change-notes

github · Aug 27, 2024 · 812abea · 812abea
1 parent 0420d25
commit 812abea
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 0 deletions.
diff --git a/python/ql/lib/semmle/python/frameworks/FastApi.qll b/python/ql/lib/semmle/python/frameworks/FastApi.qll
@@ -36,6 +36,9 @@ module FastApi {
   private class AddMiddlewareCall extends DataFlow::CallCfgNode {
     AddMiddlewareCall() { this = App::instance().getMember("add_middleware").getACall() }
 
+    /**
+     * Gets the string corresponding to the middleware
+     */
     string middleware_name() { result = this.getArg(0).asExpr().(Name).toString() }
   }
 

diff --git a/python/ql/lib/semmle/python/frameworks/Starlette.qll b/python/ql/lib/semmle/python/frameworks/Starlette.qll
@@ -44,6 +44,9 @@ module Starlette {
       this = [App::instance().getMember("add_middleware").getACall(), Middleware::instance()]
     }
 
+    /**
+     * Gets the string corresponding to the middleware
+     */
     string middleware_name() { result = this.getArg(0).asExpr().(Name).toString() }
   }
 

diff --git a/python/ql/src/change-notes/2024-08-26-Cors-misconfiguration-middleware.md b/python/ql/src/change-notes/2024-08-26-Cors-misconfiguration-middleware.md
@@ -0,0 +1,4 @@
+---
+category: newQuery
+---
+* The `py/insecure-cors-setting` query, which finds insecure CORS middleware configurations.
-Original file line number
+Diff line change
@@ Expand Up / @@ -44,6 +44,9 @@ module Starlette { @@
           this = [App::instance().getMember("add_middleware").getACall(), Middleware::instance()]
         }
+        /**
+         * Gets the string corresponding to the middleware
+         */
         string middleware_name() { result = this.getArg(0).asExpr().(Name).toString() }
       }
@@ Expand Down @@