Format QL modules

rvermeulen · rvermeulen · commit 9311c3047584 · 2023-10-27T15:25:32.000-07:00
diff --git a/javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/UI5.qll b/javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/UI5.qll
@@ -5,7 +5,6 @@ private import semmle.javascript.security.dataflow.DomBasedXssCustomizations
 private import advanced_security.javascript.frameworks.ui5.UI5View
 
 module UI5 {
-
   bindingset[this]
   private class JsonStringReader extends string {
     bindingset[result]
@@ -64,17 +63,17 @@ module UI5 {
 
     string toString() { result = this.getName() + ": " + this.getRoot() }
 
-    predicate contains(File file) {
-      file.getParentContainer+() = getRoot()
-    }
+    predicate contains(File file) { file.getParentContainer+() = getRoot() }
   }
 
   private string getAResourceRootConfig() {
     result = any(SapUiCoreScript script).getAttributeByName("data-sap-ui-resourceroots").getValue()
   }
 
   class SapUiCoreScript extends HTML::ScriptElement {
-    SapUiCoreScript() { this.getSourcePath().matches(["%/sap-ui-core.js", "%sap-ui-core-nojQuery.js"]) }
+    SapUiCoreScript() {
+      this.getSourcePath().matches(["%/sap-ui-core.js", "%sap-ui-core-nojQuery.js"])
+    }
 
     ResourceRoot getAResourceRoot() {
       result.getSource() = this.getAttributeByName("data-sap-ui-resourceroots").getValue()
@@ -88,8 +87,9 @@ module UI5 {
   /** A UI5 web application manifest associated with a bootstrapped UI5 web application. */
   class WebAppManifest extends File {
     WebApp webapp;
+
     WebAppManifest() {
-      this.getBaseName() = "manifest.json"  and
+      this.getBaseName() = "manifest.json" and
       this.getParentContainer() = webapp.getWebAppFolder()
     }
 
@@ -100,34 +100,34 @@ module UI5 {
   class WebApp extends HTML::HtmlFile {
     SapUiCoreScript coreScript;
 
-    WebApp() {
-      coreScript.getFile() = this
-    }
+    WebApp() { coreScript.getFile() = this }
 
-    File getAResource() {
-      coreScript.getAResolvedResourceRoot().contains(result)
-    }
+    File getAResource() { coreScript.getAResolvedResourceRoot().contains(result) }
 
     File getResource(string path) {
       getWebAppFolder().getAbsolutePath() + "/" + path = result.getAbsolutePath()
     }
 
-    Folder getWebAppFolder() {
-      result = this.getParentContainer()
-    }
+    Folder getWebAppFolder() { result = this.getParentContainer() }
 
-    WebAppManifest getManifest() {
-      result.getWebapp() = this
-    }
+    WebAppManifest getManifest() { result.getWebapp() = this }
 
     File getInitialModule() {
-      exists(string initialModuleResourcePath, string resolvedModulePath, ResolvedResourceRoot resourceRoot |
-        initialModuleResourcePath = coreScript.getAttributeByName("data-sap-ui-onInit").getValue() and coreScript.getAResolvedResourceRoot() = resourceRoot and
-        resolvedModulePath = initialModuleResourcePath.regexpReplaceAll("^module\\s*:\\s*", "").replaceAll(resourceRoot.getName(), resourceRoot.getRoot().getAbsolutePath()) and
+      exists(
+        string initialModuleResourcePath, string resolvedModulePath,
+        ResolvedResourceRoot resourceRoot
+      |
+        initialModuleResourcePath = coreScript.getAttributeByName("data-sap-ui-onInit").getValue() and
+        coreScript.getAResolvedResourceRoot() = resourceRoot and
+        resolvedModulePath =
+          initialModuleResourcePath
+              .regexpReplaceAll("^module\\s*:\\s*", "")
+              .replaceAll(resourceRoot.getName(), resourceRoot.getRoot().getAbsolutePath()) and
         result.getAbsolutePath() = resolvedModulePath + ".js"
       )
     }
   }
+
   /**
    * https://sapui5.hana.ondemand.com/sdk/#/api/sap.ui.loader%23methods/sap.ui.loader.config
    */
@@ -169,9 +169,7 @@ module UI5 {
       )
     }
 
