Replace model tests with diagnostic queries

rvermeulen · rvermeulen · commit 893fbe78844d · 2023-10-06T16:11:30.000-07:00
diff --git a/javascript/frameworks/ui5/src/Diagnostics/ListRemoteFlowSources.ql b/javascript/frameworks/ui5/src/Diagnostics/ListRemoteFlowSources.ql
@@ -9,6 +9,7 @@
  */
 
 import javascript
+import advanced_security.javascript.frameworks.ui5.UI5DataFlow
 
 from RemoteFlowSource source, string type
 where type = source.getSourceType()
diff --git a/javascript/frameworks/ui5/test/models/sink/logSinkTest.expected b/javascript/frameworks/ui5/test/models/sink/logSinkTest.expected
@@ -1,74 +1,56 @@
-| sink.js:20:38:20:42 | code0 | code0 |
-| sink.js:20:45:20:49 | code1 | code1 |
-| sink.js:20:52:20:56 | code2 | code2 |
-| sink.js:21:38:21:42 | code0 | code0 |
-| sink.js:21:45:21:49 | code1 | code1 |
-| sink.js:21:52:21:56 | code2 | code2 |
-| sink.js:23:40:23:44 | code0 | code0 |
-| sink.js:23:47:23:51 | code1 | code1 |
-| sink.js:23:54:23:58 | code2 | code2 |
-| sink.js:25:37:25:41 | code0 | code0 |
-| sink.js:25:44:25:48 | code1 | code1 |
-| sink.js:25:51:25:55 | code2 | code2 |
-| sink.js:27:38:27:42 | code0 | code0 |
-| sink.js:27:45:27:49 | code1 | code1 |
-| sink.js:27:52:27:56 | code2 | code2 |
-| sink.js:29:38:29:42 | code0 | code0 |
-| sink.js:29:45:29:49 | code1 | code1 |
-| sink.js:29:52:29:56 | code2 | code2 |
-| sink.js:33:27:33:31 | code0 | code0 |
-| sink.js:33:34:33:38 | code1 | code1 |
-| sink.js:33:41:33:45 | code2 | code2 |
-| sink.js:35:27:35:31 | code0 | code0 |
-| sink.js:35:34:35:38 | code1 | code1 |
-| sink.js:35:41:35:45 | code2 | code2 |
-| sink.js:37:29:37:33 | code0 | code0 |
-| sink.js:37:36:37:40 | code1 | code1 |
-| sink.js:37:43:37:47 | code2 | code2 |
-| sink.js:39:26:39:30 | code0 | code0 |
-| sink.js:39:33:39:37 | code1 | code1 |
-| sink.js:39:40:39:44 | code2 | code2 |
-| sink.js:41:27:41:31 | code0 | code0 |
-| sink.js:41:34:41:38 | code1 | code1 |
-| sink.js:41:41:41:45 | code2 | code2 |
-| sink.js:43:27:43:31 | code0 | code0 |
-| sink.js:43:34:43:38 | code1 | code1 |
-| sink.js:43:41:43:45 | code2 | code2 |
-| sink.js:45:42:45:46 | code1 | code1 |
-| sink.js:74:36:74:40 | code0 | code0 |
-| sink.js:74:43:74:47 | code1 | code1 |
-| sink.js:74:50:74:54 | code2 | code2 |
-| sink.js:75:36:75:40 | code0 | code0 |
-| sink.js:75:43:75:47 | code1 | code1 |
-| sink.js:75:50:75:54 | code2 | code2 |
-| sink.js:76:38:76:42 | code0 | code0 |
-| sink.js:76:45:76:49 | code1 | code1 |
-| sink.js:76:52:76:56 | code2 | code2 |
-| sink.js:77:35:77:39 | code0 | code0 |
-| sink.js:77:42:77:46 | code1 | code1 |
-| sink.js:77:49:77:53 | code2 | code2 |
-| sink.js:78:36:78:40 | code0 | code0 |
-| sink.js:78:43:78:47 | code1 | code1 |
-| sink.js:78:50:78:54 | code2 | code2 |
-| sink.js:79:36:79:40 | code0 | code0 |
-| sink.js:79:43:79:47 | code1 | code1 |
-| sink.js:79:50:79:54 | code2 | code2 |
-| sink.js:80:27:80:31 | code0 | code0 |
-| sink.js:80:34:80:38 | code1 | code1 |
-| sink.js:80:41:80:45 | code2 | code2 |
-| sink.js:81:27:81:31 | code0 | code0 |
-| sink.js:81:34:81:38 | code1 | code1 |
-| sink.js:81:41:81:45 | code2 | code2 |
-| sink.js:82:29:82:33 | code0 | code0 |
-| sink.js:82:36:82:40 | code1 | code1 |
-| sink.js:82:43:82:47 | code2 | code2 |
-| sink.js:83:26:83:30 | code0 | code0 |
-| sink.js:83:33:83:37 | code1 | code1 |
-| sink.js:83:40:83:44 | code2 | code2 |
-| sink.js:84:27:84:31 | code0 | code0 |
-| sink.js:84:34:84:38 | code1 | code1 |
-| sink.js:84:41:84:45 | code2 | code2 |
-| sink.js:85:27:85:31 | code0 | code0 |
-| sink.js:85:34:85:38 | code1 | code1 |
-| sink.js:85:41:85:45 | code2 | code2 |
-| sink.js:86:40:86:44 | code1 | code1 |
