update rule and expected file

krakendio · krakendio · commit 8ff38321a360 · 2023-11-17T00:08:01.000+03:00
diff --git a/go/ql/src/experimental/CWE-525/WebCacheDeception.ql b/go/ql/src/experimental/CWE-525/WebCacheDeception.ql
@@ -12,10 +12,14 @@
 
 import go
 
-from DataFlow::CallNode httpHandleFuncCall, Http::HeaderWrite::Range hw
+from
+  DataFlow::CallNode httpHandleFuncCall, DataFlow::ReadNode rn, Http::HeaderWrite::Range hw,
+  DeclaredFunction f
 where
   httpHandleFuncCall.getTarget().hasQualifiedName("net/http", "HandleFunc") and
   httpHandleFuncCall.getArgument(0).getType().getUnderlyingType() instanceof StringType and
   httpHandleFuncCall.getArgument(0).getStringValue().matches("%/") and
+  rn.reads(f) and
+  f.getParameter(0) = hw.getResponseWriter() and
   hw.getHeaderName() = "cache-control"
-select httpHandleFuncCall.getArgument(0), hw.getHeaderName()
+select httpHandleFuncCall.getArgument(0), hw.getResponseWriter()
diff --git a/go/ql/test/experimental/CWE-525/WebCacheDeception.expected b/go/ql/test/experimental/CWE-525/WebCacheDeception.expected
@@ -1 +1 @@
-| WebCacheDeceptionBad.go:82:18:82:31 | "/adminusers/" | cache-control |
+| WebCacheDeceptionBad.go:82:18:82:31 | "/adminusers/" | WebCacheDeceptionBad.go:45:25:45:25 | w |

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-\| WebCacheDeceptionBad.go:82:18:82:31 \| "/adminusers/" \| cache-control \|`
	`1`	`+\| WebCacheDeceptionBad.go:82:18:82:31 \| "/adminusers/" \| WebCacheDeceptionBad.go:45:25:45:25 \| w \|`