Reorder and rename

Author: Kwstubbs

python/ql/lib/semmle/python/Concepts.qll

@@ -1452,15 +1452,15 @@ module Http {
         abstract string getMiddlewareName();
 
         /**
-         * Gets the boolean value corresponding to if CORS credentials is enabled
-         * (`true`) or disabled (`false`) by this node.
+         * Gets the strings corresponding to the origins allowed by the cors policy
          */
-        abstract DataFlow::Node getCredentialsAllowed();
+        abstract DataFlow::Node getOrigins();
 
         /**
-         * Gets the strings corresponding to the origins allowed by the cors policy
+         * Gets the boolean value corresponding to if CORS credentials is enabled
+         * (`true`) or disabled (`false`) by this node.
          */
-        abstract DataFlow::Node getOrigins();
+        abstract DataFlow::Node getCredentialsAllowed();
       }
     }
 

python/ql/src/change-notes/2024-08-26-Cors-misconfiguration-middleware.md

@@ -1,4 +1,4 @@
 ---
 category: newQuery
 ---
-* The `py/insecure-cors-setting` query, which finds insecure CORS middleware configurations.
+* The `py/cors-misconfiguration-with-credentials` query, which finds insecure CORS middleware configurations.

python/ql/src/experimental/Security/CWE-942/CorsMisconfigurationMiddleware.ql

@@ -1,5 +1,5 @@
 /**
- * @name SOP protection weak with credentials
+ * @name Cors misconfiguration with credentials
  * @description Disabling or weakening SOP protection may make the application
  *              vulnerable to a CORS attack.
  * @kind problem