Modeling CORS frameworks with CodeQL to find security vulnerabilities

This GitHub Security Lab blog post describes how to use CodeQL to model Go CORS frameworks (with examples for Gin) to find CORS misconfigurations that can lead to origin reflection and credentialed cross-origin requests. It walks through modeling header writes and config structures, writing predicates and queries to detect vulnerable patterns, and discusses reducing false positives and extending detection for different frameworks.