Rename cors-misconfiguration to cors-origin.

javascript/ql/lib/ext/apollo-server.model.yml

@@ -10,7 +10,7 @@ extensions:
       extensible: sinkModel
     data:
       - ["@apollo/server", "Member[gql].Argument[0]", "sql-injection"]
-      - ["@apollo/server", "Member[ApolloServer,ApolloServerBase].Argument[0].Member[cors].Member[origin]", "cors-misconfiguration"]
+      - ["@apollo/server", "Member[ApolloServer,ApolloServerBase].Argument[0].Member[cors].Member[origin]", "cors-origin"]
 
   - addsTo:
       pack: codeql/javascript-all

javascript/ql/lib/ext/cors.model.yml

@@ -3,4 +3,4 @@ extensions:
       pack: codeql/javascript-all
       extensible: sinkModel
     data:
-      - ["cors", "Argument[0].Member[origin]", "cors-misconfiguration"]
+      - ["cors", "Argument[0].Member[origin]", "cors-origin"]

javascript/ql/lib/semmle/javascript/security/CorsPermissiveConfigurationCustomizations.qll

@@ -66,7 +66,7 @@ module CorsPermissiveConfiguration {
    * The value of cors origin when initializing the application.
    */
   class CorsOriginSink extends Sink, DataFlow::ValueNode {
-    CorsOriginSink() { this = ModelOutput::getASinkNode("cors-misconfiguration").asSink() }
+    CorsOriginSink() { this = ModelOutput::getASinkNode("cors-origin").asSink() }
   }
 
   /**

shared/mad/codeql/mad/ModelValidation.qll

@@ -39,7 +39,7 @@ module KindValidation<KindValidationConfigSig Config> {
           "response-splitting", "trust-boundary-violation", "template-injection", "url-forward",
           "xslt-injection",
           // JavaScript-only currently, but may be shared in the future
-          "cors-misconfiguration", "mongodb.sink",
+          "cors-origin", "mongodb.sink",
           // Swift-only currently, but may be shared in the future
           "database-store", "format-string", "hash-iteration-count", "predicate-injection",
           "preferences-store", "tls-protocol-version", "transmission", "webview-fetch", "xxe",