+| sink.js:20:38:20:42 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:20:45:20:49 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:20:52:20:56 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:21:38:21:42 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:21:45:21:49 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:21:52:21:56 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:23:40:23:44 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:23:47:23:51 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:23:54:23:58 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:25:37:25:41 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:25:44:25:48 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:25:51:25:55 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:27:38:27:42 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:27:45:27:49 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:27:52:27:56 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:29:38:29:42 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:29:45:29:49 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:29:52:29:56 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:33:27:33:31 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:33:34:33:38 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:33:41:33:45 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:35:27:35:31 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:35:34:35:38 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:35:41:35:45 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:37:29:37:33 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:37:36:37:40 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:37:43:37:47 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:39:26:39:30 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:39:33:39:37 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:39:40:39:44 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:41:27:41:31 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:41:34:41:38 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:41:41:41:45 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:43:27:43:31 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:43:34:43:38 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:43:41:43:45 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:45:42:45:46 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:74:36:74:40 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:74:43:74:47 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:74:50:74:54 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:75:36:75:40 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:75:43:75:47 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:75:50:75:54 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:76:38:76:42 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:76:45:76:49 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:76:52:76:56 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:77:35:77:39 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:77:42:77:46 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:77:49:77:53 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:78:36:78:40 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:78:43:78:47 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:78:50:78:54 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:79:36:79:40 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:79:43:79:47 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:79:50:79:54 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:86:40:86:44 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
diff --git a/javascript/frameworks/ui5/test/models/sink/logSinkTest.ql b/javascript/frameworks/ui5/test/models/sink/logSinkTest.ql
diff --git a/javascript/frameworks/ui5/test/models/sink/logSinkTest.qlref b/javascript/frameworks/ui5/test/models/sink/logSinkTest.qlref
@@ -0,0 +1 @@
+Diagnostics/ListLogInjectionSinks.ql
diff --git a/javascript/frameworks/ui5/test/models/source/sourceTest.expected b/javascript/frameworks/ui5/test/models/source/sourceTest.expected
@@ -1,28 +1,28 @@
-| source.js:25:17:25:25 | obj.value | obj.value |
-| source.js:27:17:27:30 | obj.getValue() | obj.getValue() |
-| source.js:29:17:29:25 | obj.value | obj.value |
-| source.js:31:17:31:30 | obj.getValue() | obj.getValue() |
-| source.js:33:17:33:25 | obj.value | obj.value |
-| source.js:35:17:35:30 | obj.getValue() | obj.getValue() |
