Express / Nodejs Cache Deception

cache_deception.js

const express = require('express')
const app = express()
const port = 3000

app.get('/info/nuri.yavuz*', (req, res) => {
  res.send('Company: Trendyol, Birth Date: 1997, Country: Turkey, Phone: 5554443322')
})

app.listen(port, () => {
  console.log(`Example app listening on port ${port}`)
})  

cache_deception_rule.yaml

rules:
  - id: express_route_decorator_detection
    patterns:
      - pattern-either:
          - pattern: $Y.get($X, ...)
          - pattern: $Y.post($X, ...)
          - pattern: $Y.put($X, ...)
          - pattern: $Y.delete($X, ...)
          - pattern: $Y.patch($X, ...)
      - pattern-inside: |
          require('express')
          ...
      - metavariable-pattern:
          metavariable: $X
          patterns:
            - pattern-regex: \/[^'"]*[*]
    message: "Detected express path decorator with * character may lead to web cache deception"
    severity: INFO
    languages: [js, javascript]

PoC Video