Reorder and rename

2026-04-26 01:05:15 +02:00 · 2024-09-13 00:41:55 -07:00
parent 03f375e436
commit c30332818f
3 changed files with 7 additions and 7 deletions
--- a/python/ql/lib/semmle/python/Concepts.qll
+++ b/python/ql/lib/semmle/python/Concepts.qll
@@ -1451,16 +1451,16 @@ module Http {
         */
        abstract string getMiddlewareName();

+        /**
+         * Gets the strings corresponding to the origins allowed by the cors policy
+         */
+        abstract DataFlow::Node getOrigins();
+
        /**
         * Gets the boolean value corresponding to if CORS credentials is enabled
         * (`true`) or disabled (`false`) by this node.
         */
        abstract DataFlow::Node getCredentialsAllowed();
-
-        /**
-         * Gets the strings corresponding to the origins allowed by the cors policy
-         */
-        abstract DataFlow::Node getOrigins();
      }
    }

--- a/python/ql/src/change-notes/2024-08-26-Cors-misconfiguration-middleware.md
+++ b/python/ql/src/change-notes/2024-08-26-Cors-misconfiguration-middleware.md
@@ -1,4 +1,4 @@
 ---
 category: newQuery
 ---
-* The `py/insecure-cors-setting` query, which finds insecure CORS middleware configurations.
+* The `py/cors-misconfiguration-with-credentials` query, which finds insecure CORS middleware configurations.
--- a/python/ql/src/experimental/Security/CWE-942/CorsMisconfigurationMiddleware.ql
+++ b/python/ql/src/experimental/Security/CWE-942/CorsMisconfigurationMiddleware.ql
@@ -1,5 +1,5 @@
 /**
- * @name SOP protection weak with credentials
+ * @name Cors misconfiguration with credentials
 * @description Disabling or weakening SOP protection may make the application
 *              vulnerable to a CORS attack.
 * @kind problem