-| source.js:37:17:37:25 | obj.value | obj.value |
-| source.js:39:17:39:30 | obj.getValue() | obj.getValue() |
-| source.js:41:17:41:25 | obj.value | obj.value |
-| source.js:43:17:43:30 | obj.getValue() | obj.getValue() |
-| source.js:45:17:45:25 | obj.value | obj.value |
-| source.js:47:17:47:30 | obj.getValue() | obj.getValue() |
-| source.js:49:17:49:25 | obj.value | obj.value |
-| source.js:51:17:51:37 | obj.get ... Value() | obj.get ... Value() |
-| source.js:53:17:53:25 | obj.value | obj.value |
-| source.js:55:17:55:30 | obj.getValue() | obj.getValue() |
-| source.js:57:17:57:51 | jQuery. ... ).get() | jQuery. ... ).get() |
-| source.js:59:17:59:37 | jQuery. ... cHead() | jQuery. ... cHead() |
-| source.js:61:17:61:36 | jQuery.sap.syncGet() | jQuery.sap.syncGet() |
-| source.js:63:17:63:40 | jQuery. ... tText() | jQuery. ... tText() |
-| source.js:65:17:65:37 | jQuery. ... cPost() | jQuery. ... cPost() |
-| source.js:67:17:67:41 | jQuery. ... tText() | jQuery. ... tText() |
-| source.js:69:17:69:52 | UriPara ... ).get() | UriPara ... ).get() |
-| source.js:70:17:70:55 | UriPara ... etAll() | UriPara ... etAll() |
-| source.js:73:17:73:25 | obj.get() | obj.get() |
-| source.js:74:17:74:28 | obj.getAll() | obj.getAll() |
-| source.js:76:17:76:28 | obj.getAll() | obj.getAll() |
-| source.js:78:17:78:25 | obj.get() | obj.get() |
+| source.js:25:17:25:25 | obj.value | Remote flow source of type: Remote flow |
+| source.js:27:17:27:30 | obj.getValue() | Remote flow source of type: Remote flow |
+| source.js:29:17:29:25 | obj.value | Remote flow source of type: Remote flow |
+| source.js:31:17:31:30 | obj.getValue() | Remote flow source of type: Remote flow |
+| source.js:33:17:33:25 | obj.value | Remote flow source of type: Remote flow |
+| source.js:35:17:35:30 | obj.getValue() | Remote flow source of type: Remote flow |
+| source.js:37:17:37:25 | obj.value | Remote flow source of type: Remote flow |
+| source.js:39:17:39:30 | obj.getValue() | Remote flow source of type: Remote flow |
+| source.js:41:17:41:25 | obj.value | Remote flow source of type: Remote flow |
+| source.js:43:17:43:30 | obj.getValue() | Remote flow source of type: Remote flow |
+| source.js:45:17:45:25 | obj.value | Remote flow source of type: Remote flow |
+| source.js:47:17:47:30 | obj.getValue() | Remote flow source of type: Remote flow |
+| source.js:49:17:49:25 | obj.value | Remote flow source of type: Remote flow |
+| source.js:51:17:51:37 | obj.get ... Value() | Remote flow source of type: Remote flow |
+| source.js:53:17:53:25 | obj.value | Remote flow source of type: Remote flow |
+| source.js:55:17:55:30 | obj.getValue() | Remote flow source of type: Remote flow |
+| source.js:57:17:57:51 | jQuery. ... ).get() | Remote flow source of type: Remote flow |
+| source.js:59:17:59:37 | jQuery. ... cHead() | Remote flow source of type: Remote flow |
+| source.js:61:17:61:36 | jQuery.sap.syncGet() | Remote flow source of type: Remote flow |
+| source.js:63:17:63:40 | jQuery. ... tText() | Remote flow source of type: Remote flow |
+| source.js:65:17:65:37 | jQuery. ... cPost() | Remote flow source of type: Remote flow |
+| source.js:67:17:67:41 | jQuery. ... tText() | Remote flow source of type: Remote flow |
+| source.js:69:17:69:52 | UriPara ... ).get() | Remote flow source of type: Remote flow |
+| source.js:70:17:70:55 | UriPara ... etAll() | Remote flow source of type: Remote flow |
+| source.js:73:17:73:25 | obj.get() | Remote flow source of type: Remote flow |
+| source.js:74:17:74:28 | obj.getAll() | Remote flow source of type: Remote flow |
+| source.js:76:17:76:28 | obj.getAll() | Remote flow source of type: Remote flow |
+| source.js:78:17:78:25 | obj.get() | Remote flow source of type: Remote flow |
diff --git a/javascript/frameworks/ui5/test/models/source/sourceTest.ql b/javascript/frameworks/ui5/test/models/source/sourceTest.ql
diff --git a/javascript/frameworks/ui5/test/models/source/sourceTest.qlref b/javascript/frameworks/ui5/test/models/source/sourceTest.qlref
@@ -0,0 +1 @@
+Diagnostics/ListRemoteFlowSources.ql
