Update rules

Author: krakendio

go/ql/src/experimental/CWE-525/WebCacheDeception.ql

@@ -14,5 +14,4 @@ import go
 import WebCacheDeceptionLib
 
 from WebCacheDeception::Sink httpHandleFuncCall
-select httpHandleFuncCall, "$@ is used as wildcard endpoint.", httpHandleFuncCall.getNode(),
-  "Web Cache Deception"
+select httpHandleFuncCall, httpHandleFuncCall + " is used as wildcard endpoint."

go/ql/src/experimental/CWE-525/WebCacheDeceptionLib.qll

@@ -26,7 +26,7 @@ module WebCacheDeception {
         i.getPath() = "github.com/gofiber/fiber" or
         i.getPath() = "github.com/gofiber/fiber/v2"
       |
-        exists(DataFlow::MethodCallNode m |
+        exists(DataFlow::CallNode m |
           m.getCall().getArgument(0).toString().matches("%/*%") and
           this = m.getArgument(0)
         )
@@ -40,7 +40,7 @@ module WebCacheDeception {
         i.getPath() = "github.com/go-chi/chi/v5" or
         i.getPath() = "github.com/go-chi/chi/v5/middleware"
       |
-        exists(DataFlow::MethodCallNode m |
+        exists(DataFlow::CallNode m |
           m.getCall().getArgument(0).toString().matches("%/*%") and
           this = m.getArgument(0)
         )

go/ql/test/experimental/CWE-525/WebCacheDeception.expected

@@ -1,4 +1,4 @@
-edges
-nodes
-subpaths
-#select
+| WebCacheDeceptionBad.go:82:18:82:31 | "/adminusers/" | "/adminusers/" is used as wildcard endpoint. |
+| WebCacheDeceptionFiber.go:15:10:15:17 | "/api/*" | "/api/*" is used as wildcard endpoint. |
+| WebCacheDeceptionFiber.go:20:11:20:18 | "/api/*" | "/api/*" is used as wildcard endpoint. |
+| WebCacheDeceptionGoChi.go:13:8:13:11 | "/*" | "/*" is used as wildcard endpoint. |