Fixes and doc updates

Author: joefarebrother

go/ql/lib/go.qll

@@ -40,6 +40,7 @@ import semmle.go.frameworks.ElazarlGoproxy
 import semmle.go.frameworks.Email
 import semmle.go.frameworks.Encoding
 import semmle.go.frameworks.Fasthttp
+import semmle.go.frameworks.Gin
 import semmle.go.frameworks.GinCors
 import semmle.go.frameworks.Glog
 import semmle.go.frameworks.GoJose

go/ql/lib/semmle/go/concepts/HTTP.qll

@@ -381,7 +381,7 @@ module Http {
     predicate guardedBy(DataFlow::Node check) { super.guardedBy(check) }
   }
 
-  /** Provides a class for modelling HTTP response cookie writes. */
+  /** Provides a class for modeling HTTP response cookie writes. */
   module CookieWrite {
     /**
      * An write of an HTTP Cookie to an HTTP response.
@@ -424,7 +424,7 @@ module Http {
     DataFlow::Node getHttpOnly() { result = super.getHttpOnly() }
   }
 
-  /** Provides a class for modelling the options of an HTTP cookie. */
+  /** Provides a class for modeling the options of an HTTP cookie. */
   module CookieOptions {
     /**
      * An HTTP Cookie object.

go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll

@@ -294,7 +294,7 @@ module NetHttp {
     override DataFlow::Node getAPathArgument() { result = this.getArgument(2) }
   }
 
-  class CookieWrite extends Http::CookieWrite::Range, DataFlow::CallNode {
+  private class CookieWrite extends Http::CookieWrite::Range, DataFlow::CallNode {
     CookieWrite() { this.getTarget().hasQualifiedName(package("net/http", ""), "SetCookie") }
 
     override DataFlow::Node getName() { result = this.getArgument(1) }
@@ -306,7 +306,7 @@ module NetHttp {
     override DataFlow::Node getHttpOnly() { result = this.getArgument(1) }
   }
 
-  class CookieFieldWrite extends Http::CookieOptions::Range {
+  private class CookieFieldWrite extends Http::CookieOptions::Range {
     Write w;
     Field f;
     DataFlow::Node written;

go/ql/src/Security/CWE-1004/CookieWithoutHttpOnly.ql

@@ -7,14 +7,14 @@
  * @kind path-problem
  * @problem.severity warning
  * @precision high
+ * @security-severity 5.0
  * @id go/cookie-httponly-not-set
  * @tags security
  *       external/cwe/cwe-1004
  */
 
 import go
 import semmle.go.security.SecureCookies
-import semmle.go.concepts.HTTP
 import SensitiveCookieNameFlow::PathGraph
 
 from

go/ql/src/Security/CWE-614/CookieWithoutSecure.ql

@@ -4,15 +4,15 @@
  * @kind problem
  * @problem.severity warning
  * @precision high
+ * @security-severity 5.0
  * @id go/cookie-secure-not-set
  * @tags security
  *       external/cwe/cwe-1004
  */
 
 import go
 import semmle.go.security.SecureCookies
-import semmle.go.concepts.HTTP
 
 from Http::CookieWrite cw
 where isInsecureCookie(cw)
-select cw, "Cookie does not set Secure attribute to true"
+select cw, "Cookie does not set Secure attribute to true."