-    WebApp getWebApp() {
-      this.getFile() = result.getAResource()
-    }
+    WebApp getWebApp() { this.getFile() = result.getAResource() }
 
     SapDefineModule getExtendingDefine() {
       exists(Extension baseExtension, Extension subclassExtension, SapDefineModule subclassDefine |
@@ -386,9 +384,7 @@ module UI5 {
    */
   bindingset[path]
   JsonObject resolveDirectPath(string path) {
-    exists(WebApp webApp|
-      result.getJsonFile() = webApp.getResource(path)
-    )
+    exists(WebApp webApp | result.getJsonFile() = webApp.getResource(path))
   }
 
   /**
@@ -593,14 +589,18 @@ module UI5 {
       result.getMethodName() = "setProperty" and
       result.getArgument(0).asExpr().(StringLiteral).getValue() = propName and
       // TODO: in same controller
-      exists(WebApp webApp | webApp.getAResource() = this.getFile() and webApp.getAResource() = result.getFile())
+      exists(WebApp webApp |
+        webApp.getAResource() = this.getFile() and webApp.getAResource() = result.getFile()
+      )
     }
 
     bindingset[propName]
     MethodCallNode getARead(string propName) {
       result.getMethodName() = "get" + capitalize(propName) and
       // TODO: in same controller
-      exists(WebApp webApp | webApp.getAResource() = this.getFile() and webApp.getAResource() = result.getFile())
+      exists(WebApp webApp |
+        webApp.getAResource() = this.getFile() and webApp.getAResource() = result.getFile()
+      )
     }
   }
 }
diff --git a/javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/UI5DataFlow.qll b/javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/UI5DataFlow.qll
@@ -12,7 +12,9 @@ module UI5DataFlow {
   private predicate bidiModelControl(DataFlow::Node start, DataFlow::Node end) {
     exists(DataFlow::SourceNode property, Metadata metadata, UI5BoundNode node |
       // same project
-      exists(WebApp webApp | webApp.getAResource() = metadata.getFile() and webApp.getAResource() = node.getFile()) and
+      exists(WebApp webApp |
+        webApp.getAResource() = metadata.getFile() and webApp.getAResource() = node.getFile()
+      ) and
       (
         // same control
         metadata.getControl().getName() = node.getBindingPath().getControlQualifiedType()
@@ -87,22 +89,25 @@ module UI5DataFlow {
     UI5BindingPath getBindingPath() { result = bindingPath }
 
     UI5BoundNode() {
-      exists(WebApp webApp | webApp.getAResource() = this.getFile() and
-      webApp.getAResource() = bindingPath.getFile() |
-      /* The relevant portion of the content of a JSONModel */
-      exists(Property p, JsonModel model |
-        // The property bound to an UI5View source
-        this.(DataFlow::PropRef).getPropertyNameExpr() = p.getNameExpr() and
-        // The binding path refers to this model
-        bindingPath.getAbsolutePath() = model.getPathString(p)
+      exists(WebApp webApp |
+        webApp.getAResource() = this.getFile() and
+        webApp.getAResource() = bindingPath.getFile()
+      |
+        /* The relevant portion of the content of a JSONModel */
+        exists(Property p, JsonModel model |
+          // The property bound to an UI5View source
+          this.(DataFlow::PropRef).getPropertyNameExpr() = p.getNameExpr() and
+          // The binding path refers to this model
+          bindingPath.getAbsolutePath() = model.getPathString(p)
+        )
+        or
+        /* The URI string to the JSONModel constructor call */
+        exists(JsonModel model |
+          this = model.getArgument(0) and
+          this.asExpr() instanceof StringLiteral and
+          bindingPath.getAbsolutePath() = model.getPathString()
+        )
       )
-      or
-      /* The URI string to the JSONModel constructor call */
-      exists(JsonModel model |
-        this = model.getArgument(0) and
-        this.asExpr() instanceof StringLiteral and
-        bindingPath.getAbsolutePath() = model.getPathString()
-      ))
     }
   }
 
