github
diff --git a/‎javascript/ql/test/query-tests/Security/CWE-942/apollo-test.js renamed to ‎javascript/ql/test/query-tests/Security/CWE-346/apollo-test.js
Lines changed: 5 additions & 5 deletions b/‎javascript/ql/test/query-tests/Security/CWE-942/apollo-test.js renamed to ‎javascript/ql/test/query-tests/Security/CWE-346/apollo-test.js
Lines changed: 5 additions & 5 deletions
diff --git a/‎javascript/ql/test/query-tests/Security/CWE-942/express-test.js renamed to ‎javascript/ql/test/query-tests/Security/CWE-346/express-test.js
Lines changed: 4 additions & 4 deletions b/‎javascript/ql/test/query-tests/Security/CWE-942/express-test.js renamed to ‎javascript/ql/test/query-tests/Security/CWE-346/express-test.js
Lines changed: 4 additions & 4 deletions
diff --git a/‎javascript/ql/test/query-tests/Security/CWE-942/CorsPermissiveConfiguration.expected
Lines changed: 0 additions & 34 deletions b/‎javascript/ql/test/query-tests/Security/CWE-942/CorsPermissiveConfiguration.expected
Lines changed: 0 additions & 34 deletions
diff --git a/‎javascript/ql/test/query-tests/Security/CWE-942/CorsPermissiveConfiguration.qlref
Lines changed: 0 additions & 2 deletions b/‎javascript/ql/test/query-tests/Security/CWE-942/CorsPermissiveConfiguration.qlref
Lines changed: 0 additions & 2 deletions
@@ -5,10 +5,10 @@ var https = require('https'),
 var server = https.createServer(function () { });
 
 server.on('request', function (req, res) {
-    let user_origin = url.parse(req.url, true).query.origin; // $ Source
+    let user_origin = url.parse(req.url, true).query.origin; // $ MISSING: Source
     // BAD: CORS too permissive
     const server_1 = new ApolloServer({
-        cors: { origin: true } // $ Alert
+        cors: { origin: true } // $ MISSING: Alert
     });
 
     // GOOD: restrictive CORS 
@@ -18,11 +18,11 @@ server.on('request', function (req, res) {
 
     // BAD: CORS too permissive 
     const server_3 = new ApolloServer({
-        cors: { origin: null } // $ Alert
+        cors: { origin: null } // $ MISSING: Alert
     });
 
     // BAD: CORS is controlled by user
     const server_4 = new ApolloServer({
-        cors: { origin: user_origin } // $ Alert
+        cors: { origin: user_origin } // $ MISSING: Alert
     });
-});
+});
@@ -7,7 +7,7 @@ var https = require('https'),
 var server = https.createServer(function () { });
 
 server.on('request', function (req, res) {
-    let user_origin = url.parse(req.url, true).query.origin; // $ Source
+    let user_origin = url.parse(req.url, true).query.origin; // $ MISSING: Source
 
     // BAD: CORS too permissive, default value is *
     var app1 = express();
@@ -23,14 +23,14 @@ server.on('request', function (req, res) {
     // BAD: CORS too permissive 
     var app3 = express();
     var corsOption3 = {
-        origin: '*' // $ Alert
+        origin: '*' // $ MISSING: Alert
     };
     app3.use(cors(corsOption3));
 
     // BAD: CORS is controlled by user
     var app4 = express();
     var corsOption4 = {
-        origin: user_origin // $ Alert
+        origin: user_origin // $ MISSING: Alert
     };
     app4.use(cors(corsOption4));
-});
+});