Apply suggestions from code review

Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>

javascript/ql/lib/semmle/javascript/frameworks/Apollo.qll

@@ -6,7 +6,7 @@ import javascript
 
 /** Provides classes modeling the apollo packages [@apollo/server](https://npmjs.com/package/@apollo/server`) */
 module Apollo {
-  /** Get an instanceof of `Apollo` */
+  /** Get a reference to the `ApolloServer` class. */
   private API::Node apollo() {
     result =
       API::moduleImport([
@@ -30,7 +30,7 @@ module Apollo {
   }
 
   /** A string that is interpreted as a GraphQL query by a `apollo` package. */
-  class ApolloGraphQLString extends GraphQL::GraphQLString {
+  private class ApolloGraphQLString extends GraphQL::GraphQLString {
     ApolloGraphQLString() { this = gql().getACall().getArgument(0) }
   }
 }

javascript/ql/lib/semmle/javascript/frameworks/Cors.qll

@@ -4,24 +4,23 @@
 
 import javascript
 
-/** Provides classes modeling [cors package](https://npmjs.com/package/cors) */
+/** Provides classes modeling [cors](https://npmjs.com/package/cors) library. */
 module Cors {
   /**
    * An expression that creates a new CORS configuration.
    */
   class Cors extends DataFlow::CallNode {
-    /** Get an instanceof of `cors` */
     Cors() { this = DataFlow::moduleImport("cors").getAnInvocation() }
 
-    /** Get Cors configuration */
-    DataFlow::Node getCorsArgument() { result = this.getArgument(0) }
+    /** Get the options used to configure Cors */
+    DataFlow::Node getOptionsArgument() { result = this.getArgument(0) }
 
     /** Holds if cors is using default configuration */
     predicate isDefault() { this.getNumArgument() = 0 }
 
     /** Gets the value of origin */
     DataFlow::Node getOrigin() {
-      result = this.getCorsArgument().getALocalSource().getAPropertyWrite("origin").getRhs()
+      result = this.getOptionArgument(0, "origin")
     }
   }
 }

javascript/ql/lib/semmle/javascript/frameworks/Express.qll

@@ -1074,21 +1074,20 @@ module Express {
   }
 
   /**
-   * The CORS configuration used in Express
+   * An express route setup configured with the `cors` package.
    */
   class CorsConfiguration extends DataFlow::MethodCallNode {
-    /** Get an `app.use` with a cors object as argument */
     CorsConfiguration() {
       this = appCreation().getAMethodCall("use") and this.getArgument(0) instanceof Cors::Cors
     }
 
-    /** Get Cors configuration */
+    /** Gets the options used to configure `cors`. */
     DataFlow::Node getCorsArgument() { result = this.getArgument(0).(Cors::Cors).getCorsArgument() }
 
-    /** Holds if cors is using default configuration */
+    /** Holds if cors is using its default configuration. */
     predicate isDefault() { this.getArgument(0).(Cors::Cors).isDefault() }
 
-    /** Get Cors origin value */
+    /** Gets the `origin` option that the call to `cors` is configured with. */
     DataFlow::Node getOrigin() { result = this.getArgument(0).(Cors::Cors).getOrigin() }
   }
 }