fix test errors

Yunus AYDIN · Yunus AYDIN · commit 9178cec0e6e0 · 2023-11-15T09:33:52.000+03:00
diff --git a/go/ql/test/experimental/CWE-525/WebCacheDeception.expected b/go/ql/test/experimental/CWE-525/WebCacheDeception.expected
@@ -0,0 +1 @@
+| WebCacheDeceptionBad.go:14:18:14:31 | "/adminusers/" | WebCacheDeceptionGood.go:68:19:68:33 | "Cache-Control" |
diff --git a/go/ql/test/experimental/CWE-525/WebCacheDeceptionBad.go b/go/ql/test/experimental/CWE-525/WebCacheDeceptionBad.go
@@ -2,79 +2,11 @@ package main
 
 import (
 	"fmt"
-	"html/template"
 	"log"
 	"net/http"
-	"os/exec"
-	"strings"
-	"sync"
 )
 
-var sessionMap = make(map[string]string)
-
-var (
-	templateCache = make(map[string]*template.Template)
-	mutex         = &sync.Mutex{}
-)
-
-type Lists struct {
-	Uid       string
-	UserName  string
-	UserLists []string
-	ReadFile  func(filename string) string
-}
-
-func parseTemplateFile(templateName string, tmplFile string) (*template.Template, error) {
-	mutex.Lock()
-	defer mutex.Unlock()
-
-	// Check if the template is already cached
-	if cachedTemplate, ok := templateCache[templateName]; ok {
-		fmt.Println("cached")
-		return cachedTemplate, nil
-	}
-
-	// Parse and store the template in the cache
-	parsedTemplate, _ := template.ParseFiles(tmplFile)
-	fmt.Println("not cached")
-
-	templateCache[templateName] = parsedTemplate
-	return parsedTemplate, nil
-}
-
-func ShowAdminPageCache(w http.ResponseWriter, r *http.Request) {
-
-	if r.Method == "GET" {
-		fmt.Println("cache called")
-		sessionMap[r.RequestURI] = "admin"
-
-		// Check if a session value exists
-		if _, ok := sessionMap[r.RequestURI]; ok {
-			cmd := "mysql -h mysql -u root -prootwolf -e 'select id,name,mail,age,created_at,updated_at from vulnapp.user where name not in (\"" + "admin" + "\");'"
-
-			// mysql -h mysql -u root -prootwolf -e 'select id,name,mail,age,created_at,updated_at from vulnapp.user where name not in ("test");--';echo");'
-			fmt.Println(cmd)
-
-			res, err := exec.Command("sh", "-c", cmd).Output()
-			if err != nil {
-				fmt.Println("err : ", err)
-			}
-
-			splitedRes := strings.Split(string(res), "\n")
-
-			p := Lists{Uid: "1", UserName: "admin", UserLists: splitedRes}
-
-			parsedTemplate, _ := parseTemplateFile("page", "./views/admin/userlists.gtpl")
-			w.Header().Set("Cache-Control", "no-store, no-cache")
-			err = parsedTemplate.Execute(w, p)
-		}
-	} else {
-		http.NotFound(w, nil)
-	}
-
-}
-
-func main() {
+func badExample() {
 	fmt.Println("Vulnapp server listening : 1337")
 
 	http.Handle("/assets/", http.StripPrefix("/assets/", http.FileServer(http.Dir("assets/"))))
diff --git a/go/ql/test/experimental/CWE-525/WebCacheDeceptionGood.go b/go/ql/test/experimental/CWE-525/WebCacheDeceptionGood.go
@@ -1,7 +1,6 @@
 package main
 
 import (
-	"flag"
 	"fmt"
 	"html/template"
 	"log"
@@ -75,9 +74,7 @@ func ShowAdminPageCache(w http.ResponseWriter, r *http.Request) {
 
 }
 
-func main() {
-	var portNum = flag.String("p", "80", "Specify application server listening port")
-	flag.Parse()
+func good() {
 	fmt.Println("Vulnapp server listening : 1337")
 
 	http.Handle("/assets/", http.StripPrefix("/assets/", http.FileServer(http.Dir("assets/"))))

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+\| WebCacheDeceptionBad.go:14:18:14:31 \| "/adminusers/" \| WebCacheDeceptionGood.go:68:19:68:33 \| "Cache-Control" \|`