codeqlhelper
diff --git a/‎go/ql/test/experimental/CWE-525/WebCacheDeceptionFiber.expected
Lines changed: 2 additions & 0 deletions b/‎go/ql/test/experimental/CWE-525/WebCacheDeceptionFiber.expected
Lines changed: 2 additions & 0 deletions
diff --git a/‎go/ql/test/experimental/CWE-525/WebCacheDeceptionFiber.go
Lines changed: 38 additions & 0 deletions b/‎go/ql/test/experimental/CWE-525/WebCacheDeceptionFiber.go
Lines changed: 38 additions & 0 deletions
diff --git a/‎go/ql/test/experimental/CWE-525/WebCacheDeceptionFiber.qlref
Lines changed: 1 addition & 0 deletions b/‎go/ql/test/experimental/CWE-525/WebCacheDeceptionFiber.qlref
Lines changed: 1 addition & 0 deletions
diff --git a/‎go/ql/test/experimental/CWE-525/go.mod
Lines changed: 19 additions & 0 deletions b/‎go/ql/test/experimental/CWE-525/go.mod
Lines changed: 19 additions & 0 deletions
diff --git a/‎go/ql/test/experimental/CWE-525/vendor/github.com/andybalholm/brotli/LICENSE
Lines changed: 19 additions & 0 deletions b/‎go/ql/test/experimental/CWE-525/vendor/github.com/andybalholm/brotli/LICENSE
Lines changed: 19 additions & 0 deletions
diff --git a/‎go/ql/test/experimental/CWE-525/vendor/github.com/andybalholm/brotli/README.md
Lines changed: 7 additions & 0 deletions b/‎go/ql/test/experimental/CWE-525/vendor/github.com/andybalholm/brotli/README.md
Lines changed: 7 additions & 0 deletions
diff --git a/‎go/ql/test/experimental/CWE-525/vendor/github.com/andybalholm/brotli/backward_references.go
Lines changed: 185 additions & 0 deletions b/‎go/ql/test/experimental/CWE-525/vendor/github.com/andybalholm/brotli/backward_references.go
Lines changed: 185 additions & 0 deletions
@@ -0,0 +1,2 @@
+| WebCacheDeceptionFiber.go:15:10:15:17 | "/api/*" | Wildcard Endpoint used with "/api/*" |
+| WebCacheDeceptionFiber.go:20:11:20:18 | "/api/*" | Wildcard Endpoint used with "/api/*" |
@@ -0,0 +1,38 @@
+package bad
+
+import (
+	"fmt"
+	"log"
+
+	"github.com/gofiber/fiber/v2"
+)
+
+func badRouting() {
+	app := fiber.New()
+	log.Println("We are logging in Golang!")
+
+	// GET /api/register
+	app.Get("/api/*", func(c *fiber.Ctx) error {
+		msg := fmt.Sprintf("✋")
+		return c.SendString(msg) // => ✋ register
+	})
+
+	app.Post("/api/*", func(c *fiber.Ctx) error {
+		msg := fmt.Sprintf("✋")
+		return c.SendString(msg) // => ✋ register
+	})
+
+	// GET /flights/LAX-SFO
+	app.Get("/flights/:from-:to", func(c *fiber.Ctx) error {
+		msg := fmt.Sprintf("💸 From: %s, To: %s", c.Params("from"), c.Params("to"))
+		return c.SendString(msg) // => 💸 From: LAX, To: SFO
+	})
+
+	// GET /dictionary.txt
+	app.Get("/:file.:ext", func(c *fiber.Ctx) error {
+		msg := fmt.Sprintf("📃 %s.%s", c.Params("file"), c.Params("ext"))
+		return c.SendString(msg) // => 📃 dictionary.txt
+	})
+
+	log.Fatal(app.Listen(":3000"))
+}
@@ -0,0 +1 @@
+experimental/CWE-525/WebCacheDeceptionFiber.ql
@@ -0,0 +1,19 @@
+module test
+
+go 1.21.1
+
+require github.com/gofiber/fiber/v2 v2.51.0
+
+require (
+	github.com/andybalholm/brotli v1.0.5 // indirect
+	github.com/google/uuid v1.4.0 // indirect
+	github.com/klauspost/compress v1.16.7 // indirect
+	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/mattn/go-runewidth v0.0.15 // indirect
+	github.com/rivo/uniseg v0.2.0 // indirect
+	github.com/valyala/bytebufferpool v1.0.0 // indirect
+	github.com/valyala/fasthttp v1.50.0 // indirect
+	github.com/valyala/tcplisten v1.0.0 // indirect
+	golang.org/x/sys v0.14.0 // indirect
+)
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+\| WebCacheDeceptionFiber.go:15:10:15:17 \| "/api/" \| Wildcard Endpoint used with "/api/" \|`
	`2`	`+\| WebCacheDeceptionFiber.go:20:11:20:18 \| "/api/" \| Wildcard Endpoint used with "/api/" \|`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+experimental/CWE-525/WebCacheDeceptionFiber.ql`