowCredentials" ) and
30+ w .writesField ( base , f , this ) and
31+ this .getType ( ) instanceof BoolType and
32+ (
33+ rs .getV ( ) .getBaseVariable ( ) .getDefinition ( ) .( SsaExplicitDefinition ) .getRhs ( ) =
34+ base .asInstruction ( ) or
35+ rs .getV ( ) .getAUse ( ) = base
36+ )
37+ )
38+ }
39+
40+ /**
41+ * Get config variable holding header values
42+ */
43+ RsOptions getConfig ( ) { result = rs }
44+ }
45+
46+ /**
47+ * A write to the value of Access-Control-Allow-Origins header
48+ */
49+ class AllowOriginsWrite extends DataFlow:: ExprNode {
50+ RsOptions rs ;
51+
52+ AllowOriginsWrite ( ) {
53+ exists ( Field f , Write w , DataFlow:: Node base |
54+ f .hasQualifiedName ( packagePath ( ) , "Options" , "AllowedOrigins" ) and
55+ w .writesField ( base , f , this ) and
56+ this .asExpr ( ) instanceof SliceLit and
57+ (
58+ rs .getV ( ) .getBaseVariable ( ) .getDefinition ( ) .( SsaExplicitDefinition ) .getRhs ( ) =
59+ base .asInstruction ( ) or
60+ rs .getV ( ) .getAUse ( ) = base
61+ )
62+ )
63+ }
64+
65+ /**
66+ * Get config variable holding header values
67+ */
68+ RsOptions getConfig ( ) { result = rs }
69+ }
70+
71+ /**
72+ * A write to the value of Access-Control-Allow-Origins of value "*", overriding AllowOrigins
73+ */
74+ class AllowAllOriginsWrite extends DataFlow:: ExprNode {
75+ RsOptions rs ;
76+
77+ AllowAllOriginsWrite ( ) {
78+ exists ( Field f , Write w , DataFlow:: Node base |
79+ f .hasQualifiedName ( packagePath ( ) , "Options" , "AllowAllOrigins" ) and
80+ w .writesField ( base , f , this ) and
81+ this .getType ( ) instanceof BoolType and
82+ (
83+ rs .getV ( ) .getBaseVariable ( ) .getDefinition ( ) .( SsaExplicitDefinition ) .getRhs ( ) =
84+ base .asInstruction ( ) or
85+ rs .getV ( ) .getAUse ( ) = base
86+ )
87+ )
88+ }
89+
90+ /**
91+ * Get config variable holding header values
92+ */
93+ RsOptions getConfig ( ) { result = rs }
94+ }
95+
96+ /**
97+ * A variable of type Config that holds the headers to be set.
98+ */
99+ class RsOptions extends Variable {
100+ SsaWithFields v ;
101+
102+ RsOptions ( ) {
103+ this = v .getBaseVariable ( ) .getSourceVariable ( ) and
104+ exists ( Type t | t .hasQualifiedName ( packagePath ( ) , "Options" ) | v .getType ( ) = t )
105+ }
106+
107+ /**
108+ * Get variable declaration of RsOptions
109+ */
110+ SsaWithFields getV ( ) { result = v }
111+ }
112+ }
0 commit comments