Corrections

python/ql/lib/semmle/python/Concepts.qll

@@ -1425,11 +1425,14 @@ module Http {
       string middleware_name() { result = super.middleware_name() }
 
       /**
-       * Gets the boolean value corresponding to if CORS credentials is enabled
-       * (`true`) or disabled (`false`) by this node.
+       * Gets the dataflow node corresponding to the allowed CORS origins 
        */
       DataFlow::Node allowed_origins() { result = super.allowed_origins() }
 
+      /**
+       * Gets the boolean value corresponding to if CORS credentials is enabled
+       * (`true`) or disabled (`false`) by this node.
+       */
       DataFlow::Node allowed_credentials() { result = super.allowed_credentials() }
     }
 

python/ql/lib/semmle/python/frameworks/FastApi.qll

@@ -43,16 +43,30 @@ module FastApi {
    * A call to `app.add_middleware` adding CORSMiddleware.
    */
   class AddCorsMiddlewareCall extends Http::Server::CorsMiddleware::Range, AddMiddlewareCall {
+      /**
+      * Gets the string corresponding to the middleware
+      */
     override string middleware_name() { result = this.getArg(0).asExpr().(Name).toString() }
 
+    /**
+    * Gets the dataflow node corresponding to the allowed CORS origins 
+    */
     override DataFlow::Node allowed_origins() { result = this.getArgByName("allow_origins") }
-
+      /**
+       * Gets the boolean value corresponding to if CORS credentials is enabled
+       * (`true`) or disabled (`false`) by this node.
+       */
     override DataFlow::Node allowed_credentials() {
       result = this.getArgByName("allow_credentials")
     }
-
+      /**
+       * Gets the dataflow node corresponding to the allowed CORS methods 
+       */
     DataFlow::Node allowed_methods() { result = this.getArgByName("allow_methods") }
 
+      /**
+      * Gets the dataflow node corresponding to the allowed CORS headers 
+      */
     DataFlow::Node allowed_headers() { result = this.getArgByName("allow_headers") }
   }
 

python/ql/lib/semmle/python/frameworks/Starlette.qll

@@ -28,12 +28,13 @@ module Starlette {
   /**
    * Provides models for the `starlette.app` class
    *
-   * See https://www.starlette.io/websockets/.
+   *
    */
   module App {
+    /** Gets import of `starlette.app`. */
     API::Node cls() { result = API::moduleImport("starlette").getMember("app") }
 
-    /** Gets a reference to a FastAPI application (an instance of `fastapi.FastAPI`). */
+    /** Gets a reference to a Starlette application (an instance of `starlette.app`). */
     API::Node instance() { result = cls().getReturn() }
   }
 
@@ -52,6 +53,10 @@ module Starlette {
    * A call to any of the execute methods on a `app.add_middleware` with CORSMiddleware.
    */
   class AddCorsMiddlewareCall extends AddMiddlewareCall, Http::Server::CorsMiddleware::Range {
+
+          /**
+      * Gets the string corresponding to the middleware
+      */
     override string middleware_name() { result = this.getArg(0).asExpr().(Name).toString() }
 
     override DataFlow::Node allowed_origins() { result = this.getArgByName("allow_origins") }
@@ -59,9 +64,14 @@ module Starlette {
     override DataFlow::Node allowed_credentials() {
       result = this.getArgByName("allow_credentials")
     }
-
+      /**
+       * Gets the dataflow node corresponding to the allowed CORS methods 
+       */
     DataFlow::Node allowed_methods() { result = this.getArgByName("allow_methods") }
 
+      /**
+      * Gets the dataflow node corresponding to the allowed CORS headers 
+      */
     DataFlow::Node allowed_headers() { result = this.getArgByName("allow_headers") }
   }