@@ -112,9 +117,7 @@ module UI5DataFlow {
   class UI5ModelSource extends UI5DataFlow::UI5BoundNode, RemoteFlowSource {
     UI5ModelSource() { bindingPath = any(UI5View view).getASource() }
 
-    override string getSourceType() {
-      result = "UI5 model remote flow source"
-    }
+    override string getSourceType() { result = "UI5 model remote flow source" }
   }
 
   /**
diff --git a/javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/UI5View.qll b/javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/UI5View.qll
@@ -99,7 +99,9 @@ abstract class UI5BindingPath extends Locatable {
       result.getPropertyNameExpr() = p.getNameExpr() and
       this.getAbsolutePath() = model.getPathString(p) and
       //restrict search inside the same webapp
-      exists(WebApp webApp | webApp.getAResource() = this.getFile() and webApp.getAResource() = result.getFile())
+      exists(WebApp webApp |
+        webApp.getAResource() = this.getFile() and webApp.getAResource() = result.getFile()
+      )
     )
     // TODO
     /*
@@ -143,7 +145,9 @@ abstract class UI5View extends File {
     // The controller name should match
     result.getName() = this.getControllerName() and
     // The View and the Controller are in a same webapp
-    exists(WebApp webApp | webApp.getAResource() = this and webApp.getAResource() = result.getFile())
+    exists(WebApp webApp |
+      webApp.getAResource() = this and webApp.getAResource() = result.getFile()
+    )
   }
 
   abstract UI5BindingPath getASource();
@@ -493,7 +497,10 @@ class XmlView extends UI5View, XmlFile {
           // or a custom control with implementation code found in the webapp
           exists(CustomControl control |
             control.getName() = element.getNamespace().getUri() + "." + element.getName() and
-            exists(WebApp webApp | webApp.getAResource() = control.getFile() and webApp.getAResource() = element.getFile())
+            exists(WebApp webApp |
+              webApp.getAResource() = control.getFile() and
+              webApp.getAResource() = element.getFile()
+            )
           )
         )
       )
@@ -563,20 +570,26 @@ class XmlControl extends UI5Control instanceof XmlElement  {
 
   override CustomControl getDefinition() {
     result.getName() = this.getQualifiedType() and
-    exists(WebApp webApp | webApp.getAResource() = this.getFile() and webApp.getAResource() = result.getFile())
+    exists(WebApp webApp |
+      webApp.getAResource() = this.getFile() and webApp.getAResource() = result.getFile()
+    )
   }
 
   bindingset[propName]
   override MethodCallNode getARead(string propName) {
     // TODO: in same view
-    exists(WebApp webApp | webApp.getAResource() = this.getFile() and webApp.getAResource() = result.getFile()) and
+    exists(WebApp webApp |
+      webApp.getAResource() = this.getFile() and webApp.getAResource() = result.getFile()
+    ) and
     result.getMethodName() = "get" + capitalize(propName)
   }
 
   bindingset[propName]
   override MethodCallNode getAWrite(string propName) {
     // TODO: in same view
-    exists(WebApp webApp | webApp.getAResource() = this.getFile() and webApp.getAResource() = result.getFile()) and
+    exists(WebApp webApp |
+      webApp.getAResource() = this.getFile() and webApp.getAResource() = result.getFile()
+    ) and
     result.getMethodName() = "set" + capitalize(propName)
   }
 
