Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 9178cec

Browse files
author
Yunus AYDIN
committed
fix test errors
1 parent ba672e5 commit 9178cec

3 files changed

Lines changed: 3 additions & 73 deletions

File tree

go/ql/test/experimental/CWE-525/WebCacheDeception.expected

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
| WebCacheDeceptionBad.go:14:18:14:31 | "/adminusers/" | WebCacheDeceptionGood.go:68:19:68:33 | "Cache-Control" |

go/ql/test/experimental/CWE-525/WebCacheDeceptionBad.go

Lines changed: 1 addition & 69 deletions
Original file line numberDiff line numberDiff line change
@@ -2,79 +2,11 @@ package main
22

33
import (
44
"fmt"
5-
"html/template"
65
"log"
76
"net/http"
8-
"os/exec"
9-
"strings"
10-
"sync"
117
)
128

13-
var sessionMap = make(map[string]string)
14-
15-
var (
16-
templateCache = make(map[string]*template.Template)
17-
mutex = &sync.Mutex{}
18-
)
19-
20-
type Lists struct {
21-
Uid string
22-
UserName string
23-
UserLists []string
24-
ReadFile func(filename string) string
25-
}
26-
27-
func parseTemplateFile(templateName string, tmplFile string) (*template.Template, error) {
28-
mutex.Lock()
29-
defer mutex.Unlock()
30-
31-
// Check if the template is already cached
32-
if cachedTemplate, ok := templateCache[templateName]; ok {
33-
fmt.Println("cached")
34-
return cachedTemplate, nil
35-
}
36-
37-
// Parse and store the template in the cache
38-
parsedTemplate, _ := template.ParseFiles(tmplFile)
39-
fmt.Println("not cached")
40-
41-
templateCache[templateName] = parsedTemplate
42-
return parsedTemplate, nil
43-
}
44-
45-
func ShowAdminPageCache(w http.ResponseWriter, r *http.Request) {
46-
47-
if r.Method == "GET" {
48-
fmt.Println("cache called")
49-
sessionMap[r.RequestURI] = "admin"
50-
51-
// Check if a session value exists
52-
if _, ok := sessionMap[r.RequestURI]; ok {
53-
cmd := "mysql -h mysql -u root -prootwolf -e 'select id,name,mail,age,created_at,updated_at from vulnapp.user where name not in (\"" + "admin" + "\");'"
54-
55-
// mysql -h mysql -u root -prootwolf -e 'select id,name,mail,age,created_at,updated_at from vulnapp.user where name not in ("test");--';echo");'
56-
fmt.Println(cmd)
57-
58-
res, err := exec.Command("sh", "-c", cmd).Output()
59-
if err != nil {
60-
fmt.Println("err : ", err)
61-
}
62-
63-
splitedRes := strings.Split(string(res), "\n")
64-
65-
p := Lists{Uid: "1", UserName: "admin", UserLists: splitedRes}
66-
67-
parsedTemplate, _ := parseTemplateFile("page", "./views/admin/userlists.gtpl")
68-
w.Header().Set("Cache-Control", "no-store, no-cache")
69-
err = parsedTemplate.Execute(w, p)
70-
}
71-
} else {
72-
http.NotFound(w, nil)
73-
}
74-
75-
}
76-
77-
func main() {
9+
func badExample() {
7810
fmt.Println("Vulnapp server listening : 1337")
7911

8012
http.Handle("/assets/", http.StripPrefix("/assets/", http.FileServer(http.Dir("assets/"))))

go/ql/test/experimental/CWE-525/WebCacheDeceptionGood.go

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,6 @@
11
package main
22

33
import (
4-
"flag"
54
"fmt"
65
"html/template"
76
"log"
@@ -75,9 +74,7 @@ func ShowAdminPageCache(w http.ResponseWriter, r *http.Request) {
7574

7675
}
7776

78-
func main() {
79-
var portNum = flag.String("p", "80", "Specify application server listening port")
80-
flag.Parse()
77+
func good() {
8178
fmt.Println("Vulnapp server listening : 1337")
8279

8380
http.Handle("/assets/", http.StripPrefix("/assets/", http.FileServer(http.Dir("assets/"))))

0 commit comments

Comments
 (0)