Address reviews - rename and update doc comments

2025-12-16 16:53:25 +01:00 · 2025-11-17 15:07:06 +00:00
parent 1bd5005fc1
commit 03d63dec2e
3 changed files with 22 additions and 22 deletions
--- a/go/ql/lib/semmle/go/concepts/HTTP.qll
+++ b/go/ql/lib/semmle/go/concepts/HTTP.qll
@@ -381,7 +381,7 @@ module Http {
    predicate guardedBy(DataFlow::Node check) { super.guardedBy(check) }
  }

-  /** Provides a class for modeling HTTP response cookie writes. */
+  /** Provides a class for modeling new HTTP response cookie write APIs. */
  module CookieWrite {
    /**
     * A write of an HTTP Cookie to an HTTP response.
@@ -424,10 +424,10 @@ module Http {
    DataFlow::Node getHttpOnly() { result = super.getHttpOnly() }
  }

-  /** Provides a class for modeling the options of an HTTP cookie. */
-  module CookieOptions {
+  /** Provides a class for modeling the new APIs for writes to options of an HTTP cookie. */
+  module CookieOptionWrite {
    /**
-     * An HTTP Cookie object.
+     * A write to an HTTP cookie object.
     *
     * Extend this class to model new APIs. If you want to refine existing API models,
     * extend `HTTP::CookieOptions` instead.
@@ -436,40 +436,40 @@ module Http {
      /** Gets the node representing the cookie object for the options being set. */
      abstract DataFlow::Node getCookieOutput();

-      /** Gets the name of the cookie represented. */
+      /** Gets the name of the cookie represented, if any. */
      abstract DataFlow::Node getName();

-      /** Gets the value of the cookie represented. */
+      /** Gets the value of the cookie represented, if any. */
      abstract DataFlow::Node getValue();

-      /** Gets the `Secure` attribute of the cookie represented. */
+      /** Gets the `Secure` attribute of the cookie represented, if any. */
      abstract DataFlow::Node getSecure();

-      /** Gets the `HttpOnly` attribute of the cookie represented. */
+      /** Gets the `HttpOnly` attribute of the cookie represented, if any. */
      abstract DataFlow::Node getHttpOnly();
    }
  }

  /**
-   * An HTTP Cookie.
+   * A write to an HTTP cookie object.
   *
   * Extend this class to refine existing API models. If you want to model new APIs,
   * extend `HTTP::CookieOptions::Range` instead.
   */
-  class CookieOptions extends DataFlow::Node instanceof CookieOptions::Range {
+  class CookieOptionWrite extends DataFlow::Node instanceof CookieOptionWrite::Range {
    /** Gets the node representing the cookie object for the options being set. */
    DataFlow::Node getCookieOutput() { result = super.getCookieOutput() }

-    /** Gets the name of the cookie represented. */
+    /** Gets the name of the cookie represented, if any. */
    DataFlow::Node getName() { result = super.getName() }

-    /** Gets the value of the cookie represented. */
+    /** Gets the value of the cookie represented, if any. */
    DataFlow::Node getValue() { result = super.getValue() }

-    /** Gets the `Secure` attribute of the cookie represented. */
+    /** Gets the `Secure` attribute of the cookie represented, if any. */
    DataFlow::Node getSecure() { result = super.getSecure() }

-    /** Gets the `HttpOnly` attribute of the cookie represented. */
+    /** Gets the `HttpOnly` attribute of the cookie represented, if any. */
    DataFlow::Node getHttpOnly() { result = super.getHttpOnly() }
  }
 }
--- a/go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll
+++ b/go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll
@@ -306,15 +306,15 @@ module NetHttp {
    override DataFlow::Node getHttpOnly() { result = this.getArgument(1) }
  }

-  private class CookieFieldWrite extends Http::CookieOptions::Range {
-    Write w;
-    Field f;
+  private class CookieFieldWrite extends Http::CookieOptionWrite::Range {
    DataFlow::Node written;
    string fieldName;

    CookieFieldWrite() {
-      f.hasQualifiedName(package("net/http", ""), "Cookie", fieldName) and
-      w.writesField(this, f, written)
+      exists(Write w, Field f |
+        f.hasQualifiedName(package("net/http", ""), "Cookie", fieldName) and
+        w.writesField(this, f, written)
+      )
    }

    override DataFlow::Node getCookieOutput() { result = this }
--- a/go/ql/lib/semmle/go/security/SecureCookies.qll
+++ b/go/ql/lib/semmle/go/security/SecureCookies.qll
@@ -22,7 +22,7 @@ private module SensitiveCookieNameConfig implements DataFlow::ConfigSig {
  predicate isSink(DataFlow::Node sink) { exists(Http::CookieWrite cw | sink = cw.getName()) }

  predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
-    exists(Http::CookieOptions co | co.getName() = pred and co.getCookieOutput() = succ)
+    exists(Http::CookieOptionWrite co | co.getName() = pred and co.getCookieOutput() = succ)
  }
 }

@@ -37,7 +37,7 @@ private module BooleanCookieSecureConfig implements DataFlow::ConfigSig {
  predicate isSink(DataFlow::Node sink) { exists(Http::CookieWrite cw | sink = cw.getSecure()) }

  predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
-    exists(Http::CookieOptions co | co.getSecure() = pred and co.getCookieOutput() = succ)
+    exists(Http::CookieOptionWrite co | co.getSecure() = pred and co.getCookieOutput() = succ)
  }
 }

@@ -52,7 +52,7 @@ private module BooleanCookieHttpOnlyConfig implements DataFlow::ConfigSig {
  predicate isSink(DataFlow::Node sink) { exists(Http::CookieWrite cw | sink = cw.getHttpOnly()) }

  predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
-    exists(Http::CookieOptions co | co.getHttpOnly() = pred and co.getCookieOutput() = succ)
+    exists(Http::CookieOptionWrite co | co.getHttpOnly() = pred and co.getCookieOutput() = succ)
  }
 }