From 9d1f13fe9be5d425bf88cdc60e5de1d7d2b0cb03 Mon Sep 17 00:00:00 2001
From: Slavomir <gagliardetto@users.noreply.github.com>
Date: Sat, 22 May 2021 18:32:48 +0200
Subject: [PATCH] Add `allowOriginIsWildcardOrNull` predicate

---
 .../CWE-942/CorsMisconfiguration.ql            | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/ql/src/experimental/CWE-942/CorsMisconfiguration.ql b/ql/src/experimental/CWE-942/CorsMisconfiguration.ql
index 5c34eaf4fa5..8aa06faccce 100644
--- a/ql/src/experimental/CWE-942/CorsMisconfiguration.ql
+++ b/ql/src/experimental/CWE-942/CorsMisconfiguration.ql
@@ -69,16 +69,24 @@ predicate flowsFromUntrustedToAllowOrigin(HTTP::HeaderWrite allowOriginHW, strin
   )
 }
 
+/**
+ * Holds if the provided `allowOriginHW` HeaderWrite is for a `Access-Control-Allow-Origin`
+ * header and the value is set to `*` or `null`.
+ */
+predicate allowOriginIsWildcardOrNull(HTTP::HeaderWrite allowOriginHW, string message) {
+  allowOriginHW.getHeaderName() = headerAllowOrigin() and
+  allowOriginHW.getHeaderValue() = ["*", "null"] and
+  message =
+    headerAllowOrigin() + " header is set to `" + allowOriginHW.getHeaderValue() + "`, and " +
+      headerAllowCredentials() + " is set to `true`"
+}
+
 from HTTP::HeaderWrite allowOriginHW, string message
 where
   (
     flowsFromUntrustedToAllowOrigin(allowOriginHW, message)
     or
-    allowOriginHW.getHeaderName() = headerAllowOrigin() and
-    allowOriginHW.getHeaderValue() = ["*", "null"] and
-    message =
-      headerAllowOrigin() + " header is set to `" + allowOriginHW.getHeaderValue() + "`, and " +
-        headerAllowCredentials() + " is set to `true`"
+    allowOriginIsWildcardOrNull(allowOriginHW, message)
   ) and
   allowCredentialsIsSetToTrue(allowOriginHW)
 select allowOriginHW, message