Address reviews - rename and update doc comments

Author: joefarebrother

go/ql/lib/semmle/go/concepts/HTTP.qll

@@ -381,7 +381,7 @@ module Http {
     predicate guardedBy(DataFlow::Node check) { super.guardedBy(check) }
   }
 
-  /** Provides a class for modeling HTTP response cookie writes. */
+  /** Provides a class for modeling new HTTP response cookie write APIs. */
   module CookieWrite {
     /**
      * A write of an HTTP Cookie to an HTTP response.
@@ -424,10 +424,10 @@ module Http {
     DataFlow::Node getHttpOnly() { result = super.getHttpOnly() }
   }
 
-  /** Provides a class for modeling the options of an HTTP cookie. */
-  module CookieOptions {
+  /** Provides a class for modeling the new APIs for writes to options of an HTTP cookie. */
+  module CookieOptionWrite {
     /**
-     * An HTTP Cookie object.
+     * A write to an HTTP cookie object.
      *
      * Extend this class to model new APIs. If you want to refine existing API models,
      * extend `HTTP::CookieOptions` instead.
@@ -436,40 +436,40 @@ module Http {
       /** Gets the node representing the cookie object for the options being set. */
       abstract DataFlow::Node getCookieOutput();
 
-      /** Gets the name of the cookie represented. */
+      /** Gets the name of the cookie represented, if any. */
       abstract DataFlow::Node getName();
 
-      /** Gets the value of the cookie represented. */
+      /** Gets the value of the cookie represented, if any. */
       abstract DataFlow::Node getValue();
 
-      /** Gets the `Secure` attribute of the cookie represented. */
+      /** Gets the `Secure` attribute of the cookie represented, if any. */
       abstract DataFlow::Node getSecure();
 
-      /** Gets the `HttpOnly` attribute of the cookie represented. */
+      /** Gets the `HttpOnly` attribute of the cookie represented, if any. */
       abstract DataFlow::Node getHttpOnly();
     }
   }
 
   /**
-   * An HTTP Cookie.
+   * A write to an HTTP cookie object.
    *
    * Extend this class to refine existing API models. If you want to model new APIs,
    * extend `HTTP::CookieOptions::Range` instead.
    */
-  class CookieOptions extends DataFlow::Node instanceof CookieOptions::Range {
+  class CookieOptionWrite extends DataFlow::Node instanceof CookieOptionWrite::Range {
     /** Gets the node representing the cookie object for the options being set. */
     DataFlow::Node getCookieOutput() { result = super.getCookieOutput() }
 
-    /** Gets the name of the cookie represented. */
+    /** Gets the name of the cookie represented, if any. */
     DataFlow::Node getName() { result = super.getName() }
 
-    /** Gets the value of the cookie represented. */
+    /** Gets the value of the cookie represented, if any. */
     DataFlow::Node getValue() { result = super.getValue() }
 
-    /** Gets the `Secure` attribute of the cookie represented. */
+    /** Gets the `Secure` attribute of the cookie represented, if any. */
     DataFlow::Node getSecure() { result = super.getSecure() }
 
-    /** Gets the `HttpOnly` attribute of the cookie represented. */
+    /** Gets the `HttpOnly` attribute of the cookie represented, if any. */
     DataFlow::Node getHttpOnly() { result = super.getHttpOnly() }
   }
 }

go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll

@@ -306,15 +306,15 @@ module NetHttp {
     override DataFlow::Node getHttpOnly() { result = this.getArgument(1) }
   }
 
-  private class CookieFieldWrite extends Http::CookieOptions::Range {
-    Write w;
-    Field f;
+  private class CookieFieldWrite extends Http::CookieOptionWrite::Range {
     DataFlow::Node written;
     string fieldName;
 
     CookieFieldWrite() {
-      f.hasQualifiedName(package("net/http", ""), "Cookie", fieldName) and
-      w.writesField(this, f, written)
+      exists(Write w, Field f |
+        f.hasQualifiedName(package("net/http", ""), "Cookie", fieldName) and
+        w.writesField(this, f, written)
+      )
     }
 
     override DataFlow::Node getCookieOutput() { result = this }

go/ql/lib/semmle/go/security/SecureCookies.qll

@@ -22,7 +22,7 @@ private module SensitiveCookieNameConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) { exists(Http::CookieWrite cw | sink = cw.getName()) }
 
   predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
-    exists(Http::CookieOptions co | co.getName() = pred and co.getCookieOutput() = succ)
+    exists(Http::CookieOptionWrite co | co.getName() = pred and co.getCookieOutput() = succ)
   }
 }
 
@@ -37,7 +37,7 @@ private module BooleanCookieSecureConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) { exists(Http::CookieWrite cw | sink = cw.getSecure()) }
 
   predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
-    exists(Http::CookieOptions co | co.getSecure() = pred and co.getCookieOutput() = succ)
+    exists(Http::CookieOptionWrite co | co.getSecure() = pred and co.getCookieOutput() = succ)
   }
 }
 
@@ -52,7 +52,7 @@ private module BooleanCookieHttpOnlyConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) { exists(Http::CookieWrite cw | sink = cw.getHttpOnly()) }
 
   predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
-    exists(Http::CookieOptions co | co.getHttpOnly() = pred and co.getCookieOutput() = succ)
+    exists(Http::CookieOptionWrite co | co.getHttpOnly() = pred and co.getCookieOutput() = succ)
   }
 }