Update go/ql/src/experimental/CWE-525/WebCacheDeception.ql

aydinnyunus · owen-mc · web-flow · commit 96646abab9c2 · 2023-11-17T10:40:32.000+03:00
Co-authored-by: Owen Mansel-Chan &lt;62447351+owen-mc@users.noreply.github.com&gt;
diff --git a/go/ql/src/experimental/CWE-525/WebCacheDeception.ql b/go/ql/src/experimental/CWE-525/WebCacheDeception.ql
@@ -19,6 +19,7 @@ where
   httpHandleFuncCall.getTarget().hasQualifiedName("net/http", "HandleFunc") and
   httpHandleFuncCall.getArgument(0).getType().getUnderlyingType() instanceof StringType and
   httpHandleFuncCall.getArgument(0).getStringValue().matches("%/") and
+  httpHandleFuncCall.getArgument(1) = rn and
   rn.reads(f) and
   f.getParameter(0) = hw.getResponseWriter() and
   hw.getHeaderName() = "cache-control"
