Add GoChi Rule

Author: Yunus AYDIN

go/ql/src/experimental/CWE-525/WebCacheDeceptionGoChi.expected

@@ -0,0 +1,23 @@
+/*
+ * @name Web Cache Deception
+ * @description A caching system has been detected on the application and is vulnerable to web cache deception on GoChi. By manipulating the URL it is possible to force the application to cache pages that are only accessible by an authenticated user. Once cached, these pages can be accessed by an unauthenticated user.
+ * @kind problem
+ * @problem.severity error
+ * @security-severity 9
+ * @precision high
+ * @id go/web-cache-deception
+ * @tags security
+ *       external/cwe/cwe-525
+ */
+
+ import go
+
+ from DataFlow::CallNode httpHandleFuncCall, ImportSpec importSpec
+ where
+    importSpec.getPath() = "github.com/go-chi/chi/v5" and
+    httpHandleFuncCall.getCall().getArgument(0).toString().matches("%/*%") and
+    not httpHandleFuncCall.getCall().getArgument(0).toString().matches("%$%") and
+    importSpec.getFile() = httpHandleFuncCall.getFile()
+ select httpHandleFuncCall.getCall().getArgument(0), importSpec,
+   "Wildcard Endpoint used with " + httpHandleFuncCall.getCall().getArgument(0) + " in file: " + importSpec.getFile().getBaseName()
+ 

go/ql/src/experimental/CWE-525/WebCacheDeceptionGoChi.ql

@@ -0,0 +1,17 @@
+package main
+
+import (
+	"net/http"
+
+	"github.com/go-chi/chi/v5"
+	"github.com/go-chi/chi/v5/middleware"
+)
+
+func main() {
+	r := chi.NewRouter()
+	r.Use(middleware.Logger)
+	r.Get("/*", func(w http.ResponseWriter, r *http.Request) {
+		w.Write([]byte("welcome"))
+	})
+	http.ListenAndServe(":3000", r)
+}