Skip to content

Commit dbdf9e1

Browse files
author
Yunus AYDIN
committed
remove change-notes and fix build error
1 parent e576650 commit dbdf9e1

File tree

540 files changed

+16922
-22
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

540 files changed

+16922
-22
lines changed

go/ql/src/change-notes/2023-11-14-web-cache-deception.md

Lines changed: 0 additions & 4 deletions
This file was deleted.

go/ql/src/experimental/CWE-525/WebCacheDeception.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
/**
1+
/*
22
* @name Web Cache Deception
33
* @description A caching system has been detected on the application and is vulnerable to web cache deception. By manipulating the URL it is possible to force the application to cache pages that are only accessible by an authenticated user. Once cached, these pages can be accessed by an unauthenticated user.
44
* @kind path-problem

go/ql/src/experimental/CWE-525/WebCacheDeceptionBad.go

Lines changed: 2 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,6 @@
11
package main
22

33
import (
4-
"flag"
54
"fmt"
65
"html/template"
76
"log"
@@ -76,14 +75,12 @@ func ShowAdminPageCache(w http.ResponseWriter, r *http.Request) {
7675
}
7776

7877
func main() {
79-
var portNum = flag.String("p", "80", "Specify application server listening port")
80-
flag.Parse()
81-
fmt.Println("Vulnapp server listening : " + *portNum)
78+
fmt.Println("Vulnapp server listening : 1337")
8279

8380
http.Handle("/assets/", http.StripPrefix("/assets/", http.FileServer(http.Dir("assets/"))))
8481

8582
http.HandleFunc("/adminusers/", ShowAdminPageCache)
86-
err := http.ListenAndServe(":"+*portNum, nil)
83+
err := http.ListenAndServe(":1337", nil)
8784
if err != nil {
8885
log.Fatal("ListenAndServe: ", err)
8986
}

go/ql/src/experimental/CWE-525/WebCacheDeceptionGood.go

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,6 @@
11
package main
22

33
import (
4-
"flag"
54
"fmt"
65
"html/template"
76
"log"
@@ -76,14 +75,13 @@ func ShowAdminPageCache(w http.ResponseWriter, r *http.Request) {
7675
}
7776

7877
func main() {
79-
var portNum = flag.String("p", "80", "Specify application server listening port")
80-
flag.Parse()
81-
fmt.Println("Vulnapp server listening : " + *portNum)
78+
79+
fmt.Println("Vulnapp server listening : 1337")
8280

8381
http.Handle("/assets/", http.StripPrefix("/assets/", http.FileServer(http.Dir("assets/"))))
8482
http.HandleFunc("/adminusers", ShowAdminPageCache)
8583

86-
err := http.ListenAndServe(":"+*portNum, nil)
84+
err := http.ListenAndServe(":1337", nil)
8785
if err != nil {
8886
log.Fatal("ListenAndServe: ", err)
8987
}

go/ql/src/experimental/CWE-525/wcd/baseline-info.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
{"languages":{"go":{"displayName":"Go","files":["WebCacheDeceptionGood.go","WebCacheDeceptionBad.go"],"linesOfCode":132,"name":"go"}}}

go/ql/src/experimental/CWE-525/wcd/codeql-database.yml

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
---
2+
sourceLocationPrefix: /Users/yunus.aydin/Research/codeql-fork/go/ql/src/experimental/CWE-525
3+
baselineLinesOfCode: 132
4+
unicodeNewlines: false
5+
columnKind: utf8
6+
primaryLanguage: go
7+
creationMetadata:
8+
cliVersion: 2.15.2
9+
creationTime: 2023-11-14T16:52:04.849827Z
10+
finalised: true

go/ql/src/experimental/CWE-525/wcd/db-go/default/array_length.rel

2.05 KB
Binary file not shown.

go/ql/src/experimental/CWE-525/wcd/db-go/default/array_length.rel.checksum

12 Bytes
Binary file not shown.

go/ql/src/experimental/CWE-525/wcd/db-go/default/base_type.rel

7.9 KB
Binary file not shown.

go/ql/src/experimental/CWE-525/wcd/db-go/default/base_type.rel.checksum

12 Bytes
Binary file not shown.

0 commit comments

Comments
 (0)